Defending Singapore's critical infrastructure

by Teck Wee Lim, Regional Director, ASEAN at CyberArk

Tips on defending CII
Source: CyberArk. Lim.
Following several cyberattacks on critical infrastructure in the last few years that went undetected for months, Singapore has made stringent efforts to reinforce its national cybersecurity plan. It initiated a new CII Supply Chain Programme that aims to protect the supply chain of critical information infrastructure (CII) and its operators from any cybersecurity risks through partnerships with a range of relevant stakeholders.

Singapore also rolled out the Operational Technology (OT) Cybersecurity Masterplan in 2019 as part of its continuous efforts to enhance the security and resilience of its CII sectors in delivering essential services. The country recognises nine critical sectors, namely, energy, water, Banking and Finance, Healthcare, Transport , infocomm, Media, security and Emergency services, and Government.

All these critical sectors heavily rely on computerised OT to function.

OT systems were designed to have a long lifespan, with a focus on reliability and safety rather than security. These systems run on proprietary control protocols using specialised hardware and software and are often isolated from business networks and the Internet. Therefore, OT systems were traditionally “secure through obscurity” as they were typically air-gapped from other systems. 

Today, however, the extensive links among enterprise IT and OT networks, businesses, operators, vendors, and other third-party systems have greatly increased the operational footprint of networks, putting them on the map as attractive targets for cybercriminals. As such, we need to ensure that cybersecurity measures safeguard our OT systems as they become exposed to evolving cyberthreats.

The convergence of technologies increases surface attack areas

As OT is fast converging with IT, critical industrial control system (ICS) endpoints and other assets are becoming exposed to aggressive cyberthreats, making CIIs vulnerable to attacks.

With the addition of remote access, the Internet of Things (IoT) and the cloud, the attack surface increases significantly, allowing more opportunities for attackers to get into IT and OT systems. A successful attack on critical infrastructure could disable or destroy production lines and industrial processes, leave cities in the dark or shut off critical life-saving technologies. The repercussions are grave and difficult to bounce back from.

Corporate IT executives are aware of the hazards. In 2020, the Ponemon Institute conducted an Industrial Security Survey and worked with more than 2,500 cybersecurity experts on OT systems worldwide. It found that 57% of the respondents believed that they will face one or more attacks, and almost half (48%) think that the risks are higher for OT systems than IT systems. 

Nearly half also said that the threat to OT systems is increasing. One-third even admitted that their companies suffered the loss of OT-related intellectual property as a result of previous attacks. On the whole, the cybersecurity practitioners identified the three biggest threats as phishing, ransomware and denial-of-service (DoS) attacks.

In addition, most critical infrastructure companies operating with legacy security measures are in a position of relative blindness. As it is near impossible to defend against threats they cannot see, these companies only know if they have been attacked after the damage is done. It could take weeks, months or even years of suffering an initial intrusion before an attack gets detected.

One of the most significant concerns right now is the sharp rise of ransomware attacks targeting the critical infrastructure space. According to a report from The Institute for Critical Infrastructure Technology (ICIT), “if a Supervisory Control and Data Acquisition (SCADA) or ICS system in an energy, utilities or manufacturing organisation becomes infected with ransomware, then lives could be jeopardised in the time it takes to investigate the incident and return the systems to operation.”

A Zero Trust playbook for Ransomware protection

Just recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued guidance on protecting critical infrastructure from ransomware. Attacks on ICS often begin with identity compromise at the endpoint and subsequent abuse of privileged credentials. As such, the two organisations recommend CII owners to take the necessary precautions to mitigate or prevent risks should they ever be targeted by ransomware attackers. 

The CISA and the FBI recommend that user and process accounts be limited through account use policies, user account control and privileged account management. Further, they advise organising access rights based on the principles of least privilege and separation of duties. Local businesses can also follow the guidance for defence-in-depth ransomware protection.

Moreover, unusual user activity or unauthorised credentials used to access an ICS asset could also indicate signs of an attack. Understanding the context of a user’s actions helps add another layer of security. Users will typically interact with the company system at the usual time, accessing the usual files. Anything that breaks the pattern can be flagged, logged and blocked. 

It’s one thing to be logging on from Singapore at 12 noon on your usual laptop to begin work. It’s another to be logging on at midnight from a foreign country using a desktop PC. It is crucial to detect and identify all actions that are done beyond the par for the course.

Following the Zero Trust cybersecurity model of “never trust, always verify” helps organisations to secure individual identities throughout the cycle of accessing critical OT and IT assets. When identities can be authenticated accurately, authorised with the proper permissions and given access to privileged assets in a structured manner, organisations are better equipped to find attackers as they move throughout a network and stop them before they can disrupt critical systems, threaten uptime, compromise sensitive data and jeopardise consumer safety.

While we are fortunate to have escaped relatively unscathed so far, we have already seen our fair share of cyberattacks. Singapore’s resilience against cyberthreats will also attract opportunities offered by new digital technologies that appeal to investors as a strategic and secure location for their business.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more