Why securing OT is crucial for Singapore’s 5G goals

Organisations embarking on digital transformation are moving faster and further than their peers in every aspect, from production efficiency and customisation, to delivering improvements in speed to market, service effectiveness, as well as new business-model creation.

With this in mind, Singapore’s authorities are accelerating the rollout of 5G infrastructure to further help organisations digitalise and build capabilities for the future.

With the power to accelerate industrial transformation far beyond the capabilities offered by previous generations of broadband technology, 5G will enable local businesses to harness data-driven use cases, such as augmented reality-based maintenance, precise real-time asset tracking, mobile robots, and closed-loop process control.

Take our maritime industry for instance. Since 2019, Singapore’s maritime and port authority has used 5G to significantly reduce latency between the commands given and vehicles’ response times at the Pasir Panjang Terminal. The network’s increased bandwidth and speed enabled the exchange of instant, real-time data as well as the ability to deploy more driverless vehicles. Lifting scalability and efficiency to new heights markedly reduced travel times and made loading and unloading more seamless, ensuring that operations are more cost effective.

These initiatives are set for a boost after senior transport minister Chee Hong Tat outlined intentions to further leverage 5G in Singapore’s maritime operations earlier in the year in March.

However, Singapore’s industries will only realise the game-changing benefits of 5G — such as low latency and greater scalability — if networks and operational technology (OT) are secured.

Driving secure innovation in 5G environments

The increased adoption of 5G will further drive and expand the convergence of OT and IT networks among organisations and expose the operational networks to cyberthreats, which was once an air-gapped network.

With the OT-IT convergence, traditional endpoint security solutions will be limited in their ability to adequately protect critical infrastructure, which rely heavily on legacy systems. On the other hand, a broad selection of point security solutions, while providing cover for each new risk exposure, only introduces complexity and leaves gaps in the organisational security posture.

Cybersecurity challenges in 5G-enabled industrial environments

5G is an enabler for many new industry vertical use cases. Delivering these use cases often requires an integrated ecosystem of technologies and partners: OT/Industrial Internet of Things (IIoT) vendors, ICS vendors, 5G vendors/providers, industrial applications providers, cloud providers, and integrators. Many organisations assume that a private 5G network is inherently safe and will protect them, which is not necessarily the case. 5G private networks are rarely entirely isolated from the enterprise IT environment or external environments — such as partners, integrators, and the public cloud — and may be exposed to internal and external attacks and risks.

With 5G-connected devices, platforms, and applications having the ability to send and receive data directly, an ever-increasing amount of information now needs to pass between these zones thanks to the IoT, IIoT, as well as wireless and cloud connectivity. Furthermore, the general rollout of 5G — by introducing a vast array of new connections, capabilities, and services — essentially creates more attack vectors for cybercriminals to target. It is therefore crucial to put in place additional security boundaries at the 5G domain for further network segmentation.

Another aspect to consider for businesses in securing OT environments is how attackers’ tactics are evolving. While it used to be that OT systems could only be targeted by highly specialised threat actors leveraging their knowledge of ICS and supervisory control and data acquisition (SCADA) systems, it is, in fact, no longer the domain of malicious actors with these specific, advanced capabilities. As the tools needed to execute such attacks are now available for purchase on the dark web, a broader set of far less technical attackers are now able to access the weapons to target organisations’ OT systems.

Without the right security approach, these new vulnerabilities introduced by 5G adoption can raise the possibility of IIoT devices being targeted to access and gain control of the operational network from the outside world directly.

Put security at the core of 5G innovation

Deploying 5G use cases in production will take time as devices, applications, 5G technology experience and know-how mature to become reliable enough for deployment. It is essential that alongside this evolution of 5G deployments in enterprise verticals that the appropriate security considerations are taken and implemented throughout the industrial environment, including the 5G network, services, and overall use cases.

5G will undoubtedly play a leading role in driving innovation in Singapore’s industries, but local businesses can ill afford failing to implement a holistic security framework, as this places them at the mercy of costly stoppages to operations. More importantly, a failure to arm themselves with cutting-edge security not only stops organisations from harnessing the full spectrum of business advantages from 5G, but also significantly increases the risks posed to lives.

Holistic security to protect 5G-enabled industrial environments

As Singapore sets its sights on boosting 5G implementation in industrial environments, ensuring organisations’ security to keep up with today’s complex and fast-evolving threat landscape is critical. When considering security in 5G use cases, organisations must consider the security of end-to-end supply chains and ecosystems. The security of an industrial environment is only as strong as its weakest link. As attack sequences get more complex and innovative, maintaining organisation-wide visibility and consistent policy enforcement is fundamental for impactful 5G adoption in enterprises. This requires a robust platform that can encapsulate IT, OT, IIoT, and 5G security with broad visibility and control. Through an integrated and unified platform, businesses can monitor and promptly respond to threats across edges, clouds, endpoints, and users to mitigate the consequences of leaks and breaches.

As Singapore’s 5G drive gains ground, tools that harness behavioural-based counter action — including artificial intelligence and machine learning — are imperative. Such capabilities are crucial to raise organisations to the next level of operational excellence, provided that businesses have deployed effective security strategies to stay ahead of increasingly sophisticated threat actors. Deprived of that, 5G providers, industrial enterprises, and systems integrators have little chance of securing critical, traditional, and 5G-enabled use cases over private, public, and hybrid 5G networks and services.