The global move toward digitalization, while promising efficiencies and advanced operational capabilities, is also unveiling a stark reality: the increased vulnerabilities of national infrastructures. The growing homogeneity in software is sounding alarms worldwide, as it inadvertently offers hackers more straightforward paths to scale their malicious endeavours.
As Robert M. Lee, CEO of Dragos, aptly noted, "Standardisation, while streamlining operations, inadvertently opens the door wider to cyber adversaries. This isn't merely an efficiency problem but a national security concern." This sentiment echoes across international borders, with experts globally emphasising the urgency of the matter.
Recent studies, including Dragos' "2022 ICS/OT Cybersecurity Year in Review," reveal a concerning trajectory. The 27% spike in vulnerabilities is, as a spokesperson from TSA commented, "an unmistakable sign of the escalating risks in our connected world."
Interestingly, it's not just the increased number of vulnerabilities that are causing alarm. State-sponsored groups have zeroed in on the strategic benefits of targeting OT sectors. A representative from the USA's CISA warned, "State actors, with advanced capabilities and intent, are the new frontiers in cyber warfare. The number of these groups, their sophistication, and their focus on OT sectors has risen exponentially."
Singapore's proactive steps toward this global challenge, as seen with its partnership with Dragos and the joint Singapore-US training initiative, are commendable. The efforts signify an understanding of the imminent threats. But, as David Koh from Singapore's CSA highlights,
"The need for innovation is paramount. Traditional solutions won't address the modern, sophisticated threats we face."
The differences between IT and OT systems cannot be understated. Lee from Dragos warns of the pitfalls of generic solutions: "Transplanting IT solutions into OT environments without careful consideration can be a recipe for disaster. It's essential to tailor responses to the specific challenges of each domain."
The feelings are shared globally. The Australian government has responded by the recent creation of the Cyber and Infrastructure Security (CICS), division of the Department of Home Affairs. CICS , announced in July that the Trusted Information Sharing Network (TISN) is expanding to include the Land Transport, Government, and Mining Sector Groups. These new additions will join the existing 13 TISN groups, taking the total number to 16. This expansion is the first activity in the Critical Infrastructure Resilience Plan, which was introduced by the Minister for Home Affairs in February 2023.
Similarly, from the UK Cyber Command, the emphasis is on a united front. CSA’s Chief Executive David Koh, reaffirmed:
“We reaffirmed the importance of recognised international standards and norms for IoT and agreed to continue work on mutual recognition of our schemes for IoT and to explore the potential to work more closely together on other areas of IoT. We also agreed to work together on mapping the skills and competencies of cybersecurity professionals in Singapore and the UK”.
To end on a note by Singapore's Minister for Communications and Information, Josephine Teo, cybersecurity is truly a global effort. In her opening speech at the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum 2023 said:
“We live in uncertain times. The geopolitical situation remains highly charged with an ongoing war in Europe. Inevitably, tensions in the physical world spill over into the cyber arena."
In the conference she maintained that collaboration, combined with a commitment to ongoing learning and adaptation, is the Singaporean government's best shot at safeguarding our national infrastructures.
"With this consideration in mind, Singapore launched the OT Cybersecurity Competency Framework two years ago. It provides guidance on the competencies that OT cybersecurity professionals need, and supports OT cyber talent attraction and development in Singapore." Stated Minister Teo
