CSA announces updated Operational Technology Cybersecurity Masterplan 2024

27 September 2024

On 20 August 2024, the Cyber Security Agency of Singapore (“CSA”) announced an updated national Operational Technology Cybersecurity Masterplan (“Masterplan”) which outlines Singapore’s plans to boost the technical cybersecurity capabilities and competencies of Singapore’s operational technology (“OT”) sector. The Masterplan will guide Singapore’s efforts to foster a resilient and secure cyber environment for organisations in the critical information infrastructure (“CII”) and non-CII sectors, using OT systems to support business operations.

Key initiatives under the Masterplan as highlighted in CSA’s press release include the following:

• Enhancing the OT cybersecurity talent pipeline: OT cybersecurity will be included in the professionalisation framework that CSA is developing for Singapore’s cybersecurity workforce. There will be collaborations with Institutes of Higher Learning to incorporate relevant OT cybersecurity syllabus into computer science and engineering degree courses, and OT cybersecurity will be profiled in CSA’s Cybersecurity Education & Learning Guide to aid assessment and planning for a cybersecurity career.
• Enhancing information sharing and reporting: To strengthen the situational awareness of Singapore’s cyberspace to better safeguard Singapore’s CII and other important OT infrastructure, CSA will accelerate information sharing by streamlining the information sharing process and enhancing collaboration with OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) and the sector regulators to create a comprehensive and effective threat intelligence ecosystem for Singapore. CSA will also look into mechanisms to facilitate cybersecurity incident reporting.
• Uplifting OT cybersecurity resilience beyond CII: CSA is developing a data-driven model to increase visibility into the cyber supply chain ecosystem that is applicable to both CII and non-CII sectors with accurate and up-to-date analysis of vendor risk data as part of the CII Supply Chain Programme launched in 2022 to protect CII and related systems managed by vendors. Further, existing guidelines such as the “Guide to Conducting Cybersecurity Risk Assessment” will be updated to emphasise consequence-based scenarios to help organisations handle adverse events more resiliently by ensuring that system failures do not result in disruption or complete shutdown of systems.

CSA will also promote relevant technical references to secure cyber-physical systems for buildings infrastructure so that operations of a building are not threatened by either a cyber and/or physical attack.

• Promoting secure-by-development principles: Cybersecurity features for systems should not be an afterthought and the adoption of the secure-by-deployment principles is crucial in safeguarding the entire lifecycle management of OT systems. CSA will also collaborate with the OT ecosystem to establish an OT Cybersecurity Centre of Excellence to support research into emerging OT cybersecurity technologies in a realistic environment and develop solutions to alleviate industry players’ concerns about the impact on business operations.

The updated Masterplan will serve as a strategic blueprint to guide Singapore’s efforts to foster a resilient and secure cyber environment for organisations in the CII and non-CII sectors, using OT systems to support business operations.

Reference materials

The following materials are available on the CSA website www.csa.gov.sg:

• Press release: Singapore updates Operational Technology Cybersecurity Masterplan
• Operational Technology Masterplan 2024