{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Cyberattacks on operational technology (OT) are becoming increasingly complex and common. Malicious actors are smarter and more determined to bring businesses' infrastructure down, by infecting engineering plants with ransomware, compromising public utilities systems, or even infiltrating companies through their software. No matter what industry you're in, technology makes up a significant part of your operations, these threats pose a serious risk, not only to your company's data and operations, but also to the communities that rely on it.
In recent years, Singapore has been building its name as a "Smart City", an urban environment managed with advanced technology systems. The increasing integration of information technology (IT) and OT systems means disruptions in these systems will have far-reaching consequences. Moreover, the 11 essential services have been identified and critical information infrastructures (CIIs) within these services designated. The Cyber Security Act 2018 has mandated that CII owners conduct annual risk assessments and compliance to codes of practice (CCoP 2.0) issued by the Cyber Security Agency (CSA) of Singapore.
PwC Singapore can lead organisations to recognise the threats facing their OT and Internet of Things (IoT) systems, and recommend mitigation controls for the security vulnerabilities through:
We provide continuous security monitoring of your OT and IoT systems, enabling early detection of incidents, effective and timely response along with threat intelligence to enhance your cybersecurity posture, which leads to a reduced risk of cybersecurity breaches.
We provide incident response retainer services to help provide a swift and decisive response towards cybersecurity incidents while working with law enforcement agencies. We also provide post-incident digital forensics to retrieve, investigate and understand the full perspective.
We measure, strategise and create roadmaps to enhance the cybersecurity posture of your OT systems in accordance with National Institute of Standards and Technology (NIST) and Interconnection Security Agreement/ International Electrotechnical Commission 62443 (ISA/IEC 62443) standards.
We implement OT and IoT solutions in your OT/IoT environment to strengthen your cybersecurity posture and minimise the financial, operational and reputational impact of cybersecurity incidents.
We identify potential cybersecurity risks in your technology infrastructure, web applications and data of your OT/IoT systems, including evaluating the effectiveness of existing policies, procedures and controls. Based on industry standards and frameworks, the review outcome empowers you to prioritise and address gaps efficiently.
We identify various OT assets that could be affected by different cyber threats, evaluate and prioritise the risk to the operations, and suggest possible mitigation controls to subsequently inform decision-makers to support the proper risk responses.
We determine compliance gaps and advise on measures/controls necessary to satisfy the requirements compliance to the Cyber Security Agency (CSA) of Singapore Cybersecurity Code of Practice (CCoP) once every two years.
We discover key vulnerabilities and configuration issues through offensive means, which attackers could use to break into the OT/IoT system so that those vulnerabilities and issues can be fixed before adversaries use them.
We emulate adversarial techniques, tactics and procedures (TTP) according to the MITRE ATT&CK Framework for industrial control system (ICS) to help organisations improve their cybersecurity posture by either allowing organisation’s blue team to experience and learn from adversarial attacks or testing and improving their cybersecurity maturity.
We train operators to senior management on cybersecurity to provide an understanding of cybersecurity risks pertaining to OT/IoT systems.
We test, evaluate and rehearse your incident response (IR) plan with relevant attack scenarios created by our experts. This activity involves stakeholders ranging from the IR team, OT/IoT team, and cybersecurity team to the executive team in order to test organisational readiness to attacks such as ransomware and data breaches.