Security Experts:

Connect with us

Hi, what are you looking for?



Singapore Lays Out Plans for Operational Technology Cybersecurity

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.

The Masterplan focuses on industrial control systems (ICS), which account for a majority of OT systems. While it’s mainly addressed to critical information infrastructure owners, it also applies to other types of enterprises that rely on OT systems, such as pharmaceutical firms, oil and gas companies, and semiconductor manufacturers.

The plan revolves around three factors — people, technology and processes — and it has four main objectives.

One of them is to enhance OT cybersecurity training to help organizations be better prepared to defend themselves against cyberattacks. Training courses are being offered by the CSA and its partners, including NSHC Singapore and the Singapore University of Technology and Design’s iTrust center.

Another objective is to set up a dedicated information sharing and analysis center whose role is to facilitate the sharing of threat data between public and private stakeholders.

Singapore also plans on strengthening policies and processes. This includes expanding the recently introduced Cybersecurity Code of Practice (CCoP) to cover OT systems as well — the CCoP currently focuses on IT systems.

The final goal of the Operational Technology Cybersecurity Masterplan is to promote the development of innovative solutions for defending OT systems.

In addition, manufacturers of OT equipment and service providers will be encouraged to implement cybersecurity mechanisms into their products and services from the development phase.

“The OT Cybersecurity Masterplan will serve as a strategic blueprint to guide Singapore’s efforts to foster a resilient and secure cyber environment for our OT CII, while taking a balanced approach between security requirements, rapid digitalisation and ease of conducting business-as-usual activities,” the CSA said.

Singapore also announced on Tuesday the launch of a Vulnerability Disclosure Programme (VDP) via the HackerOne platform. Singapore’s government has organized several bug bounty programs over the past two years, but it also wants to make it easier for white hat hackers to report vulnerabilities found in government systems outside of these projects.

The latest bug bounty program was announced recently by Singapore’s Ministry of Defence. The program will run until October 21 and 400 hackers have been invited to find vulnerabilities across 11 defense-related websites and online services.

The previous bug bounty program, for which results were announced this week, resulted in nearly $26,000 being paid out to participants for 31 vulnerabilities.

Singapore is host to the APAC edition of SecurityWeek’s ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial Internet stakeholders in the APAC region.

RelatedSingapore Signs Cybersecurity Agreements With US, Canada

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.