A race to secure critical infrastructure and digitalized operational systems against cyberattacks and espionage, that is…

Cybercriminals are known to target large events that are of high media visibility around the world. For example, in the Euro 2024, some 15,000 credentials of customers of the Union of European Football Associations had been leaked on the Dark Web. DDoS attacks had also been ramped up during the event period.

Similarly, French authorities have reported more than 140 cyberattacks during the Paris Olympics, targeting government entities as well as sports, transport and telecoms infrastructure. Even the 2021 Tokyo Olympics had witnessed twice as many cyber threats as those in the 2012 London Olympics.

This weekend, another high-profile sporting event that could be attracting the unwelcome attention of state-sponsored and other cyber threat actors is the Formula 1 Night Race held in Singapore. Attacks could target critical systems, including real-time data analytics used by teams; racing intellectual property; and operational technology systems crucial to the event’s logistics.

In fact, on 20 Aug 2024, the country’s Operational Technology Cybersecurity Masterplan had been updated to address such threats. According to David Koh, Chief Executive, Cyber Security Agency of Singapore, the update is a culmination of extensive engagement with operational technology (OT) cybersecurity stakeholders such as government agencies, critical informational infrastructure owners, education/training institutions, original equipment manufacturers, solution providers, associations and cybersecurity professionals.

One vision of enhancing critical infrastructure defense outlined in the master plan includes “Secure-by-Deployment” principles of Secure-by-Design; Secure-by-Default; Continuous Monitoring; and Secure Implementation. According to Goh Eng Choon, President (Cyber), ST Engineering: “Securing OT systems requires an approach that transcends traditional IT cybersecurity methods. Integrating ‘Security by Design’ and adhering to the principles of Confidentiality, Integrity and Availability during the design and implementation phases in insufficient.” Rather, a holistic approach is needed to prioritize safety and maintainability to ensure continuous operations and swift recovery.

Commented Sheena Chin, Managing Director (ASEAN), Rubrik: “Just as race teams and infrastructure are at risk, so too are spectators and the public. Educating attendees and citizens on how to recognize phishing attempts and scams adds an extra layer of security and promotes public vigilance.”