100% found this document useful (1 vote)
368 views113 pages

OT Cybersecurity Competency Framework - V5

The document introduces the Operational Technology Cybersecurity Competency Framework (OTCCF) which aims to guide stakeholders in OT and cybersecurity. It contains three key components: 1) Career pathways that show vertical and lateral progression options, 2) Skills maps that identify job roles and required skills, and 3) Technical and core competencies required for each job role. The framework was developed by the Cyber Security Agency of Singapore, Mercer Singapore, SkillsFuture Singapore, and Infocomm Media Development Authority. It maps out OT cybersecurity job roles and their required technical skills and competencies.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
368 views113 pages

OT Cybersecurity Competency Framework - V5

The document introduces the Operational Technology Cybersecurity Competency Framework (OTCCF) which aims to guide stakeholders in OT and cybersecurity. It contains three key components: 1) Career pathways that show vertical and lateral progression options, 2) Skills maps that identify job roles and required skills, and 3) Technical and core competencies required for each job role. The framework was developed by the Cyber Security Agency of Singapore, Mercer Singapore, SkillsFuture Singapore, and Infocomm Media Development Authority. It maps out OT cybersecurity job roles and their required technical skills and competencies.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 113

OPERATIONAL TECHNOLOGY (OT)

CYBERSECURITY COMPETENCY FRAMEWORK

OCTOBER 2021

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

CONTENTS
1 Introduction ............................................................................................................................................... 1
2 Career Map ................................................................................................................................................ 2
3 Skills Map ................................................................................................................................................... 3
4 Technical Skills & Competencies (TSC) ..................................................................................................... 47

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

1 INTRODUCTION
The Operational Technology Cybersecurity Competency Framework (OTCCF) aims to guide key stakeholders in the following ways:

• OT and IT system owners can refer to the OT cybersecurity capabilities required to attract the right people, train them
adequately, and map out their career pathways;

• Training providers can refer to the technical competencies required by different job roles and be guided to develop best-in-
class courses and certifications that cater to local training needs; and

• OT professionals or potential jobseekers can identify skillsets for cross- and up-skilling for a meaningful career in the OT
cybersecurity domain. The career pathways could apply to job roles inclusive of vertical and lateral advancement opportunities.

The OTCCF - jointly developed by CSA and Mercer Singapore, and supported by SkillsFuture Singapore (SSG) and Infocomm Media
Development Authority (IMDA) - maps out the various OT cybersecurity job roles and the corresponding technical skills and core
competencies required. It also captures the possible career pathways showing the options for vertical and lateral progression. It is
made up of three key components:

a) Career Pathways
The Career Pathways show the possible options for vertical and lateral progression for advancement and growth.
b) Skills Maps
The Skills Maps cover the job roles, critical work functions, key tasks and skills and competencies.
c) Skills and Competencies
Competencies identified for each of the job roles fall under two broad classifications:
(i) Technical Skills and Competencies; and
(ii) Critical Core Skills (previously known as Generic Skills and Competencies) *.

*See https://www.skillsfuture.gov.sg/skills-framework/criticalcoreskills

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1
Page 1
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

2 CAREER MAP

Governance, Risk and Security Design and Maintenance and Security Monitoring and Respond and
Compliance Engineering Protection Assessment Recover
CISO

OT Cybersecurity Risk Head of OT


Head of OT Cybersecurity Operations
and Compliance Cybersecurity
Manager Architecture

OT Cybersecurity OT Cybersecurity OT Threat and


Architect Maintenance Specialist Vulnerability Specialist
OT
OT Cybersecurity Risk & Penetrat- OT Incident OT Cyber
Compliance Specialist ion Responder Investigator
OT OT Tester
OT Cybersecurity Engineer Threat Vulnerab-
Analyst ility
Assessor

OT Cybersecurity Systems Analyst OT Cybersecurity Operations Analyst

Various Cybersecurity
Engineering and Maintenance roles ICT Cybersecurity roles
or Governance and Compliance
roles

Examples*: Examples*: Examples*: Examples:


• Governance • Compliance • Maintenance Engineer • Product Security Engineer • Vulnerability Testing • Incident Investigation
• Risk Analysts • Audit • Network Engineer • R&D Engineer • Forensic Investigation • Threat Analysis
• Systems Engineer

*The examples shown above are some of the potential job functions or job roles which serve as advantageous entry points for upskilling and/or cross-training in the OT cybersecurity sector.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1
Page 2
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

3 SKILLS MAP
Track Maintenance and Protection
Occupation OT Cybersecurity Maintenance Specialist
Job Role OT Cybersecurity Maintenance Specialist
OT Cybersecurity Maintenance Specialists lead maintenance and administration efforts across OT systems by utilising their strong understanding of OT systems
and environment. They work with cybersecurity and operational personnel to develop and/or deploy mitigation techniques in order to effectively defend against
cyber threats and vulnerabilities within the OT environment.
Job Role Description
They have deep understanding of security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security
technologies within the OT environment. They also work with the cybersecurity team to conduct research to develop or deploy new capabilities and solutions.

