Singapore’s Unity Budget announced in February allocated S$1 billion over the next three years to protect the nation’s critical information infrastructure systems, and strengthen its cyber and data security capabilities. Additionally, measures were also introduced to propel the growth of enterprises amidst a digital landscape fraught with increasingly sophisticated cyberthreats.
By March, the Covid-19 pandemic had bloomed into a full-fledged global recession, impacting livelihoods and businesses at every level. In order to help citizens and businesses tide over the crisis, the government followed up with the Resilience and Solidarity Budgets, to strengthen economic and social resilience.
Offering a supplementary package amounting to S$53.1 billion, businesses are encouraged to “digitalise, restructure, and transform” by drawing on the support provided by the SMEs Go Digital Programme, the Productivity Solutions Grant, and the Enterprise Development Grant.
Covid-19 and recession are not the only rising threats
While these measures are laudable, it is essential to not overlook the need for cyber resilience during this time. According to the Singapore Computer Emergency Response Team, Singapore is seeing a rise in cyberattacks owing to more individuals working from home. Moreover, cyber actors are capitalising on the ongoing crisis by posing as representatives from credible bodies, such as the World Health Organisation, to obtain personal information and data.
However, it is also important to draw attention to the digital risks posed by the increasing convergence of Information Technology (IT) and Operational Technology (OT) today.
Specifically, our key infrastructure services, such as power grids and water supply, that rely on OT systems are particularly vulnerable to threats. As these OT systems age and newer technologies such as 5G proliferate, we can expect to see more critical infrastructure services becoming a target of cyberattacks.
With Singapore paving the way towards a safer cyber environment, it is imperative for businesses to understand the rationale behind the nation’s approach and reflect on their own cyber resilience.
Understanding the risks of IT and OT convergence
Critical infrastructure services form the backbone of our daily lives. Our electricity supply, transport networks, and more are all managed by OT systems that have been in operation for decades. Today, the legacy technologies of these OT systems are lagging behind increasingly sophisticated cyberattacks.
Take the example of the attack on Ukraine power grids in 2015. By simply seizing one OT component through malware, hackers were able to switch off power substations, resulting in loss of electricity supply during winter.
Traditionally, as OT and IT worked in siloes, the ageing nature of OT was no cause for concern. However, as the two converge, cyber actors can navigate into OT systems by compromising IT systems connected to the Internet. With more than 41.6 billion “things” to be connected by 2025, we can expect more attack surfaces to open, and networks becoming increasingly complex and difficult to monitor.
For this reason, Singapore’s Operational Technology Cybersecurity Masterplan has been in the works since 2019, to prevent potential attacks from occurring.
Unpacking Singapore’s OT Masterplan in today’s Covid-19 world
Recognising the severity of these risks, Singapore’s OT Masterplan has outlined three key pillars to focus their cybersecurity efforts on – people, process, and technology. As the nation becomes smarter, it is indispensable to look at these three pillars holistically, as potential gaps can compromise the overall security of the nation.
Firstly, the government plans with the mindset that cyber incidents are imminent. Cyber threats, as Defence Minister Ng Eng Hen said, can be equally if not more devastating as physical threats. This thinking is particularly crucial today—a potential cyber attack on our power grids, for instance, can bring the country into total chaos amidst a call for physical distancing.
In line with this perspective, businesses can learn from Singapore’s cohesive approach. Under the digital defence pillar of Singapore’s Total Defence framework, government agencies and citizens are empowered to participate in building resilience. Doing so ensures that neither people, nor processes or technology, become the weakest links in a security framework. Similarly, businesses must empower every level of the organisation to build resilience.
Secondly, it ensures integrated visibility when assessing digital risks across networks and systems. As remote working becomes the new norm, the rise in digital risks can become an insurmountable problem. Singapore’s approach in building a holistic defence strategy, by identifying all assets connected to the Internet and profiling their risks, is noteworthy. By understanding what is in the network, points of vulnerabilities can be identified, with potential outcomes of the attacks anticipated.
Finally, the OT Masterplan invests in nurturing the cybersecurity community and sharing of intelligence, by bringing leaders from critical information infrastructure sectors together to test and validate responses to complex cyberattack scenarios. By involving businesses as well, such exercises can further improve crisis response capabilities through a mutual exchange of knowledge and best practices.
Thriving in an increasingly digitalized and interconnected world warrants a solid cybersecurity foundation to fully reap the benefits of being “smart”. As OT and IT converge, enhanced visibility and intelligence will become pivotal to the survival of the business.
Hence, with Singapore paving the way to securing the nation, all businesses and individuals must work together towards elevating their cyber readiness to ensure a strong, total defense, especially in these worrying times.
