Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. News & Events
  3. Speeches
  4. Welcome Remarks by Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA at Operational Technology Cybersecurity Expert Panel Forum
Speeches

Welcome Remarks by Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA at Operational Technology Cybersecurity Expert Panel Forum

29 July 2025

Mrs Josephine Teo, Minister for Digital Development and Information and Minister-in-charge of Smart Nation and Cybersecurity,

Esteemed Panellists,

Distinguished Guests,

Introduction

1.  Good afternoon, and welcome to the fifth Operational Technology Cybersecurity Expert Panel (OTCEP) Forum.

2. I am glad to see such a strong turnout today. Your collective attendance reflects the growing importance of OT cybersecurity, and the strong partnerships that we have formed together among us.

3. We gather in eventful times. Government agencies, led by CSA, are actually working right now to contain an ongoing attack targeting our critical infrastructure, as was revealed by Coordinating Minister for National Security, Mr K Shanmugam, on Fri 18 Jul, at the dinner to mark CSA’s 10th anniversary. The attack was conducted by an Advanced Persistent Threat – an APT. To be specific: UNC3886.

4. What does this mean for OT cybersecurity?

The Challenging Landscape for OT

5. The inaugural OTCEP Forum was held in 2021. Between 2021 and 2024, APT activity detected in Singapore’s cyberspace has more than quadrupled. Being experts in this room, you probably understand what that implies for the nature of our work.

6. Cyber threats to our OT environment may come from many directions – from APTs, or cybercriminals. Financially motivated cybercriminals may focus on hunting for the weakest links and the easiest targets, for financial gains.

7.  APTs, on the other hand, are often determined to breach very specific organisations or systems like those represented here. Systems that if compromised, could jeopardise our national security, public safety, economy, or our way of life. Many of these systems are IT systems that also operate alongside OT. Some are OT systems themselves

8. Time and time again, the importance of OT cybersecurity has been impressed upon us. The Stuxnet worm discovered in 2010, which targeted a specific brand of Programmable Logic Controllers (PLCs), marked the first known malware capable of causing physical destruction via cyber means. The PIPEDREAM malware toolkit, discovered in 2022, marks a dangerous evolution in OT cybersecurity threats as it provides a versatile and multi-module framework capable of targeting a broad array of common industrial control systems.

9. Today, CSA’s Cybersecurity Code of Practice includes a set of mandatory cybersecurity measures which have enhanced our OT cybersecurity resilience. To raise awareness and build competency in our workforce, CSA has also collaborated with academic institutions to integrate OT cybersecurity into engineering and computer science curricula. But there is more to be done – which we can only do well, if we work well together.

Trust and Partnership in Shaping the Future of OT Cybersecurity

10. That is why the theme of this year’s forum is “Trust and Partnership in Shaping the Future of OT Cybersecurity”. This resonates with the founding principles of the OTCEP Forum. This Forum’s very existence directly reflects the understanding that in the high-stakes realm of OT cybersecurity, we have to work together as a team.

11. This is also why when CSA updated the OT Masterplan last year, it was done collaboratively with over 60 organisations in the OT ecosystem. One key thrust of the Masterplan is to enhance information sharing and reporting. This is a key success factor of effective partnerships between government, industry and academia.

12. Considering the rise in cyber threats and especially that of APT activities, CSA will continue to work closely with our local organisations and international partners to share actionable threat information.

13. In this spirit, CSA is proud to support the upcoming inauguration of the OT Special Interest Group (OT-SIG) by ISACA. This is on top of its existing SIGs in Cyber Security and Data Privacy. The growth of such communities of practice is critical in enhancing information sharing within the OT sector.

Conclusion

14. Through the OTCEP Forum, we have cultivated an essential dialogue and collaboration with the OT community. We hope to continue creating more opportunities for everyone to come together and harness our shared expertise to protect our digital way of life.

15. This year, a new expert panel has been appointed, with two new members and six returning members. I would like to take this opportunity to extend a warm welcome to our new members. To our returning members, thank you for your continued support for OTCEP.

16. I thank everyone else. I look forward to a fruitful exchange of ideas, and an enlightening and enjoyable forum.


Back to top