Cybersecurity so far has been largely focussed on developing solutions for the enterprise IT systems, with attention on securing the infrastructure across new digital business realities. Today, the opportunities in the cybersecurity space are expanding to operational technology systems, more than ever before.
However, with a more wide-spread adoption of operational technology systems, comes the recognition and realisation that an operational technology breach can have severe consequences - extending to the physical realm, and impacting property and life. With a clear understanding of risks and regulations, organisations can be fully prepared for both challenges and opportunities in the horizons.
Moreover, cybersecurity in operational technology systems is emerging as a national priority for Singapore. Eventually, the operational technology systems in the country will be connected and interlinked to enable harvesting and analysis of big data, aimed at improving overall productivity and efficiency.
Key challenges around working with operational technology systems
Across ecosystems and industries, the challenges operational technology CII owners face are similar when trying to enhance their cybersecurity:
- Legacy: By nature, operational technology systems are deterministic. It is a challenge to implement many of the new cybersecurity requirements imposed in recent years.
- Organisational responsibility: Sometimes, cybersecurity of the operational technology systems falls into the cracks as the engineering team does not have the cybersecurity expertise and the IT security team does not have the engineering domain expertise.
- Compliance: While many operational technology systems will have complied with the regulatory requirements, they may not necessarily be sufficiently secured once you consider the business and operational risks.
- People: Most organisations have people with a deep domain expertise to manage, operate and maintain the operational technology systems. They also have a pool of cybersecurity professionals to support the operations of the IT systems. Unfortunately, these rarely overlap.
- Process: Given the lines of responsibility adopted by most organisations, it was not surprising that many of the processes put in place for cybersecurity of operational technology systems were adopted wholesale from that of IT systems, without factoring the unique considerations of operational technology.
- Technology: Technological control is the greatest challenge faced by most, if not all, operational technology systems owners. Operational technology systems are designed to function for long periods of time, typically for up to twenty years without the need for significant technical refresh. As a result, many of the firmware, operating systems, applications in the operational technology systems would now be extremely outdated compared to that in an IT system.
- Isolation: With Singapore's Smart Nation initiative, it is inevitable that many of the operational technology systems will be connected to enable the harvesting and analysis of big data to improve overall productivity and efficiency. Isolation will no longer be an available security measure.
Reduce business risk and open new doors in the
operational technology landscape
Whilst there are multifaceted challenges currently faced by organisations in securing their operational technology, it is important to keep in mind that it is not all doom and gloom. In fact, what we see today is a good improvement over what we experienced in the past few years. The improvements and progress will only improve with time given the efforts of the Singapore government, backed with investment of time and effort by operational technology system owners. The key will be in identifying low-hanging fruits to implement in the near term while strategically planning for significant leaps for the longer terms.
Focus on business and operational risks
Take a holistic view
Tap on external support
Low tech doesn’t mean low security
Operational technology systems form the bedrock of the infrastructure that powers our daily lives and normal functioning of the economy - and enhancing the cybersecurity posture has never been more important. With a sound understanding of risks, and measured actions while tapping on support from the Singapore government, operational technology systems owners can advance the cybersecurity levels of operational technology’s critical infrastructures.
Contact us
