On September 16, the Ministry of Defence (MINDEF) and Singapore University of Technology and Design (SUTD) signed a Memorandum of Understanding (MOU) on operational technology (OT) security for critical infrastructure. The MoU was signed by Defence Cyber Chief Brigadier General Mark Tan and SUTD Deputy Provost for Research and International Relations Yeo Kiat Seng during the Critical Infrastructure Security Showdown (CISS) exercise. The MoU formalizes the partnership between the Singapore Defence Force and SUTD on OT security and will strengthen collaboration in areas such as research and technology, threat modelling, training and expertise development.
The MoU underlines the commitment of the Singapore Ministry of Defence and the Armed Forces (SAF) to build cybersecurity expertise and capabilities to counter potential OT cyber threats. Recent cyber attacks on critical infrastructure such as fuel pipelines and power distribution systems are a stark reminder of the growing sophistication of cyber threats facing countries. To this end, the Singapore Ministry of Defence/Armed Forces is collaborating with partners from academia and industry on cybersecurity research and technology.
Underlining the importance of this milestone, General BG Tan said: “MINDEF/SAF recognises the importance of working with key partners such as SUTD to keep up with the latest developments in cybersecurity research and technology. This MoU will allow us to collaborate with SUTD is officially collaborating to leverage their strengths in cybersecurity research to advance our own capability development program. It will also support the training and education of our cyber personnel responsible for defending the digital border.”
Regarding the partnership with the Singapore Ministry of Defence, Prof Yeo said, “SUTD is delighted to collaborate with the Singapore Ministry of Defence/Singapore Armed Forces on OT security of critical infrastructure. State-of-the-art critical infrastructure at SUTD’s Cyber Security Research Centre (iTrust) The testbed enables sophisticated simulations of cyberattacks to develop defenses to mitigate such behaviors. Under the MoU, we will also help conduct research to develop the next generation of cyber experts to help defend our nation’s critical infrastructure.”
This year’s CISS from September 3-17, 2021 is an OT cybersecurity exercise co-organized by SAF and SUTD itrust. Local and international experts from academia, public and private institutions participated in the online event. The MoU and the organization of CISS 2021 are all part of MINDEF/SAF’s continued commitment to working with various partners to strengthen its capabilities in information technology (IT) and OT cybersecurity. With the growing threat of cyberattacks on critical infrastructure, the Ministry of Defense (Mindef) is looking to strengthen its defenses by further training its experts and studying the methods used by hackers.
Operational Technology (OT) systems include computer systems designed for deployment in critical infrastructure, such as power, water, manufacturing, and similar industries. Such overseas infrastructure has recently been attacked by hackers. Colonial Pipeline, which supplies about 45 percent of the fuel on the U.S. East Coast, was hit by a ransomware attack in May. That same month, a cyberattack on Brazilian food giant JBS forced the closure of all of its beef plants in the United States.
OT infrastructure and improvements are already being used in projects such as energy-efficient buildings and the Republic of Singapore Air Force’s smart air base, Mindef said.
The agreement is expected to enhance cybersecurity research collaboration between Singapore’s Ministry of Defence/Armed Forces and SUTD itrust in multiple areas. The trust center will allow the Department of Defense to test cyber defenses and better understand the vulnerabilities of OT systems. The center will provide training and exercise infrastructure and will conduct cyber exercises.
Joint fellowships may be awarded to undergraduate and graduate students selected in command, control, communications and computer specialist (C4X) positions to develop in-depth expertise, the Defense Department said. The C4X position was introduced in 2019 to develop a highly skilled cyber force to defend defense systems and networks.
The CISS annual exercise started in 2017 and is the fifth this year. It is hosted by the SUTD itrust laboratory and invites partners from all over the world to participate. Due to the impact of the epidemic, the CISS in 2020 and 2021 will be held online.
The MoD’s memorandum with SUTD, in the context of the launch of the partnership, said the increasing prevalence and sophistication of cyberattacks around the world demonstrated the evolving threats to Singapore’s national security. Recent cyber attacks on critical infrastructure such as oil pipelines and power distribution systems have highlighted the growing sophistication of cyber threats facing countries not only in the information technology (IT) but also in the operational technology (OT) realm.
The Ministry of Defence (MINDEF) and the Singapore Armed Forces (SAF) have integrated OT infrastructure and improvements to drive projects such as the RAF’s smart air bases and MINDEF/SAF’s energy-efficient buildings. To better defend these OT networks and infrastructures, MINDEF/SAF will strengthen its OT cyber defense capabilities by increasing investments in the field and conducting cybersecurity research and technology with partners from academia and industry cooperate.
The MoU highlights the strengthening of collaboration between MINDEF/SAF and the SUTD trust Centre for Research in Cyber Security (iTrust) in four main areas, including:
A. Research and Technology. itrust will develop OT testbeds to enhance MINDEF/SAF’s ability to test cyber defenses and gain a better understanding of the vulnerabilities of OT systems.
B. Threat Modeling in OT Security. itrust will develop technologies to prevent, detect and respond to advanced persistent threats in OT environments. MINDEF/SAF and iTrust will also analyze emerging OT attacks and study the tactics, techniques and procedures used by attackers.
C. Training. itrust will provide training and exercise infrastructure for OT security. MINDEF/SAF and itrust will jointly organize cyber exercises (such as the Critical Infrastructure Security Showdown) to exchange OT’s cybersecurity expertise and gain a better understanding of malicious actors’ methods.
D. Technology development. Joint scholarships from MINDEF and SUTD can be awarded to selected undergraduate and graduate students in command, control, communications and computer specialist (C4X) careers to develop in-depth OT expertise.