Performance Expectations (for


Critical Work Functions Key Task
legislated/regulated occupations)

Verify OT assets discovery process and asset inventory, commissioning and


decommissioning.

Outline OT assets and network diagram to ensure visibility

Develop change management processes to authorise and validate OT system changes


Discover and manage
organisation's OT assets
Critical Work Functions Work with cybersecurity personnel to identify appropriate asset management solutions for
and Key Tasks / deployment and implement security controls to mitigate associated risks
Performance
Expectations Establish security validation processes and assessment on OT assets for compliance Cyber Security Act 2018, Cyber
against established baselines Security Agency of Singapore

Establish, review or update configuration baselines for inventoried assets in order to drive
cybersecurity objectives

Define the patching and control needs of the organisation's OT system and perform
prioritisation of activities
Improve and maintain
Oversee implementation of controls or patches and ensure minimisation of disruption within
cybersecurity posture of OT
acceptable limits of risks
systems
Partner with operational and cybersecurity personnel to plan and monitor periodic
maintenance of OT security infrastructure

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 3
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Implement encryption of OT assets for data in transit and data in rest

Conduct OT security posture assessment and upkeeping

Establish authentication and identification rules across devices and users to drive
cybersecurity objectives within the OT environment

Monitor third party and vendor's access and activities in the OT environment

Promote knowledge sharing in both the IT and OT cybersecurity teams

Develop standardised vocabulary for IT and OT cybersecurity teams based on the identified
standards and framework

Enhance IT-OT alignment


Articulate potential pain points and solutions in aligning IT and OT departments
and collaboration

Manage cross-team strategic projects according to guidance from the senior leadership

Work with the cybersecurity team to conduct research to develop or deploy new capabilities
and solutions.

Technical Skills & Competencies Critical Core Skills

Access and Control


4 Communication Advanced
Management

Application Security
4 Developing People Advanced
Management
Skills & Competencies
Asset Identification and
4 Problem Solving Advanced
Inventory

Budgeting 4 Sense Making Advanced

Cryptography and Encryption 4

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 4
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Emerging Technology
4 Building Inclusivity Basic
Synthesis

Network Administration and


4 Communication Basic
Maintenance

Network Security and


4 Creative Thinking Intermediate
Segmentation

OT Compliance and
3 Collaboration Advanced
Assurance

OT Cybersecurity Education
3 Transdisciplinary Thinking Advanced
and Awareness
OT Cybersecurity
Governance and Programme 4
Management
OT Cybersecurity Risk
4
Assessment and Mitigation

OT Vulnerability and Patch


4
Management

Stakeholder Management 4

Supply Chain Management 4

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 5
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Design and Engineering / Maintenance and Protection


Occupation OT Cybersecurity Engineer
Job Role OT Cybersecurity Engineer
OT Cybersecurity Engineers are responsible for performing activities with relevance to OT cybersecurity administration and maintenance in order to establish a secure
OT environment. They work with cybersecurity personnel, systems owners and operational staff to implement secure system architectures, mitigate cyber threats and
vulnerabilities, and perform routine activities related to the periodic review of OT systems and maintenance of security standards and procedures documentation.
Job Role Description
They are well-versed with security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security technologies
within the OT environment.

Performance Expectations
Critical Work Functions Key Task (for legislated/regulated
occupations)

Work with architects to shape security controls, systems, remote access and
architecture for the organisation's OT infrastructure according to defined requirements
Develop OT cybersecurity architecture
and maintain oversight
Implement and configure the IT/OT network controls to protect the OT environment

Perform integration activities such as design, install, configure, test, commission and
handover to OT asset owners
Maintain OT cybersecurity system
integration
Facilitate the partition of systems under considerations into zones and conduits
Critical Work Functions
and Key Tasks /
Performance Conduct testing and evaluation of new cybersecurity technologies and controls
Manage quality and continuous
Expectations Cyber Security Act 2018, Cyber
improvement of OT cybersecurity
Security Agency of Singapore
architecture Recommend security products, services and procedures to enhance OT system
architecture designs

