The Singapore OT Cybersecurity Masterplan
A Positive Step in Strengthening OT Cyber Resilience Principles. Singapore has set in motion its vision for protecting critical national infrastructure and OT networks with its newly released 2024 OT Cybersecurity Masterplan. The new and updated Masterplan 2024 areas of focus consist of a professional development pipeline, enhanced information sharing, expanding OT cybersecurity beyond traditional CII sectors, and promoting Secure-By-Deployment, and secure-by-design principles throughout the lifecycle of OT systems.
Courtney Schneider
Recognition is in store for the Cyber Security Agency of Singapore for setting a global example of Operational Technology (OT) cybersecurity guidance for Critical Information Infrastructure (CII). This month, the CSA released the Operational Technology Cybersecurity Masterplan 2024 updating key initiatives and areas of focus to tackle the evolving cyber threat landscape and the need to enhance the resilience of CII and OT networks, networks that if breached, could result in unacceptable consequences for public health, public safety and national security.
This Masterplan effort was first launched in 2019 to span a 5-year period to fast-track progress in the areas of OT cybersecurity training, OT cybersecurity information sharing, policies, and OT technologies for cyber threat resilience. Supporting this plan, the CSA organized an international OT Cybersecurity expert panel (OTCEP) to enable milestone development. This proved fruitful, as targets were reached and the agency’s goals have since been recalibrated to reach an even higher standard of OT cyber resilience for the country’s CII. Not only have threats evolved in terms of sophistication and impact, but the scope of industries targeted has expanded, which requires an even bigger push to promote professional development, training and incident reporting in the island nation.
The new and updated Masterplan 2024 areas of focus consist of a professional development pipeline, enhanced information sharing, expanding OT cybersecurity beyond traditional CII sectors, and promoting Secure-By-Deployment throughout the lifecycle of OT systems.
If you’d like to learn more about how Waterfall can help you with your OT cybersecurity posture, schedule a call with a Waterfall security expert.
“…the secure-by-design concept reflects a commitment to cybersecurity in every aspect of product design.”
In this article we focus on this fourth area of focus, Secure-by-Deployment, which is integral to materially strengthening OT cybersecurity standards. What does Secure-by-Deployment look like in a practice? According to the Masterplan, it involves:
- Secure-by-Design,
- Secured default configurations,
- Deployment by qualified personnel, and
- Monitor deployment for security assurance.
As a technology vendor and partner with the Singaporean government, Waterfall Security has committed to support the first two pillars of OT cyber resilience – the ones most relevant to us. The first two pillars are product-focused, the last two are personnel-focused. Secure-by-design and secured default configurations are a set of principles that ensure products are designed and developed to withstand malicious cyber attacks, manage cyber risk, and remain resilient throughout the product lifecycle. These principles are core to Waterfall’s technology and solutions.
More specifically, the secure-by-design concept reflects a commitment to cybersecurity in every aspect of product design. This is a very natural fit with how Waterfall has operated throughout the life of the company – we produce security products and so of course we are thinking about security, pretty much constantly, in every aspect of our design and development processes.
The second core concept of the Secure-by-Deployment standards is secured by default configurations. This is a newer and more cutting-edge security practice that reduces human error in product deployment and normal use. The principle is simple: secure by deployment says “make the most secure configuration of the product the default configuration.”
For example, consider encryption of everyday email. You may not be aware, but you can encrypt your outgoing emails in MS Outlook so that only the recipient of the email can read them. To do this however, you must know which extra configuration steps you must take to load the encryption keys into your application and enable the function. If you do not perform these steps, the email you send can be read by systems administrators or others at many points in the communication path from sender to receiver. Furthermore, the recipient of your encrypted email must also have taken configuration to be able to decode and read your messages. The Secure by default principal stipulates that when you install an email client for the first time, the program automatically guides you through the configuration steps needed to enable message encryption, and every email you send thereafter is encrypted. Said another way, you and other end users must have special knowledge and take special steps to disable the most secure settings, such as if you don’t want your emails sent encrypted.
The secure by default configuration principle applies to Waterfall products and to other industrial automation products as well. For instance, DNP3 standards support several kinds of encryption, even though most deployments are not encrypted. In a secure-by-default product, when you enable a new DNP3 connection, the product would turn on encryption by default, and you have to go through additional effort to disable encryption in the deployment. Instead of taking additional steps to make sure industrial product are deployed in as secure a state as possible, with secured by default products, additional steps must be taken to change the configuration of the product to a less secure state, leading more often to more secure deployments.
The updated Singaporean Masterplan demonstrates the Singapore CSA’s commitment to lead the world in defending against evolving cyber threats to OT networks and infrastructures. Safe, reliable and efficient industrial operations require an approach that extends beyond traditional practices, one that involves secure design and deployment principles to meaningfully address the risks of compromise to OT networks. Waterfall Security is happy to be a major contributor to helping Singaporean companies effectively align with the Masterplan and reach their goals of OT cyber resilience. To explore how Waterfall products can contribute to material improvements in your own OT security posture, please reach out to us for a free consultation.
About the author
Courtney Schneider
Share
Trending posts
Insights into Nation State Threats – Podcast Episode 134
Infographic: Top 10 OT Cyberattacks of 2024
Andrew Ginter’s Top 3 Webinars of 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox