New EY centre to tackle critical infrastructure security

• First-of-its-kind centre in Asia for the public sector
• To hire up to 30 critical infrastructure professionals within 2yrs

 
PROFESSIONAL services firm EY (formerly Ernst & Young) said it would be opening a new regional centre of excellence in Singapore to tackle critical infrastructure cybersecurity.
 
The EY Asean Cyber Security Centre for Government and Public Sector, the first of its kind in Asia, is to be officially launched in March.
 
Critical infrastructure refers to power, water and transport systems that provide essential services.
 
“Any security weakness in critical infrastructure networks will render us highly vulnerable to exploits and hacks, which would put Singapore’s safety, prosperity and well-being at risk,” said EY Asean and Singapore managing partner Max Loh.
 
“And the reality is that there are highly skilled and motivated adversaries actively seeking to exploit security weaknesses in public services and critical infrastructure networks,” he said in his opening speech at the EY-SUTD (Singapore University of Technology and Design) Operation Technology Cyber Security conference.
 
The new centre would also develop new critical infrastructure professionals for South-East Asia. Its mandate also includes assisting national agencies and operators of critical infrastructure, according to Loh.
 
“We target to grow to a headcount of 30 critical infrastructure professionals within two years,” he added.
 
Securing the Smart Nation
 

 
The capabilities the centre is building would be useful in dealing with the dangers and threats surrounding the Smart Nation initiative.
 
“We should by now be sensitive to a large number of clear and present dangers in this space,” said Jacqueline Poh (pic above), managing director of the Infocomm Development Authority of Singapore (IDA).
 
“We think that there is a lot at stake, including the economic and national security of Singapore, and this security depends on a concerted effort by government and industry,” she added.
 
Threats and attacks on critical infrastructure have now shifted beyond the realm of improbability to actual possibility, according to EY Asia Pacific Cyber Security leader Paul O’Rourke.
 
“What’s happened in the past was a theoretical risk, it sat there for 10-plus years, and a lot was written about potential attacks [on critical infrastructure],” he said.
 
“What we’re seeing in the last 12 to 18 months is a change in reality … where a lot of organisations have been attacked in their OT (operation technology) environment,” he added.
 
Training the new frontline
 
EY’s new centre of excellence will require a new type of cybersecurity professional, one who is familiar with both the engineering environment and IT networks, which is why EY is partnering SUTD to educate and train students in this area.
 
“As this is fairly new, there is a fundamental shortage of skills in the market,” said O’Rourke (pic).
 
“We’re working with universities in developing skills around this area,” he added.
 
EY is also in talks with other Singapore universities, and is looking for professionals, fresh graduates, and post-graduates to join its centre.
 
“There’s not enough in the market to say, ‘We’re going to go after professionals or post-graduates’,” O’Rourke said.
 
“There has to be a focus on fresh graduates going forward; in the shorter term, it is going to be post-graduates and professionals,” he added.
 
The reality of the OT environment means that the traditional practice of unplugging an infected machine to isolate it from the network and treat it, no longer applies.
 
“The whole thing about OT is availability, needing it to be available all the time,” said O’Rourke.
 
“The complexity of cybersecurity in OT is ‘How do I triage an issue without impacting availability?’
 
“This is something that IT practitioners are not used to; they are used to quarantining or turning off an infected machine,” he added.
 
The centre will also share information and bolster efforts in securing critical infrastructure, according to O’Rourke.
 
“We’re looking at workshops and forums to bring the right people together to share information.
 
“What’s happening in Singapore, what’s happening globally, what is the current threat landscape – education is one of the key elements of our strategy,” he added.
 
Related Stories:
 
Eugene Kaspersky: The ‘Cyber Cold War’ era has begun
 
‘Hackers’ – tech reality finally catches up with Hollywood?
 
Public sector increasingly targeted: Trend Micro Q2 2015 roundup
 
Threats targeting critical infrastructures: Frost
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.