Partner with cybersecurity and operational personnel to deploy vulnerability mitigations


and patches on OT systems or compensating controls

Identify potential risks (operational, safety, business etc.) of implementing patches


Improve and maintain cybersecurity
posture of OT systems
Perform periodic maintenance of OT security infrastructure

Perform network segmentation and relevant activities to ensure network integrity is


protected

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 6
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Provide inputs to support the fulfilment of incident response processes


Respond to OT cybersecurity incidents
Partner with other stakeholders to shape mitigation strategies for cybersecurity threats

Deploy appropriate asset management solutions to assist in asset discovery

Escalate non-compliance of configuration of assets for against established baselines


throughout the assets' life cycle

Verify that all connected IT and OT assets in the organisation are taken into account and
Discover and manage organisation's OT
categorized according to criticality
assets
Partner with cybersecurity and operational personnel to test or evaluate cybersecurity
impact of changes to assets

Communicate potential vulnerabilities and attack surfaces and work with cybersecurity
and operational personnel to identify and recommend security controls for mitigation

Technical Skills & Competencies Critical Core Skills

Access and Control Management 3 Communication Intermediate

Application Security Management 3 Computational Thinking Intermediate

Skills & Competencies


Asset Identification and Inventory 3 Problem Solving Intermediate

Business Needs Analysis 3 Sense Making Intermediate

Cryptography and Encryption 3 Teamwork Intermediate

Cyber Incident Response and


3
Management

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 7
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Emerging Technology Synthesis 3 Problem Solving Intermediate

Network Administration and Maintenance 3 Transdisciplinary Thinking Intermediate

Network Security and Segmentation 3 Communication Intermediate

OT Cybersecurity Governance and


3 Sense Making Intermediate
Programme Management

OT Cybersecurity Risk Assessment


3 Customer Orientation Intermediate
and Mitigation

OT Vulnerability and Patch Management 3

OT Security Design and Architecture 3

OT Products and Solutions Security


3
Evaluation

Supply Chain Management 3

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 8
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Maintenance and Protection / Security Monitoring and Assessment / Respond and Recover
Occupation Head of OT Cybersecurity Operations
Job Role Head of OT Cybersecurity Operations
Heads of OT Cybersecurity Operations lead various functions of OT cybersecurity: managing system control, and system hardening as well as developing frameworks
and strategies for vulnerability management, incident response and cyber forensics in the OT environment.

They have deep expertise in various OT systems and processes of the organisation as well as their cybersecurity infrastructure. They also have insights on cyber
response, investigation and operation recovery.
Job Role Description
They display strong leadership attributes in guiding, developing and managing resources within and across the team. They are also decisive in their nature and are able
to manage senior stakeholders well.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Manage, verify and audit identities and credentials

Evaluate logs of access and attempts to access

Manage OT system control and remote


Set protocols on removable storage media usage in the OT environment
access

Critical Work Define standards and guidelines on third-party and vendor and remote access
Functions and Key
Tasks / Performance
Expectations Collaborate with the operations team to define minimum and essential functions of OT Cyber Security Act 2018, Cyber
systems Security Agency of Singapore

Strategise and outline the vulnerability management framework for the OT environment

Improve and maintain cybersecurity Establish and review security baseline configuration standards for operating systems,
posture of OT systems applications and network devices

Partner the operations team to define needs and initiatives of cryptography and
encryption

Perform vulnerability assessment and


Outline penetration testing strategies, plans and playbook for the organisation
penetration testing

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 9
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Ensure certifications and accreditations requirement are met

Provide resources and improve team capabilities in conducting penetration testing and
vulnerability assessments in the OT environment

Oversee penetration testing and vulnerability assessment activities, focusing on


maintaining operations without disruption

Approve and track remediation plan status for identified vulnerabilities

Recommend policy changes based on the findings from the penetration testing and
vulnerability assessment exercise

Develop incident response framework, threshold and plans for OT cybersecurity


incidents

Establish structure, roles and responsibilities for OT cybersecurity incidents response


activities

Establish the chain of events and processes to be followed for OT cybersecurity


Respond to OT cybersecurity incidents
incidents

Correlate OT cyber incidents to network and system activities

Collaborate with legal department and authorities for prosecution and investigation
processes where necessary

Establish the organisation's recovery time and point objectives

Tailor recovery solutions based on organisation's needs

Define the organisation's OT system back up needs and protocols


Manage business continuity and
recovery
Endorse the development of business continuity frameworks in relation to OT
cybersecurity threats perspective

Evaluate business continuity and recovery plans to ensure they are updated

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 10
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Assign roles and responsibilities in implementing business continuity and recovery plans

