Building Trust In Critical Infrastructure: Securing Singapore's Future

The security of Singapore's critical infrastructure is at a critical juncture. The Cyber Security Agency of Singapore (CSA) has reported increased sophisticated cyber threats like ransomware and phishing. This poses a significant risk to Internet of Things (IoT) devices, which play an increasingly important role in supporting crucial societal functions.

The government's Smart Nation agenda emphasizes the importance of data as a fundamental component of a digital economy, highlighting the need for robust cybersecurity and data security measures to achieve this ambitious goal.

For organizations responsible for managing critical information infrastructure, securing supervisory control and data acquisition (SCADA) systems and networks, industrial control systems (ICS) and operational technology (OT) must be a top priority

State of Critical Infrastructure Security

Infrastructure digitization has erased the line between IT and OT, leaving SCADA, ICS, and OT systems vulnerable to cyber threats. These systems are critical for providing the public with essential services such as water, electricity, and food.

Industries like healthcare, transportation, and emergency services are also at risk. A security breach could cause severe disruptions, delay routine operations, and jeopardize community trust.

To ensure the integrity of critical infrastructure, operators must factor in various potential threats and implement robust security measures. Neglecting these aspects could leave the system open to attacks, making detecting security breaches and network anomalies impossible.

As cyberattacks on critical infrastructure increase worldwide, Singaporean agencies, including the Cyber Security Agency (CSA), are taking action. The CSA created a Cybersecurity Code of Practice, requiring operators to adopt a security-by-design approach and a risk management framework to identify and respond to potential threats.

To consolidate efforts against cyberattacks, the CSA formed an inter-agency approach and established the Counter Ransomware Task Force (CRTF) to disrupt the ransomware kill chain and reduce pay-offs.

As part of the Smart Nation agenda, the government has also developed its initiatives to safeguard the public's data. In particular, collaborative programs with the "white hat" community, like the Vulnerability Rewards Programme (VRP), the Government Bug Bounty Programme (GBBP) and the Vulnerability Disclosure Programme (VDP), were created to maintain critical infrastructure resilience.

They have also assembled a dedicated team of cybersecurity experts to monitor and respond to threats within government systems.

However, a Fortinet survey across the Asia Pacific region found that only 26 percent of organizations have implemented a mature OT security framework, leaving operators responsible for building a robust barrier to protect their systems. With critical infrastructure serving local communities, it's essential to strengthen cybersecurity measures continually.

Securing Infrastructure Today and Tomorrow

Operators can protect their infrastructure with a three-pronged strategy: visibility, segmentation, and secured access. Gain awareness of programmable logic controllers and create an inventory of critical assets with a cyber-threat assessment solution. Segment networks prevent lateral movement between IT/OT domains and reduce the risk of debilitating the entire system. Secure every access point and encrypt OT traffic through a firewall. Operators need controls that communicate with each other instantly to prevent attackers from taking over critical processes.

In addition, operators should make Zero Trust Access (ZTA) the foundation of their security enforcement. In a work-from-anywhere environment, the "never trust, always verify" policy is crucial to ensuring secure access to valuable assets. One of the most effective measures to enable ZTA controls is enforcing the least privilege across internal and external network communications. Through this process, security teams ensure user credentials can only access the privileges necessary for their work and not more.

As agencies take a more vigilant stance, critical infrastructure operators must modernize their safeguards to ensure no threat is unaccounted for. With threat actors seeking maximum damage, getting security right is crucial for winning public trust and delivering essential services without interruption.

Jess Ng, country head for Singapore and Brunei at Fortinet, wrote this article.

The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/fazon1