Protecting Southeast Asia’s critical infrastructure against cyberattacks

Increased digitalisation is making the region more attractive to cybercriminals, so governments and businesses are acting to protect essential operations.

hacking critical infrastructure security

The recent SolarWinds and Colonial Pipeline cyberattacks have highlighted serious vulnerabilities in US critical infrastructure, with far-reaching and severe implications affecting both businesses and the public alike. As Southeast Asia increases its physical and economic connectivity among ASEAN member nations in line with its 2025 master plan—which includes projects such as the ASEAN Highway Network and the Singapore-Kunming Rail Link—Southeast Asia should brace itself for attacks on its critical infrastructure as well.

With a rising combined GDP and a shift to the digital economy, Southeast Asia could become a prime target for cyberattacks similar to those seen in the US. “Industrial systems across the region have been undergoing unprecedented digital transformation in recent years,” says David Allott, who heads the cyberdefence unit in Asia-Pacific at Orange Business Services. He observes that ageing industrial control systems are increasingly being connected to the internet to support digital transformation initiatives—delivering agility, computing power, and connectivity but unfortunately exposing them to cyberthreats at the same time.

Thus, it is crucial that operational technology (OT) systems are not directly connected to the internet. “The common concern for cyber-physical vulnerabilities is to ensure that OT systems are not connected to IT systems or directly to the internet,” says Lim Thian Chin, director of the Critical Information Infrastructure Division at the Cyber Security Agency of Singapore.

ASEAN initiatives in protecting critical infrastructure

In the face of rising cyberthreats, ASEAN governments are ramping up the security of their critical infrastructure through regulatory measures and initiatives such as the CII Supply Chain Programme in Singapore and MyDigital in Malaysia.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022