Spearhead the execution of business continuity and recovery plans

Champion cross skilling and collaboration programmes across IT and OT teams

Define the cybersecurity standards and frameworks to be used by both IT and OT


cybersecurity teams

Enhance IT-OT alignment and


Streamline policies, tools and processes for OT and IT cybersecurity team
collaboration

Anticipate resistance to changes in work processes and develop solutions to address

Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability

Collaborate with broader cybersecurity stakeholders and teams to create optimal


utilisation of resources

Lead people and organisation Oversee the development of learning roadmaps for teams and functions

Establish performance indicators to benchmark effectiveness of learning and


development programmes against best practices

Drive cybersecurity awareness and training programmes across the organisation,


focusing on the OT cybersecurity angle

Build a cybersecurity culture in the Advise the organisation's senior leadership to endorse the design and implementation of
organisation cybersecurity strategies for the OT environment

Lead the endorsement of cybersecurity initiatives according to expertise and required


regulations

Skills & Competencies Technical Skills & Competencies Critical Core Skills

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 11
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Access and Control Management 5 Communication Advanced

Application Security Management 4 Developing People Advanced

Budgeting 5 Problem Solving Advanced

Business Continuity and Recovery 5 Sense Making Advanced

Business Needs Analysis 4

Cryptography and Encryption 4 Decision Making Advanced

Cyber Forensics 5 Communication Advanced

Cyber Incident Response and


5 Developing People Advanced
Management

Failure Analysis 5 Problem Solving Advanced

Learning and Development 5 Transdisciplinary Thinking Advanced

Manpower Planning 4

Network Security and Segmentation 5

OT Cybersecurity Education and


5
Awareness

OT Cybersecurity Governance and


5
Programme Management

OT Cybersecurity Risk Assessment and


5
Mitigation

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 12
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Penetration Testing 3

People and Performance Management 4

Stakeholder Management 4

Supply Chain Management 5

Threat Analysis and Defence 5

Threat Intelligence and Detection 5

Vulnerability Assessments 4

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 13
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Monitoring and Assessment


Occupation OT Threat Analyst
Job Role OT Threat Analyst
Threat Analysts perform threat hunting activities by proactively scanning logs, network traffic, SIEMs and other channels for suspicious behaviours and indicators of
compromise. They identify OT assets prone to cyber threats and attacks and work with cybersecurity personnel to mitigate these threats. They monitor for potential
Job Role Description threats actors/groups/individuals capable of attempting cyber-attacks.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Research and perform pro-active monitoring or scans of threats and attacks within the
OT environment

Search proactively for early indicators of compromise in the OT environment

Analyse historical information and data to identify early indicators or potential threats

Conduct threat hunting in the OT


Identify potential threat actor groups or individual activities
environment

Critical Work Utilise existing database of threats and attack histories to pre-empt and classify potential
Functions and Key new threats
Tasks / Performance
Expectations Cyber Security Act 2018, Cyber
Prepare threat hunting reports and propose escalation steps or mitigation actions
Security Agency of Singapore

Conduct research on new and existing threats that may impact existing OT systems

Document new threats and establish threat profile based on a core set of attributes to
assist in development of threat mitigation protocols
Provide threat intelligence
Provide evaluation and feedback to improve intelligence production, reporting, collection
requirements and operations.

Promote knowledge sharing of threats in both the IT and OT cybersecurity teams


Enhance IT-OT alignment and
collaboration
Develop standardised vocabulary for IT and OT cybersecurity teams based on the
identified standards and framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 14
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Articulate potential pain points and solutions in aligning IT and OT teams or stakeholders

Manage cross-team strategic projects according to guidance from the senior leadership

Technical Skills & Competencies Critical Core Skills

Emerging Technology Synthesis 3 Communication Intermediate

OT Cybersecurity Education and


3 Creative Thinking Intermediate
Awareness

OT Cybersecurity Risk Assessment


3 Problem Solving Advanced
Skills & Competencies and Mitigation

Stakeholder Management 5 Sense Making Advanced

Supply Chain Management 3 Collaboration Advanced

Threat Analysis and Defence 3

Threat Intelligence and Detection 3

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 15
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Monitoring and Assessment


Occupation Threat and Vulnerability Specialist
Job Role OT Threat and Vulnerability Specialist
OT Threat and Vulnerability Specialists oversee the OT cybersecurity monitoring activities and maintain oversight on cybersecurity threats within the OT environment,
including the associated risks. They work with Penetration Testers to assess the security levels of the OT systems in the organisation without disrupting operations.
Job Role Description They define the testing needs and environment and present the findings and remediation plans to the relevant stakeholders.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Establish and update OT cybersecurity monitoring manuals, operation procedures and


documentation based on organisation's and regulatory needs

Monitor OT systems for cybersecurity


Oversee OT cybersecurity monitoring activities and propose improvements
incidents

