Operational technology and critical information infrastructure cybersecurity

Safeguard the security of your operational technology and internet of things environment

- 4 items

SGTraDex: International trade for the digital age

Solving real-world problems to build transparency and trust

Digital Trust Insights 2023

The Southeast Asia perspective

Improving the clinical adoption of HealthTech

Recommended HealthTech clinical adoption pathway

Managing innovation realistically

Five tips for the corporate changemaker

Cyberattacks on operational technology (OT) are becoming increasingly complex and common. Malicious actors are smarter and more determined to bring businesses' infrastructure down, by infecting engineering plants with ransomware, compromising public utilities systems, or even infiltrating companies through their software. No matter what industry you're in, technology makes up a significant part of your operations, these threats pose a serious risk, not only to your company's data and operations, but also to the communities that rely on it.

In recent years, Singapore has been building its name as a "Smart City", an urban environment managed with advanced technology systems. The increasing integration of information technology (IT) and OT systems means disruptions in these systems will have far-reaching consequences. Moreover, the 11 essential services have been identified and critical information infrastructures (CIIs) within these services designated. The Cyber Security Act 2018 has mandated that CII owners conduct annual risk assessments and compliance to codes of practice (CCoP 2.0) issued by the Cyber Security Agency (CSA) of Singapore.

How we can help you

PwC Singapore can lead organisations to recognise the threats facing their OT and Internet of Things (IoT) systems, and recommend mitigation controls for the security vulnerabilities through:

Managed security services

Managed security operation centre

We provide continuous security monitoring of your OT and IoT systems, enabling early detection of incidents, effective and timely response along with threat intelligence to enhance your cybersecurity posture, which leads to a reduced risk of cybersecurity breaches.

Digital forensics and incident response

We provide incident response retainer services to help provide a swift and decisive response towards cybersecurity incidents while working with law enforcement agencies. We also provide post-incident digital forensics to retrieve, investigate and understand the full perspective.

Strategy and implementation

Cybersecurity consulting

We measure, strategise and create roadmaps to enhance the cybersecurity posture of your OT systems in accordance with National Institute of Standards and Technology (NIST) and Interconnection Security Agreement/ International Electrotechnical Commission 62443 (ISA/IEC 62443) standards.

Solutions implementation

We implement OT and IoT solutions in your OT/IoT environment to strengthen your cybersecurity posture and minimise the financial, operational and reputational impact of cybersecurity incidents.

Security architecture

Architecture review

We identify potential cybersecurity risks in your technology infrastructure, web applications and data of your OT/IoT systems, including evaluating the effectiveness of existing policies, procedures and controls. Based on industry standards and frameworks, the review outcome empowers you to prioritise and address gaps efficiently.

Risk and compliance

Risk assessment and management

We identify various OT assets that could be affected by different cyber threats, evaluate and prioritise the risk to the operations, and suggest possible mitigation controls to subsequently inform decision-makers to support the proper risk responses.

Compliance with the Cybersecurity Act

We determine compliance gaps and advise on measures/controls necessary to satisfy the requirements compliance to the Cyber Security Agency (CSA) of Singapore Cybersecurity Code of Practice (CCoP) once every two years.

Offensive security services

Vulnerability assessment and penetration testing

We discover key vulnerabilities and configuration issues through offensive means, which attackers could use to break into the OT/IoT system so that those vulnerabilities and issues can be fixed before adversaries use them.

Red/ purple teaming

We emulate adversarial techniques, tactics and procedures (TTP) according to the MITRE ATT&CK Framework for industrial control system (ICS) to help organisations improve their cybersecurity posture by either allowing organisation’s blue team to experience and learn from adversarial attacks or testing and improving their cybersecurity maturity.

Training and education

Cybersecurity awareness training

We train operators to senior management on cybersecurity to provide an understanding of cybersecurity risks pertaining to OT/IoT systems.

Cybersecurity tabletop exercises (TTX)

We test, evaluate and rehearse your incident response (IR) plan with relevant attack scenarios created by our experts. This activity involves stakeholders ranging from the IR team, OT/IoT team, and cybersecurity team to the executive team in order to test organisational readiness to attacks such as ransomware and data breaches.

Required fields are marked with an asterisk(*)

Business email*

Name*

Organisation*

Job title*

Message*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Jimmy Sng

Technology Risk Services Leader, PwC Singapore

Tel: +65 9746 6771

Hide