Women in Cyber: Protecting Singapore's critical infrastructure

By Shirley Tay

Annie Sim, Senior Assistant Director, Critical Information Infrastructure Division at CSA Singapore discusses her work protecting the country's key systems.

Malicious hackers aim to maximise disruption to citizens, making a country's critical infrastrucuture a significant target. Governments must find a way to protect these systems, or face attacks with a widespread effect.

Annie Sim, Senior Assistant Director, Critical Information Infrastructure Division, Cyber Security Agency (CSA) of Singapore discusses her work in creating a masterplan for protecting these facilities. She also shares how regional nations can work together by sharing knowledge about cybersecurity.

Tell us more about your role. How do you protect the digital realm and improve citizens’ lives?

I am part of the Critical Information Infrastructure Division under CSA. My role is to oversee programmes and initiatives that strengthen the cyber resilience of the Critical Information Infrastructure (CII) sectors against cyber-attacks through governance, risk supervision and confidence building engagements with the CII stakeholders. Examples of these programmes are:

a) Operational Technology (OT) Cybersecurity Masterplan: OT is integral to our everyday lives. It refers to technologies involving interconnected devices and computers for the monitoring and control of physical processes such as traffic light systems and the electricity grid that powers up our appliances. The CII sectors are users of such OT systems. I was given the opportunity to lead the development and operationalisation of Singapore’s OT Cybersecurity Masterplan, which serves as a strategic blueprint to guide Singapore’s efforts to foster a resilient and secure cyber environment for our OT CII. We have also recently established an OT Cybersecurity Expert Panel (OTCEP) comprising internationally renowned OT cybersecurity experts, to strengthen Singapore’s overall OT cybersecurity.

b) Cybersecurity Code of Practice (CCoP): I am also leading a team to enhance the CCoP which is issued by the Commissioner of Cybersecurity in accordance to the Cybersecurity Act. It specifies the minimum protection policies that a CII owner would need to implement and comply to ensure the cybersecurity of its CII. As the cyber threat landscape is constantly evolving, there is a need to enhance the CCoP to ensure that CII Owners can address these evolving risks effectively. The enhanced CCoP will be designed to improve the cyber resilience of CII sectors against sophisticated threats, build coordinated defences to support national efforts and to address emerging risks in specific domains.

What are some unique factors Singapore has to consider in protecting its CII?

Singapore is an open economy and connected to the rest of the world. It is a major international centre for trade, finance and logistics, appealing to investors as a strategic and secure location for their businesses. The effects of a cyber-attack on Singapore have ramifications beyond our shores and could potentially impact the wider regional and global economy. Singapore has to ensure that its CII is resilient against cyber threats, to bolster confidence in Singapore as a trusted global centre of trade and commerce.

To secure our digitally-enabled economy and society, the Government will work with key stakeholders – private sector operators and the cybersecurity community – to strengthen the resilience of our CII.

What has been the most impactful project of your career?

Under the OT Cybersecurity Masterplan, I have led a couple of key initiatives such as the establishment and operationalisation of the first global OT Cybersecurity Information Sharing and Analysis Centre (OT-ISAC) - an information sharing platform for local OT stakeholders. We collaborated with the Global Resilience Federation Asia Pacific (GRF APAC) and launched the OT-ISAC on 1st October 2019.

Another key initiative is the establishment of the OTCEP where we bring in internationally renowned OT cybersecurity experts to engage with our local OT cybersecurity community on key global OT technologies and emerging trends. It aims to open up our local OT sector to regional and global perspectives, allowing cross fertilisation of ideas and access to global expert knowledge to enable the community to strengthen the security of their OT systems to better serve Singaporeans.

What challenges would you like to take on in the next year?

Beyond protecting our national CII, I would like to further expand my scope regionally. For a start, we have established platforms such as OT-ISAC and OTCEP to initiate information exchanges and discussions on issues such as governance policies and processes, incident response and threat intelligence sharing at the regional and international level. The ability to drive these cross-border knowledge exchanges excites me.

Who or what inspired you this year, and why? 

I have been given the privilege of organising the OTCEP forum 2021 later this month. In the process of organising the event, I was both humbled and inspired by the passion and dedication of the esteemed panel members. These renowned experts have been very willing to spend their time in contributing ideas to enhance the programme. I am inspired by their openness to share and the camaraderie within the OT community as we have a common goal to increase our cyber resilience in today’s digital world.

What advice would you give to women looking to start a career in cybersecurity?

A career in cybersecurity is a rewarding one. It is fun, meaningful and definitely both exciting and challenging. Cybersecurity issues are borderless and there are many transboundary challenges to tackle. Cybersecurity professionals are in demand nowadays and there is a range of different job roles for different aptitudes. For those who are keen to learn and have a desire to join the cybersecurity field, I am sure they will find a role that will be suited to their interest, and for those who have prior experience in IT, a switch over to cybersecurity is definitely possible too.

If you could sum up your life motto in one sentence, what would it be? 

It would be ‘Persist and Persevere’. I believe that I can overcome any obstacles thrown in my way with perseverance and grit, and beyond every obstacle conquered lies more success and opportunities ahead. With this mindset, I challenge myself by tackling problems that others might feel would be impossible for me to overcome. Thus far, it has served me quite well.

What are you looking forward to most in the upcoming Operational Technology Cybersecurity Expert Panel Forum?

I am excited and looking forward to the sharing by internationally renowned OT cybersecurity experts on their insights and sound practices accumulated through wealth of experience in addressing the current and future OT cybersecurity challenges faced.

In addition, I hope for the attendees to actively take part in these conversations on embracing global and emerging OT technologies and trends, while shaping a resilient OT cyber environment. Hopefully during the event, the attendees will have excellent takeaways that will help them build the right defences to protect their OT systems, detect and respond to breaches effectively in their respective organisations.

So do not miss out on this great opportunity to attend CSA’s inaugural OTCEP forum 2021 from 29th – 30th September! Visit https://www.csa.gov.sg/events/otcep-forum-2021/otcep-forum-2021 to find out more!