Develop and maintain artificial intelligence to detect cyber attacks

Anticipate the needs and limitations of vulnerability assessments or penetration activities


in the organisation's OT environment

Critical Work Oversee security reviews, penetration testing and red team activities
Functions and Key Perform vulnerability assessments and
Tasks / Performance penetration testing
Expectations Cyber Security Act 2018, Cyber
Deliver technical presentations and recommendations to the management
Security Agency of Singapore

Maintain oversight on OT cybersecurity threat landscape and identify the needs for new
vulnerabilities management standards based on emerging risks

Develop cyber indicators to maintain awareness of the status of the OT environment

Conduct threat hunting in the OT Work with cybersecurity personnel to run test attacks and simulations on the systems to
environment identify the possibilities of threats and extent of damage it could cause on OT systems

Provide subject matter inputs on cyber threats in the OT environment

Analyse intelligence and shape designated exercises, planning activities, and time-
Provide threat intelligence
sensitive operations to develop cyber-resiliency

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 16
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Identify and assess the capabilities and activities of cybersecurity criminals or foreign
intelligence entities, and produce findings to help initialise or support law enforcement
and counterintelligence investigations or activities
Present threat hunting reports and work with cybersecurity personnel to establish
mitigation actions
Improve and maintain cybersecurity
posture of OT systems
Provide guidance on threat mitigation strategies and potential threats and cyber-attacks
to ensure current cyber security standards and set-up are updated

Promote knowledge sharing in both the IT and OT cybersecurity teams

Develop standardised vocabulary for IT and OT cybersecurity teams based on the


identified standards and framework
Enhance IT-OT alignment and
collaboration
Articulate potential pain points and solutions in aligning IT and OT teams or
stakeholders

Manage cross-team strategic projects according to guidance from the senior leadership

Collaborate with broader cybersecurity counterparts to create optimal utilisation of


resources

Lead people and organisation Contribute to the development of learning roadmaps for teams and functions

Establish performance indicators to benchmark effectiveness of learning and


development programmes against best practices

Technical Skills & Competencies Critical Core Skill

Emerging Technology Synthesis 4 Digital Fluency Advanced


Skills & Competencies

Failure Analysis 4 Global Perspective Advanced

Learning and Development 4 Sense Making Advanced

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 17
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Manpower Planning 4 Creative Thinking Advanced

OT Cybersecurity Education and


4
Awareness

OT Cybersecurity Risk Assessment


4 Transdisciplinary Thinking Intermediate
and Mitigation

People and Performance Management 4 Sense Making Intermediate

Stakeholder Management 4 Communication Intermediate

Supply Chain Management 4 Global Perspective Intermediate

Threat Analysis and Defence 4 Creative Thinking Intermediate

Threat Intelligence and Detection 4

Vulnerability Assessments 4

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 18
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Design and Engineering


Occupation OT Cybersecurity Architect
Job Role OT Cybersecurity Architect
OT Cybersecurity Architects lead the design, development and implementation of secure system architectures for the OT environment. This includes identification of
OT cybersecurity needs of the organisation and translating them into security designs and principles. They also recommend and lead the adoption of new technological
advances and best practices in OT systems to mitigate security risks.
Job Role Description
They are well-versed in OT systems and networks within the organisation, and cybersecurity standards and frameworks, and are knowledgeable of various applications
and hardware technologies and services.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Partner with engineering and business teams to identify and develop security design
requirements across different OT systems

Analyse the current OT security design against the organisation's requirements

Ensure that security products, services and procedures are compatible with the current
OT systems and met the organisation's requirement

Develop OT cybersecurity architecture


Support the development of enterprise security architecture
and maintain oversight
Critical Work
Functions and Key Coordinate with multiple parties to identify technical and business attributes on the
Tasks / Performance design, approval and implementation of OT security controls
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Delegate control, ownership and authentication of OT assets

Design the IT/OT network controls and protocols

Analyse the current architecture to identify weaknesses

Manage quality and continuous


Conduct research on OT cybersecurity emerging technology and regulations concerning
improvement of OT cybersecurity
on the sector the organisation is operating in
architecture

Identify and propose changes to organisation's OT security design and architecture

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 19
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Identify future risk on designs considering total operating life and possible opportunities
to upgrade cyber safeguards

