Welcome Address by Mr David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore, to the OTCEP Forum, 29 Sep 2021

29 Sep 2021

Welcome Address by Mr David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore, to the OTCEP Forum, 29 Sep 2021

 

Introduction

  1. Good morning to everyone. To not just the people here in the room, but to the people dialling in virtually. Welcome to the inaugural Operational Technology Cybersecurity Expert Panel Forum. We are really pleased to have all of you join us here today and I’m really pleased to attend a physical event. I am most glad to meet some of the expert panel members in person. 

  2. I am also very glad to meet some of the expert panel members in-person. Many of you have gone to great lengths just to come here; I heard that one of the experts even had to rebook a new flight due to delays in pre-travel PCR testing! Ultimately, she was not able to make it to Singapore, which goes to show the challenges that we face today. Thank you for travelling to Singapore despite the uncertainty and inconvenience amidst COVID-19. We really appreciate it. 

    Growing Cyber-Physical Risks

  3. Such efforts by the experts are a testament to the dedication of our panel members, and a strong affirmation of the importance of OT cybersecurity. Like IT security, OT security has increasingly become a national security concern. We are now in an age where the cyber and physical have come together and converged, with potentially serious physical consequences that can result from cyber-attacks.

  4. The threat is real. Petrochemical plants, power grids, and even nuclear centrifuges have all been successfully targeted by hackers in the past. The threat is also growing. COVID-19 has accelerated digitalisation and that means it has accelerated the convergence of IT and OT networks, which has expanded the attack surface for malicious actors looking to compromise our systems. 

    OT Cybersecurity is Our Collective Responsibility

  5. I often say that cybersecurity is like brakes on a car. If you want to go fast, we need good brakes. If you want to digitalise, we need cybersecurity. Without good brakes, it would be foolhardy to go fast. As we digitalise our OT networks to reap productivity gains, we must also mitigate the cybersecurity risks to ensure the resilience of our systems. 

  6. Given the scale and complexity of OT cybersecurity, we need all hands on-deck to deal with this unique challenge.

  7. At the organisational level, OT engineers need to learn to speak the language of IT professionals, and vice versa. We need to understand each other’s considerations. Leaders of organisations need to be “trilingual”, to understand the views of OT experts and IT professionals, and to balance ultimately the risks against the business needs of the company. This is a huge challenge because the three groups speak fundamentally different languages.

  8. At the national and global level, we need industry, researchers, and policy makers to regularly exchange views on governance best practices and technological developments, while recognising operational constraints and the realities on the ground. 

  9. It is never easy to work across domains, especially when the other party’s priorities, skillsets, mental models, and languages are so different from yours. At times, it may feel like a chicken talking to a duck. This is a Chinese saying so I think some of it is lost in translation. Some of you here might have experienced this first-hand. But we need to be deliberate in fostering and facilitating such discussions.

    Conclusion

  10. It was in this spirit of collaboration and knowledge sharing that we have established the OT Cybersecurity Expert Panel Forum. We hope that this forum will be a useful platform for all participants to tap each other’s experience and exchange insights. We have gone to great lengths to bring the experts here, and the experts have gone to great lengths to come here. So I hope that we ask questions. We at CSA are also looking forward to hearing and learning from all of you.

  11. Welcome again to the OT Cybersecurity Expert Panel Forum. I wish all of you a fruitful two days of discussion ahead. Thank you.