Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Singapore Lays Out Plans for Operational Technology Cybersecurity

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

The Masterplan focuses on industrial control systems (ICS), which account for a majority of OT systems. While it’s mainly addressed to critical information infrastructure owners, it also applies to other types of enterprises that rely on OT systems, such as pharmaceutical firms, oil and gas companies, and semiconductor manufacturers.

The plan revolves around three factors — people, technology and processes — and it has four main objectives.

One of them is to enhance OT cybersecurity training to help organizations be better prepared to defend themselves against cyberattacks. Training courses are being offered by the CSA and its partners, including NSHC Singapore and the Singapore University of Technology and Design’s iTrust center.

Another objective is to set up a dedicated information sharing and analysis center whose role is to facilitate the sharing of threat data between public and private stakeholders.

Singapore also plans on strengthening policies and processes. This includes expanding the recently introduced Cybersecurity Code of Practice (CCoP) to cover OT systems as well — the CCoP currently focuses on IT systems.

Advertisement. Scroll to continue reading.

The final goal of the Operational Technology Cybersecurity Masterplan is to promote the development of innovative solutions for defending OT systems.

In addition, manufacturers of OT equipment and service providers will be encouraged to implement cybersecurity mechanisms into their products and services from the development phase.

“The OT Cybersecurity Masterplan will serve as a strategic blueprint to guide Singapore’s efforts to foster a resilient and secure cyber environment for our OT CII, while taking a balanced approach between security requirements, rapid digitalisation and ease of conducting business-as-usual activities,” the CSA said.

Singapore also announced on Tuesday the launch of a Vulnerability Disclosure Programme (VDP) via the HackerOne platform. Singapore’s government has organized several bug bounty programs over the past two years, but it also wants to make it easier for white hat hackers to report vulnerabilities found in government systems outside of these projects.

The latest bug bounty program was announced recently by Singapore’s Ministry of Defence. The program will run until October 21 and 400 hackers have been invited to find vulnerabilities across 11 defense-related websites and online services.

The previous bug bounty program, for which results were announced this week, resulted in nearly $26,000 being paid out to participants for 31 vulnerabilities.

Singapore is host to the APAC edition of SecurityWeek’s ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial Internet stakeholders in the APAC region.

RelatedSingapore Signs Cybersecurity Agreements With US, Canada

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.