Execute plans to reduce architectural weakness

Lead testing and evaluation of security technologies and control

Oversee and advise on system integration activities

Maintain OT cybersecurity system


Review the policies and standard requirement of system integration
integration

Partner with the rest of the cybersecurity team to identify improvement opportunities

Facilitate knowledge sharing in both the IT and OT cybersecurity teams

Develop standardised vocabulary for IT and OT cybersecurity teams based on the


identified standards and framework

Enhance IT-OT alignment and


Identify and summarise pain points in aligning IT and OT departments
collaboration

Manage cross-team strategic projects according to guidance from the senior leadership

Complete and architect level of understanding of IT-OT demarcation, DMZ and


communication flows between IT-OT

Technical Skills & Competencies Critical Core Skills

Skills & Competencies


Application Security Management 4 Communication Intermediate

Business Needs Analysis 4 Creative Thinking Intermediate

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 20
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Emerging Technology Synthesis 4 Developing People Intermediate

Network Security and Segmentation 3 Problem Solving Intermediate

OT Cybersecurity Education and


4 Sense Making Intermediate
Awareness

OT Cybersecurity Risk Assessment and


4
Mitigation

OT Security Design and Architecture 4 Problem Solving Intermediate

OT Products and Solutions Security


4 Creative Thinking Advanced
Evaluation

Stakeholder Management 5 Transdisciplinary Thinking Advanced

Supply Chain Management 4 Sense Making Intermediate

Building Inclusivity Basic

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 21
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Design and Engineering


Occupation Head of Cybersecurity Architecture
Job Role Head of OT Cybersecurity Architecture
The Heads of OT Cybersecurity Architecture work closely with the senior leadership of the organisation to identify goals, objectives and risk appetites and formulate the
cybersecurity needs and security design principles that balances and suit these needs. They lead a team of OT cybersecurity architects and provide technical guidance
during the design and implementation of secure system architectures for the OT environment. They also champion the IT/OT alignment in the organisation.

They have deep expertise on the various OT systems and networks and are strongly familiar with the cybersecurity standards and frameworks used globally. They keep
abreast of cyber-related applications and hardware technologies and services and are constantly on the look-out of new technologies which could enhance the security
Job Role Description architectures of the OT environment.

They display strong leadership attributes in guiding, developing and managing resources within the team. They are also decisive in their nature and are able to manage
senior stakeholders well.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Champion the adoption of new technologies and drive the implementation to improve OT
security design and architecture

Review OT security architecture to ensure that it addresses technology shifts, threats and
Manage quality and continuous changes in regulation
improvement of OT cybersecurity
architecture Develop strategic roadmaps and tactical remediation plans to address OT cybersecurity
architectural weaknesses
Critical Work
Functions and Key Establish key performance metrics to assess the effectiveness of the OT security
Tasks / Performance architecture
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Derive OT security architecture requirements from organisation's strategy, business
requirement and external environment

Lead the process of identifying the organisation’s OT security architectural requirements


Formulate the organisation’s OT
cybersecurity architecture based on the
organisation's standards
Lead, approve and evaluate the development and implementation of OT security design

Champion the security-by-design concept in the organisation

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 22
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Provide leadership and domain expertise in OT cybersecurity on networking, operating


systems hardening and cyber security tooling

Champion the cross-skilling and collaboration programmes across IT and OT teams

Define the cybersecurity standards and frameworks to be used by both IT and OT


cybersecurity teams

Enhance IT-OT alignment and


Streamline policies, tools and processes for OT and IT cybersecurity team
collaboration

Develop tactical solutions to address resistance to change

Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability

Develop strategies for resource planning and utilisation

Review the utilisation of resources


Lead people and organisation
Oversee the development of learning roadmaps for teams and functions

Establish performance indicators to benchmark effectiveness of learning and


development programmes against best practices

Drive cybersecurity awareness and training programmes

Build a cybersecurity culture in the Facilitate and advise the organisation's senior leadership in deciding cybersecurity
organisation strategy in the OT environment

Lead various cybersecurity exercises according to expertise and required regulations

Technical Skills & Competencies Critical Core Skills


Skills & Competencies
Application Security Management 4 Communication Advanced

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 23
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Business Needs Analysis 5 Creative Thinking Advanced

