Operational technology and critical information infrastructure cybersecurity

Safeguard the security of your operational technology and internet of things environment

- 4 items

Digital Trust Insights 2024: Asia Pacific

Cybersecurity in Asia Pacific: Rising threats and GenAI adoption

SGTraDex: International trade for the digital age

Solving real-world problems to build transparency and trust

FS Regulatory Risk and Compliance Digest

Stay abreast with the latest regulatory developments

Global Compliance Survey 2025

Moving faster: Reinventing compliance to speed up, not trip up

Cyberattacks on operational technology (OT) are becoming increasingly complex and common. Malicious actors are smarter and more determined to bring businesses' infrastructure down, by infecting engineering plants with ransomware, compromising public utilities systems, or even infiltrating companies through their software. No matter what industry you're in, technology makes up a significant part of your operations, these threats pose a serious risk, not only to your company's data and operations, but also to the communities that rely on it.

In recent years, Singapore has been building its name as a "Smart City", an urban environment managed with advanced technology systems. The increasing integration of information technology (IT) and OT systems means disruptions in these systems will have far-reaching consequences. Moreover, the 11 essential services have been identified and critical information infrastructures (CIIs) within these services designated. The Cyber Security Act 2018 has mandated that CII owners conduct annual risk assessments and compliance to codes of practice (CCoP 2.0) issued by the Cyber Security Agency (CSA) of Singapore.

How we can help you

PwC Singapore can lead organisations to recognise the threats facing their OT and Internet of Things (IoT) systems, and recommend mitigation controls for the security vulnerabilities through:

Managed security services

Managed security operation centre

We provide continuous security monitoring of your OT and IoT systems, enabling early detection of incidents, effective and timely response along with threat intelligence to enhance your cybersecurity posture, which leads to a reduced risk of cybersecurity breaches.

Digital forensics and incident response

We provide incident response retainer services to help provide a swift and decisive response towards cybersecurity incidents while working with law enforcement agencies. We also provide post-incident digital forensics to retrieve, investigate and understand the full perspective.

Strategy and implementation

Cybersecurity consulting

We measure, strategise and create roadmaps to enhance the cybersecurity posture of your OT systems in accordance with National Institute of Standards and Technology (NIST) and Interconnection Security Agreement/ International Electrotechnical Commission 62443 (ISA/IEC 62443) standards.

Solutions implementation

We implement OT and IoT solutions in your OT/IoT environment to strengthen your cybersecurity posture and minimise the financial, operational and reputational impact of cybersecurity incidents.

Security architecture

Architecture review

We identify potential cybersecurity risks in your technology infrastructure, web applications and data of your OT/IoT systems, including evaluating the effectiveness of existing policies, procedures and controls. Based on industry standards and frameworks, the review outcome empowers you to prioritise and address gaps efficiently.

Risk and compliance

Risk assessment and management

We identify various OT assets that could be affected by different cyber threats, evaluate and prioritise the risk to the operations, and suggest possible mitigation controls to subsequently inform decision-makers to support the proper risk responses.

Compliance with the Cybersecurity Act

We determine compliance gaps and advise on measures/controls necessary to satisfy the requirements compliance to the Cyber Security Agency (CSA) of Singapore Cybersecurity Code of Practice (CCoP) once every two years.

Offensive security services

Vulnerability assessment and penetration testing

We discover key vulnerabilities and configuration issues through offensive means, which attackers could use to break into the OT/IoT system so that those vulnerabilities and issues can be fixed before adversaries use them.

Red/ purple teaming

We emulate adversarial techniques, tactics and procedures (TTP) according to the MITRE ATT&CK Framework for industrial control system (ICS) to help organisations improve their cybersecurity posture by either allowing organisation’s blue team to experience and learn from adversarial attacks or testing and improving their cybersecurity maturity.

Training and education

Cybersecurity awareness training

We train operators to senior management on cybersecurity to provide an understanding of cybersecurity risks pertaining to OT/IoT systems.

Cybersecurity tabletop exercises (TTX)

We test, evaluate and rehearse your incident response (IR) plan with relevant attack scenarios created by our experts. This activity involves stakeholders ranging from the IR team, OT/IoT team, and cybersecurity team to the executive team in order to test organisational readiness to attacks such as ransomware and data breaches.

Upcoming events

05/05/25

PwC at Ecosperity Week 2025

Confronting a world in transition: Strong climate plans, adaptation, nature-based solutions for a resilient future.

11/04/25

Asia Pacific M&A Summit

04/11/24

PwC Singapore at COP29

PwC Singapore will join the Singapore Pavilion at COP29 to catalyse the shift from visionary ideals to concrete actions, realising our shared climate vision together.

17/10/24

Singapore fund tax incentive schemes – What’s new?

MAS extends and revises fund tax incentives under ITA sections 13D, 13O, 13U, and introduces new scheme under 13OA.

Hide

Required fields are marked with an asterisk(*)

Business email*

Name*

Organisation*

Job title*

Message*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Jimmy Sng

Technology Risk Services Leader, PwC Singapore

Tel: +65 9746 6771