Interview by Jane Lo, Singapore Correspondent with Lim Thian Chin (Director, Critical Info Infrastructure Division, Cyber Security Agency of Singapore)

Thian Chin is leading the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). The division is responsible for building the cyber resilience of the Nation’s essential services across 11 CII sectors covering government, utilities, transport and services clusters. His team works with sectoral regulators to strengthen the cyber resilience of CII owners, to promote confidence-building measures and to deepen the public-private partnership between the government and CII stakeholders. Thian Chin also represents Singapore in International and regional cybersecurity forums where he shares his knowledge on cybersecurity resiliency and capability building.

Thian Chin has over 19 years of experience in Information & Technology governance, risk management, resilience and compliance, and Operational Technology cybersecurity. Prior to joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC from 2008 – 2013. In his earlier years, he was a Manager and had led a team of auditors in Information Technology in Ernst & Young. Thian Chin holds an Executive Masters (Cybersecurity) with Brown University, a bachelor’s degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is certified as a GICSP, CGEIT, CDPSE, CRISC, CISM, CISSP, CISA, and SABSA practitioner.

In this podcast, Thian Chin shared some highlights* on cybersecurity and operational technology (OT) at the Singapore International Cyber Week (SICW 2021), and the OT Cybersecurity Expert Panel (OTCEP), organized by the Cyber Security Agency of Singapore.

Touching on cybersecurity incidents highlighted in the “Singapore Cyber Landscape 2020” such as ransomware and supply chain, he noted the increasing complexity of the threat landscape.

He discussed some common perceptions of the cybersecurity professionals and the engineers running the operating infrastructure, including infrastructure “air gap” and cultural differences such as skills and language, and security goals (“CIA” - versus “SRP”).

Referring to one of Singapore’s largest cyber incidents in the CII sector, and the recent threats, he shared perspectives on how government policies such as the OT-ISAC, the OT Cybersecurity Code of Practice (updated in 2019) and the Cybersecurity Competency Framework (2021) help to boost cyber defenses.

With the recent release of the “Singapore Cyber Security Strategy 2021”, he also several areas of focus for the CII cybersecurity ecosystem, including structuring an approach to managing supply chain risks and building cyber resiliency profiles.

*also included highlights from OT-ISAC (Operational Technology Information Sharing and Analysis Centre) and ISACA Singapore Chapter

Recorded: 15^th October 2021 (SGT 8.30am)