The Singapore government has introduced its updated Operational Technology Cybersecurity Masterplan, as reported earlier this week, while Malaysia is mulling an internet ‘kill switch’ to improve online safety and combat cybercrime.

The island city-state’s revised plan focuses on enhancing cybersecurity measures to protect both critical and non-critical information infrastructure from the growing threat landscape. This includes key strategies such as “strengthening the cybersecurity workforce, improving threat intelligence sharing, and integrating secure-by-design principles into the lifecycle of operational technology systems.”

“This move demonstrates a proactive approach by the government to address the ever-changing threat landscape and ensure infrastructure security,” said Kelvin Lim, senior director of Security Engineering, APAC, Synopsys Software Integrity Group. “This is a forward-thinking government in action, playing the role of catalyst in introducing new policies to enhance Singapore’s cyber resilience.”

According to regional cybersecurity experts, the master plan expands its focus to non-critical infrastructures and there is now a concerted effort to universally apply these secure-by-deployment principles. This would ensure that all organizations, regardless of their criticality, are equipped to effectively address cybersecurity risks.

“Adopting a stronger security posture focused on preventing cyberattacks across all industries will help keep things safe and running smoothly, which is important as the country continues to grow in the digital age,” said Patrick Tiquet, vice president of Security & Compliance at Keeper Security. “Furthermore, the master plan must remain adaptable as the threat landscape continues to evolve. Regular updates and assessments are necessary to ensure the plan effectively addresses new and emerging threats, especially as it now encompasses a broader range of industries.”

Mobile Guardian removed

A few weeks ago, Singapore’s Ministry of Education decided to remove an application from all student devices after a significant hacking incident. The breach was part of a “global cybersecurity incident” that affected Mobile Guardian’s platform and affected customers worldwide, including those in Singapore.

Mobile Guardian is a device management application that allows parents to monitor their children’s device usage by restricting certain applications or websites and managing screen time. About 13,000 high school students had their iPads or Chromebooks remotely wiped by hackers.

“Ongoing education and training for staff, students and parents on cybersecurity best practices is essential,” said Darren Guccione, CEO and co-founder of Keeper Security. “This includes recognizing phishing attempts, securing devices and understanding the importance of strong, unique passwords. Schools should develop and enforce comprehensive security policies that cover all aspects of digital usage, from device management to data protection.”

Cybersecurity experts say such incidents are part of the Singapore government’s new focus on cybersecurity, which is looking at non-critical infrastructure sectors such as small businesses and ensuring that all parts of the economy are better protected from attacks.

Malaysia’s ‘kill switch’

Malaysia, on the other hand, is said to have introduced a “kill switch” in July to improve online safety and combat cybercrime such as online fraud, cyberbullying, child pornography and sexual harassment.

The initiative, expected to be passed by the Malaysian parliament in October, will increase the accountability of social media and internet messaging service providers, and there are additional plans for changes to the country’s Penal Code.

“The introduction of a kill switch adds an extra layer of protection as a last resort for users,” said Kelvin Lim, senior director of security engineering at Synopsys Software Integrity Group. “This provides users with immediate protection from online scams and fraud. However, caution must also be exercised to ensure that the kill switch does not become a target for denial-of-service attacks where malicious actors trick the social media service provider or users into activating the kill switch to disrupt service.”