Speech by CE at (ISC)2 Secure Singapore on 14 July 2022

“Cybersecurity is a Team Sport”

Mr Zach Tudor, Board Chairperson (ISC)²
Ms Clar Rosso, CEO (ISC)²
Mr Garion Kong, President of the Singapore Chapter of (ISC)²
Distinguished Guests

INTRODUCTION

1. Good morning. I am pleased to join such an esteemed panel to discuss the convergence of IT and OT. As the Chief Executive of CSA and the Commissioner of Cybersecurity, I believe I have a bird’s eye view of how the whole cybersecurity ecosystem comes together. This has affirmed my belief that cybersecurity is a team sport, and that it is important to work together to better defend our cyberspace. 

CYBERSECURITY IS CONSTANTLY EVOLVING, AND WE NEED TO KEEP UP 

2. Cybersecurity is a field that is constantly evolving, and the stakes are high. Take the convergence of OT and IT for example, which we are about to discuss. 

3. This convergence we see in the Fourth Industrial Revolution involves data and instructions being sent digitally and remotely to OT systems. This connectivity has unlocked new OT functions and capabilities that have made things more efficient, such as remote monitoring and operations.Power plants or manufacturing operations, aeroplanes or trains, now send back data to their manufacturers, and receive updates through remote access connections.  

4. However, this shift has come at a cost. The attack surface for OT has widened, and a vast range of IT cybersecurity threats has been introduced to previously ‘safe’ OT operating environments. 
Cyberattacks can now affect OT systems and thus spill over into the physical realm, and have severe and life-threatening consequences.

CYBERSECURITY IS A TEAM SPORT, AND WE NEED TO SUPPORT AND HELP EACH OTHER

5. The convergence of IT-OT is just one example of how cybersecurity is evolving. To keep pace with the threats in the vast digital domain, no one single entity or organisation, not even Governments, hold all the levers. 

6. This is why people often say that cybersecurity is a team sport. Government tech agencies, private sector companies, and professional associations like ISC-squared also need to work together. 
We are all on the same side in the fight against cyber threats and are in a position to help each other succeed as the game continues to change.

7. Professionals with different types of expertise need to work together to achieve common goals. This means that building a tight-knit community is particularly important to the profession, because teamwork drives successful outcomes. Just earlier this week, CSA organised the second OT Cybersecurity Expert Panel (OTCEP) to invite the best minds working on and thinking about OT cybersecurity to share their views and perspectives. This is so that we can all learn, benefit, and improve our defences in Singapore.

8. Similarly, the attendees here at ISC-squared SECURE today represent a range of different roles from various organisations in the cybersecurity ecosystem, and this is reflective of the team spirit of the cybersecurity community. Despite our different responsibilities, we recognise that we have a mutual interest in learning from each other to uplift the community as a whole.

PEOPLE AND TALENT ARE THE FOUNDATION TO BETTER CYBERSECURITY

9. So if cybersecurity is a team sport, then how do we win, or at least, not lose? CSA launched our updated National Cybersecurity Strategy last year. In this updated Strategy, one of the key shifts was the recognition of cybersecurity talent as the foundational enabler, which undergirds all other Strategic Pillars in the Strategy. Everything hinges on our people and talent, and we take this very seriously.

10. To use the analogy of a team sport, professionals like yourselves, who defend your organisations, clients, or the public are the players. We each have jobs to do, but it is important to know that each role contributes to the bigger picture at the organisational level, and each organisation then in turn contributes to the national picture. Successfully defending against a cyberattack can come down to a single person in the SOC that day, who noticed something that others did not. This is why it is important to develop our talent, so each player can do their best on the ground.

CONCLUSION

11. Conferences like ISC-squared SECURE Singapore are important to developing our team camaraderie and our talent. Professionals come here to learn, and create new ideas, and refine existing practices. This is important not just for the convergence of IT and OT. The path forward remains uncharted for many areas of cybersecurity, and we will have to pave the way together.

12. Thank you.