Like many advanced economies, Singapore has witnessed the convergence of OT and IT in its critical infrastructure. Concerted efforts to drive digital transformation have significantly improved the efficiency of electricity grids, oil and gas pipelines, manufacturing plants, and even healthcare systems, which have tangibly improved quality of life.
However, digital transformation comes at a price. The convergence of physical and digital systems has greatly expanded the attack surface for cybercriminals. More IT involvement in OT environments means that cybersecurity is paramount to ensuring the day-to-day functioning of the nation’s essential services.
Recent incidents underscore this reality. Singapore’s critical information infrastructure was infiltrated by the cybercrime group UNC3886. This is a stark reminder that the nation’s most essential systems are not invulnerable. Breaches in OT environments can lead to consequences that extend far beyond data loss, including operational shutdowns, safety risks, and cascading failures that bring entire sectors to a grinding halt.
Vulnerabilities from digitalisation
Part of the problem with digitalising OT systems is the increased complexity introduced to previously air-gapped systems. Critical industry processes that were once sheltered from cyber risks are suddenly exposed to a range of threats that these systems were not designed to fend off.
However, the problem is also architectural. Many OT and IT systems operate with limited visibility into network activities for security teams and often run on outdated protections that can’t keep pace with today’s threat landscape.
Threat actors can exploit weaknesses like inadequate access controls and outdated, unpatched systems to gain entry into critical systems. Unsegmented networks allow lateral movement, while limited monitoring means breaches tend to go undetected for a long time.
These vulnerabilities mean that it is no longer a case of what if, but when an attack may strike critical infrastructure.
Building resilient defence systems
Effective OT and IT security hinges on a multi-pronged strategy that works in concert to create layered protection.
- Comprehensive monitoring and visibility
You can protect only what you can see. Every device, process, and user must be monitored continuously so that any suspicious activity can be detected early. This includes maintaining detailed event logs to provide clear records of access and implementing anomaly detection systems that can identify unusual patterns and breaches quickly and effectively.
Moreover, regular security assessments and penetration testing can expose vulnerabilities. This proactivity ensures weaknesses are addressed before they can be exploited by attackers. - Strict access controls
Another important strategy is enforcing strict role-based access controls with the principle of least privilege. This ensures that users can access only the resources they need to perform their specific functions, and nothing more.
Zero-trust security takes this further by continuously validating every access request, regardless of the user’s previous authentication status. This, alongside multi-factor authentication, adds layers of barriers that can significantly reduce the likelihood of unauthorised access.
Additionally, access rights require regular audits to identify unnecessary privileges that can accumulate over time. This allows organisations to secure potential entry points before they can act as conduits for attacks. - Patch management
Known vulnerabilities are commonly exploited by attackers. Thus, keeping all OT and IT systems updated with security patches and performance updates can mitigate this. Robust patch management processes should be implemented, and this requires clear planning, testing, and systematic deployment across all systems. Treating updates as optional creates risks. Regular updates improve performance and actively minimise the risk of known flaws being exploited by malicious actors. - Network segmentation
Isolation can limit damage. Dividing the OT and IT network into discrete segments with their own dedicated security controls and restricted communications pathways can prevent attackers from moving laterally within the network. In effect, demilitarised zone network segmentation ensures that, if a breach does occur, it is contained and damage is limited. This creates a buffer that provides extra protection for critical assets.
Preparing for a secure future
Singapore’s critical OT and IT environments face increasingly sophisticated cyberthreats that evolve faster than traditional defence mechanisms can keep up with, risking major disruptions to essential services.
With important assets at stake, organisations need to be proactive in their approach to security, adopting layered and comprehensive strategies to mitigate risks.
Continuous monitoring, strict access management, timely patching, and network segmentation form the foundation of effective OT and IT security. However, prevention alone is not enough. Strong incident response and recovery plans are also needed to ensure that attacks are ineffective at derailing operations.
As the threat landscape continues to evolve, organisations must prioritise resilience and risk mitigation to best protect critical systems that the nation relies on. The time for reactionary strategies has passed. Instead, security should be proactive and comprehensive.
