Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Singapore Lays Out Plans for Operational Technology Cybersecurity

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

The Masterplan focuses on industrial control systems (ICS), which account for a majority of OT systems. While it’s mainly addressed to critical information infrastructure owners, it also applies to other types of enterprises that rely on OT systems, such as pharmaceutical firms, oil and gas companies, and semiconductor manufacturers.

The plan revolves around three factors — people, technology and processes — and it has four main objectives.

One of them is to enhance OT cybersecurity training to help organizations be better prepared to defend themselves against cyberattacks. Training courses are being offered by the CSA and its partners, including NSHC Singapore and the Singapore University of Technology and Design’s iTrust center.

Another objective is to set up a dedicated information sharing and analysis center whose role is to facilitate the sharing of threat data between public and private stakeholders.

Singapore also plans on strengthening policies and processes. This includes expanding the recently introduced Cybersecurity Code of Practice (CCoP) to cover OT systems as well — the CCoP currently focuses on IT systems.

The final goal of the Operational Technology Cybersecurity Masterplan is to promote the development of innovative solutions for defending OT systems.

In addition, manufacturers of OT equipment and service providers will be encouraged to implement cybersecurity mechanisms into their products and services from the development phase.

Advertisement. Scroll to continue reading.

“The OT Cybersecurity Masterplan will serve as a strategic blueprint to guide Singapore’s efforts to foster a resilient and secure cyber environment for our OT CII, while taking a balanced approach between security requirements, rapid digitalisation and ease of conducting business-as-usual activities,” the CSA said.

Singapore also announced on Tuesday the launch of a Vulnerability Disclosure Programme (VDP) via the HackerOne platform. Singapore’s government has organized several bug bounty programs over the past two years, but it also wants to make it easier for white hat hackers to report vulnerabilities found in government systems outside of these projects.

The latest bug bounty program was announced recently by Singapore’s Ministry of Defence. The program will run until October 21 and 400 hackers have been invited to find vulnerabilities across 11 defense-related websites and online services.

The previous bug bounty program, for which results were announced this week, resulted in nearly $26,000 being paid out to participants for 31 vulnerabilities.

Singapore is host to the APAC edition of SecurityWeek’s ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial Internet stakeholders in the APAC region.

RelatedSingapore Signs Cybersecurity Agreements With US, Canada

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...