Emerging Technology Synthesis 5 Developing People Advanced

Learning and Development 5 Problem Solving Advanced

Manpower Planning 4 Sense Making Advanced

Network Security and Segmentation 4

OT Cybersecurity Education
5 Problem Solving Advanced
and Awareness

OT Cybersecurity Governance and


5 Creative Thinking Advanced
Programme Management

OT Cybersecurity Risk Assessment and


4,5 Transdisciplinary Thinking Advanced
Mitigation

OT Security Design and Architecture 5 Sense Making Advanced

Partnership Management 5 Building Inclusivity Intermediate

People and Performance Management 4

OT Products and Solutions Security


4,5
Evaluation

Stakeholder Management 5

Supply Chain Management 5

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 24
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Sector OT Cybersecurity
Track Security Design and Engineering / Maintenance and Protection
Occupation OT Cybersecurity Systems Analyst
Job Role OT Cybersecurity Systems Analyst
The OT Cybersecurity System Analysts support various activities in the design, maintenance and protection functions within the OT environment. They perform
activities with relevance to OT cybersecurity administration and maintenance in order to establish a secure OT environment. This includes performing asset discovery,
managing vulnerabilities in existing OT systems, as well as performing access control management across OT systems and devices.
Job Role Description
They are familiar with security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security technologies within
the OT environment.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Conduct system hardening and cybersecurity administration for identified OT systems

Audit identities and credentials for authorised devices, users and processes in order to
protect physical or remote access to OT systems or devices

Assist in OT system vulnerability mitigation and patches by working with relevant


personnel to deploy regular post-patching update and perform testing of patches
Improve and maintain cybersecurity
posture of OT systems
Critical Work Support the implementation of agreed security system changes and maintenance
Functions and Key routines
Tasks / Performance
Expectations Cyber Security Act 2018, Cyber
Maintain documentation of all maintenance procedures and tests on OT systems
Security Agency of Singapore

Assist with vulnerability assessments and identification

Assist in performing security reviews on existing controls and identify cybersecurity gaps

Establish OT cybersecurity architecture Assist in development of cybersecurity requirement specifications for new systems or
and controls devices

Reference architectural guidelines and validate designs against requirement


specification

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 25
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Assist with the implementation of cybersecurity policies, standards and procedures on


OT systems
Establish and drive cybersecurity
strategies, policies, standards and Monitor third party compliance with organisational cyber security policies, standards and
guidelines according to organisation's procedures
needs and legislation
Monitor users’ adherence to cyber security policies, standards and procedures

Assist in performing risk analysis or security reviews on OT systems and environment


Manage OT cybersecurity risk and
compliance
Support the proposal of possible recommendations for inclusion in the risk mitigation
strategy

Perform asset discovery or deploy asset management solutions to establish inventory of


all connected IT and OT assets that exist within the OT environment

Establish dependencies, inventory attributes and information across assets in order to


support cybersecurity activities

Discover and manage organisation's OT Maintain and update inventory of all connected IT and OT assets and devices within the
assets organisation

Document change logs and include information about modifications that impact the
cybersecurity requirements of assets (availability, integrity, confidentiality)

Monitor configuration of assets for consistency against established baselines throughout


the assets' life cycle

Technical Skills & Competencies Critical Core Skills

Access and Control Management 3 Communication Basic

Skills & Competencies Application Security Management 2 Creative Thinking Basic

Asset Identification and Inventory 2 Problem Solving Intermediate

Business Needs Analysis 2 Sense Making Intermediate

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 26
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Network Administration and


2 Collaboration Intermediate
Maintenance

Network Security and Segmentation 3

OT Cybersecurity Risk
2 Sense Making Basic
Assessment and Mitigation

OT Vulnerability and Patch


3 Problem Solving Basic
Management

OT Security Design and Architecture 3 Transdisciplinary Thinking Intermediate

Stakeholder Management 2 Collaboration Intermediate

Supply Chain Management 3 Digital Fluency Intermediate

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 27
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Governance, Risk and Compliance


Occupation OT Cybersecurity Risk and Compliance Specialist
Job Role OT Cybersecurity Risk and Compliance Specialist
OT Cybersecurity Risk & Compliance Specialists drive OT cybersecurity policies, standards and guidelines aligned to the organisation's enterprise risk management
framework as well as legislation requirements. They work with internal and external stakeholders to conduct risk assessment in the OT environment to help identify
related cybersecurity risks and determines appropriate controls to ensure that OT systems perform within acceptable limits of risks.
Job Role Description
They monitor, track and manages risk mitigations and exceptions to ensure compliance with cyber security standards and policies.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)
Communicate and drive adoption of new policies or amendments to existing OT
cybersecurity policies, standards and guidelines across all relevant internal or external
stakeholders
Support review of policies, standards and guidelines against the current cyber operating
environment and cybersecurity threat landscape

