Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam

Ministry of Digital Development and Information
Speeches

Keynote Address by Minister Josephine Teo at the Operational Technology Cybersecurity Expert Panel Forum 2025

29 July 2025

Distinguished panellists and guests

Colleagues and friends

Introduction

  1. It’s my pleasure to welcome all of you to the 5th edition of the OTCEP Forum.

  2. This year’s forum is especially meaningful. It marks the five years since we launched OTCEP and coincides with another important milestone – the 10th anniversary of CSA’s establishment.

  3. Five years into its mission, CSA started the OTCEP Forum in 2021 to plug a gap. CSA had seen that IT and OT systems were becoming increasingly interconnected, but awareness and capabilities to secure OT environments were still low. If CSA did nothing, the OT sector could become a weak link. The Forum was therefore introduced to provide a platform for Critical Information Infrastructure (CII) sectors and industry players to engage directly with OT solution providers and experts. This will help grow a community focused on OT cybersecurity, build knowledge and strengthen capabilities.

  4. The Forum has grown beyond our original expectations. In its inaugural year, around 90 people attended in-person. Today, we have 1,700 attendees.

  5. We also started the OT capability showcase in 2023, to help attendees understand how OT solutions could be built and operationalised in their environments. In the early years, we had a handful of individual showcases. Today, we host 14 solution providers. This year’s showcase is also special in another way. For the first time, all solution features are connected to a central security operations centre. It demonstrates how different OT solutions can work together to protect our CIIs.

The Reality of Cyber Threats

  1. Whether in OT or IT, cybersecurity is often described as a team sport. In sports, we have competitors but there are rules, and referees or umpires to enforce these rules, regardless of who is in play. Participants also uphold the idea of fair play.

  2. But in cyber, we have adversaries rather than competitors. Those of us in the room today are indeed, on the same team. We are playing defence. But our opponents do not play by the same rules. And a loss for us could have severe consequences for the people we have been entrusted to take care of.

    1. Last January in Ukraine, you may recall how novel malware was used to exploit a zero-day vulnerability in Internet-facing routers. As a result, the residents of 600 homes lost all heating for two days in the middle of winter.

    2. Three months later in Russia, a malware attack targeted IoT sensor gateways critical to power, wastewater, and heating services during wartime. Thousands of IoT devices throughout Moscow’s sewage monitoring network were destroyed or disabled.

  3. This April in Norway, a dam’s OT system was hacked, releasing over seven million litres of water. The damage may have been limited in this instance, but we can all imagine more dire consequences such as flooding or disruptions to essential services.

  4. In fact, we are seeing more of such attacks worldwide. The malicious cyber actors who commit them do so for various reasons. One is financial gain. In the past year, ransomware attacks against industrial organisations have nearly doubled. Another is for long-term persistence. In the case of Advanced Persistent Threats (APTs), they aim to deploy advanced tools, evade detection, and maintain persistent access in high-value networks.

  5. APTs are often state-linked, well-resourced and determined. They may conduct espionage for their state sponsor. Their other task may be to develop the capacity to disrupt the services and assets in other states.

  6. As we speak, CSA leads a group of public agencies dealing with the attack on our critical infrastructure by an APT known as UNC3886.

  7. It is not just UNC3886 we are dealing with. APT activity detected in Singapore increased more than four-fold from 2021 to 2024.

  8. Until recently, we had not said much about APT activity. Nor had we named any of the groups involved. Why are we doing so now, for the first time?

  9. We want the public to know these threats are not imagined, but real. We also need everyone to understand that the potential consequences to our economy and society are very serious. APTs target critical infrastructure, which provides essential services for Singapore and Singaporeans. Disruptions will not go unnoticed.

  10. These “live” attacks remind us that cybersecurity is not a nice-to-have. It is a must, not just for the IT personnel, but for the CEO and the board. In particular, the owners of CIIs must raise your vigilance, because you provide essential services that Singapore and Singaporeans depend on. The threats you face are no longer simple ransomware attacks. APTs have you in their sight.

Upgrading our Defences

  1. Cybersecurity should also not just be a matter of meeting compliance requirements.

  2. The Cybersecurity Act makes clear what CII owners must do to protect our critical and important systems. But CSA has gone further to introduce the Cyber Essential and Cyber Trust Marks, to help other companies implement stronger cybersecurity protections. It issues guidance to organisations and conducts public outreach.

  3. It is easy to underestimate the importance of basic cyber hygiene. That has been the cause of many preventable attacks.

  4. However, basic protection will not be enough to stop malicious cyber actors with advanced capabilities. Owners of CII must be especially alert to the possibility of being breached by such attacks.

  5. If organisations suspect that they have been targeted, they cannot – and should not – confront the attackers on their own. Reporting such detections early allows CSA to help you. It will also help us coordinate an appropriate national response.

  6. [New] Therefore, we intend to introduce new requirements for all CII owners. They will need to report to CSA cybersecurity incidents that they suspect may have been caused by an APT.

  7. These new measures flow from last year’s amendments to the Cybersecurity Act, to strengthen incident reporting requirements. We plan for them to take effect later this year.

  8. It is important that we see these requirements in the right spirit – not as regulatory burden but as partnership to deal with serious threats.

  9. These requirements will support the early detection of APT activities, and enable CSA to take more timely actions, together with other government agencies, to defend CII owners against the attacks.

  10. On several occasions in the past, CSA has raised the National Cyber Threat Alert Level (NCTAL). This is to urge everyone to be more alert to cyber threats across Singapore, especially across all CIIs. Given the UNC3886 attack and heightened APT activity, it should not come as a surprise to anyone that we are currently in a heightened state of alert. This means we are continuing to actively work with CII owners to enhance the security of our critical systems. In addition, CSA has also convened the CEOs of all CII owners for a classified briefing on the threat landscape, focusing particularly on the threat from APTs. This is part of our efforts to share guidance on APT threats, support technical reviews, and help CIIs sharpen their readiness response.

  11. CSA, together with other government agencies, are working in close partnership and coordination to face this threat.

Trust and Partnership

  1. We also need the full cooperation of the CII owners, the solution providers, and the experts in cybersecurity in the private sector. Without a strong sense of shared responsibility and active contributions, our adversaries will have more vulnerabilities to exploit.

  2. [New] Building on past partnerships, CSA will sign a Memorandum of Collaboration in OT Cybersecurity with ST Engineering. Much like our MOU with Dragos in 2023, this new collaboration with ST Engineering is part of CSA’s commitment to secure access to the latest tools and expertise. It will also allow the engineering teams of both organisations to jointly study and develop solutions in OT cybersecurity.

Conclusion

  1. To conclude, I reaffirm the government’s commitment to protecting our cyberspace.

  2. We must all take cybersecurity seriously – invest in it, stay alert, and work together. A partnership approach will also help to ensure a safe and resilient digital future for Singapore. On that note, I wish you a fruitful event.


Back to top