Singapore spotlights OT security, unveils security roadmap focusing on infrastructure
Singapore is setting up a panel comprising global experts to offer advice on safeguarding its operational technology (OT) systems and has unveiled the country’s latest cybersecurity blueprint, focusing on digital infrastructures and cyber activities. It also is hoping to rope in other Asean nations to recognise a Cybersecurity Labelling Scheme (CLS) that rates the level of security for smart devices, such as home routers and smart home hubs.
Singapore’s latest cybersecurity masterplan builds on its 2016 cybersecurity strategy and looks to boost the “general level of cybersecurity” for its population and businesses. It focuses on the need to secure the country’s core digital infrastructure and cyberspace activities, as well as drive the adoption of cyber hygiene practices amongst its connected citizens.
Launched by Deputy Prime Minister Heng Swee Keat at this year’s Singapore International Cyber Week, held online, the new blueprint was essential in combating the high volume of day-to-day cyber threats faced by people and businesses.
“As a relatively nascent frontier, we will need to address issues like the ethical use of technology, user privacy, and a growing digital divide,” he said. “As more people go online, crime and threats have also gone virtual. Cybersecurity will be critical as we become more digital. With the global order coming under pressure, we must avoid a ‘zero sum’ approach to technology.”
With cybercrime in Singapore climbing by more than 50% last year, and cybercrime accounting for more than a quarter of all crimes here, he underscored the need to sharpen the country’s cybersecurity capabilities.
Part of its latest efforts to combat cyber risks focused on OT and Internet of Things (IoT), which it described as fast-evolving landscapes and could pose distinctive threats and risks. To address these, a new OT Cybersecurity Expert Panel comprising global experts was being set up to advise government agencies and other stakeholders on strategies the country needed to improve the resilience of its OT systems.
Minister for Communications and Information and Minister-in-charge of Cybersecurity S. Iswaran explained that a successful cyber attack on an OT system could manifest as a severe disruption in the physical world. Such systems, including those in the energy, water, and transport sectors, were critical to deliver essential services and support the economy, he said.
Pointing to issues raised last year, Iswaran added that cybersecurity efforts often were focused on the ICT aspect, though, OT systems were equally important and deserved the attention Singapore now was placing on a national and regional level.
The minister further noted that IoT devices also posed a challenge to defend at scale as the proliferation of smart devices, as well as the emergence of 5G, would create a huge attack surface.
Here, the government hopes to help consumers make more informed purchases with the CLS, which was first announced in March. The scheme assesses and rates registered smart devices according to their level of cybersecurity provisions.
Launched by the Cyber Security Agency (CSA), the initiative aimed to motivate manufacturers to develop more secure products, moving beyond designing such devices to optimise functionality and cost.
The CLS initially would be used to assess Wi-Fi routers and smart home hubs, which CSA had prioritised due to the wide adoption of these devices and the impact a security compromise would have on users.
The scheme is voluntary and comprises four levels of rating based on the number of asterisks, each indicating an additional tier of testing and assessment the product has gone through.
Level 1, for instance, meant the product had met basic security requirements such as ensuring unique default passwords and providing software updates, while a Level 4 product had undergone structured penetration tests by approved third-party test labs and fulfilled Level 3 requirements.
According to Iswaran, CSA would work with Asean member states and other international partners to establish mutual recognition agreements.
Deeper cooperation in this region was especially vital as countries moved to capitalise on the digital trajectory fuelled by the global pandemic, he said.
Stressing the need for “strong” international cooperation, Heng noted that cyberthreats transcended national boundaries and would need global collaboration to mitigate these risks.
Need for rules-based international order
Singapore’s deputy prime minister said the world would be a poorer without multilateralism and globalisation, and this was why the country — alongside many other nations — were “redoubling our commitment” to a rules-based multilateral order.
Acknowledging the growing tension between China and the US, he expressed hope that both countries eventually would reach a new model of constructive cooperation, as few countries would want to choose sides.
He pointed to the digital economy as one area of collaboration as it remained one of the few growing sectors during the pandemic, and urged countries to better harness this potential by strengthening digital connectivity to enhance cross-border digital trade.
In this aspect, Heng noted that Singapore strongly supported an open digital trade architecture and had been actively growing its network of digital economy agreements with like-minded countries. These had included nations such as New Zealand, Chile, and Australia.
And as digital economies grew, so too would the cyber threat attack surface, Iswaran said, during his speech at the 5th Asean Ministerial Conference on Cybersecurity, held Wednesday at the Singapore International Cyber Week.
“Today, we face an unprecedented level of exposure to cyber threats,” he said. “A safe and secure digital infrastructure must undergird our digital economy ambitions for the region. It is more important than ever for Asean to tackle the challenge of cybersecurity together, in a sustained, holistic, and coordinated manner.”
This should encompass a rules-based international order to ensure a safe and accessible cyberspace, he noted, adding that regional resilience of critical infocomm infrastructures must be strengthened.
Iswaran said: “[Maintaining a rules-based international order] will be increasingly challenging against the backdrop of a volatile and fractious global landscape, caused by growing geopolitical tensions as well as rising protectionism. Therefore, we have to double down on efforts to create robust rules and engender international collaboration for greater cyber resilience and stability.”
In particular, he noted, critical information infrastructures (CIIs) must be protected as they formed the backbone of each society’s vital services and activities. He added that many cities in Asean served as hubs for services that spanned banking and finance, telecommunications, maritime, and aviation.
“Thus, the impact of a cyberattack on a national CII may not be confined to that country alone, but also felt in other parts of the region and even the world,” he said. “Beyond protecting national CIIs, Asean can do more to strengthen regional cyber resilience by safeguarding CIIs with cross-border impact, such as common cloud and banking systems. In fact, the significance of the cloud has been heightened because of the pandemic and the response from industry.”
“The need to secure these CIIs cannot be overstated. A cyberattack on any of these might cause wide-ranging disruptions to multiple states in essential services, including those related to international trade, transport, and communications,” the Singapore minister said.
Asean Secretary-General Lim Jock Hoi concurred, noting that the COVID-19 pandemic had changed the way people lived and worked, with conversations and social interactions moved to the digital space.
As the region’s reliance on digital technology grew, so too must efforts to ensure security measures were in place and infrastructures were protected, Lim said.
Resiliency was increasingly important and fostering regional cooperation would be integral to ensure the development of Asean infrastructures that were inclusive and resilient.
Noting that “we’re only as strong as the weakest link”, he stressed the need for all Asean member states to safeguard their cyberspace.