Provide inputs to shape OT cybersecurity policies, standards and guidelines

Support necessary compliance and audit activities as required


Critical Work Establish and drive cybersecurity
Functions and Key strategies, policies, standards and Report on metrics and identified outcomes to track compliance across the OT
Tasks / Performance guidelines according to organisation's environment
Expectations needs and legislation Cyber Security Act 2018, Cyber
Security Agency of Singapore
Follow-up on deviations from compliance activities and audit findings with relevant
business teams to address compliance gaps and remediation plans
Work with relevant stakeholders to ensure successful implementation and functionality of
security requirements and appropriate OT policies and procedures that are consistent
with the organisation's enterprise risk management framework
Monitor procedures and controls to ensure regulatory and compliance for OT
environment

Address technical queries and issues on OT cybersecurity policies, standards and


guidelines

Manage OT cybersecurity risk Communicate acceptable level of risk tolerance to internal or external stakeholders

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 28
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Maintain awareness and documentation of all cybersecurity risks identified for OT


systems through risk registers

Analyse and classify identified cyber risks in the OT environment based on severity and
assign risk owner
Execute documentation, monitoring and assessment processes necessary to assure that
existing and new OT systems meet the organisation's cybersecurity and risk
requirements
Work with system owners and relevant internal or external stakeholders to perform risk
analysis or security reviews on OT systems and environment resulting in
recommendations for inclusion in the risk mitigation strategy.
Ensure appropriate treatment of risk, compliance, and assurance from internal and
external stakeholders in order for OT systems to perform within acceptable limits of risks
Partner with relevant internal or external stakeholders to implement corrective actions or
remediation plans in order to mitigate vulnerabilities identified during risk assessments or
audits
Provide inputs to overall Enterprise Risk Management Framework processes and
activities

Drive awareness of OT cybersecurity related risks

Enhance IT-OT alignment and Develop standardised vocabulary for IT and OT cybersecurity teams based on the
collaboration identified standards and framework

Articulate potential pain points and solutions in aligning IT and OT departments

Manage cross-team strategic projects according to guidance from the senior leadership

Technical Skills & Competencies Critical Core Skills

Business Needs Analysis 4 Transdisciplinary Thinking Intermediate


Skills & Competencies
OT Compliance and Assurance 3 Digital Literacy Advanced

OT Cybersecurity Education and


4 Sense Making Advanced
Awareness

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 29
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

OT Cybersecurity Governance and


5 Problem Solving Advanced
Programme Management

OT Cybersecurity Risk Assessment and


4
Mitigation

Stakeholder Management 3 Sense Making Intermediate

Supply Chain Management 3, 4 Communication Intermediate

Vulnerability Assessment 2 Problem Solving Intermediate

Transdisciplinary Thinking Intermediate

Global Perspective Intermediate

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 30
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Governance, Risk and Compliance


Occupation OT Cybersecurity Risk & Compliance Manager
Job Role OT Cybersecurity Risk and Compliance Manager
OT Cybersecurity Risk & Compliance Managers are responsible for establishing and approving policies, standards and guidelines to effectively manage OT
cybersecurity risks. They also work with enterprise risk management and other various stakeholders to integrate and align the OT cyber risk management framework
Job Role Description within the organisation's context. They have deep expertise in the governance and compliance domain and are strongly familiar with the sectoral trend and cyber
threats in the OT landscape. They also have a strong expertise in risk assessment and analysis framework and methodologies.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Articulate organisation's purpose, strategies and operation priorities and formulate OT


cyber risk management framework

Establish and approve policies, standards and guidelines for managing cybersecurity
risks and protecting OT systems against cybersecurity threats
Establish and drive cybersecurity
strategies, policies, standards and Work with critical stakeholders to conduct review of policies, standards and guidelines
guidelines according to organisation's against the current cyber operating environment and cybersecurity threat landscape
needs and legislation
Develop procedures and controls to ensure regulatory and compliance within the OT
environment
Critical Work Functions
and Key Tasks / Ensure alignment of OT cybersecurity policies with other policies and operational
Performance standards
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Define organisation's OT cyber risk appetite aligned with organisation's enterprise and
business risks
Define roles and responsibilities in managing OT cybersecurity risk, including reporting
lines and accountabilities across organisation, including identification and prioritisation
of OT assets
Present findings on deviations from compliance activities and audit findings with
Manage OT cybersecurity risk relevant senior management stakeholders to drive implementation of corrective actions
or remediation plans
Develop or update risk assessment techniques to ensure comprehensive coverage
across the OT environment
Develop relevant policies and procedures to verify that security postures or controls are
implemented, document deviations, and recommend required actions to correct those
deviations

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 31
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Provide advisory on tactical measures to address and mitigate OT cyber risk

Monitor cyber regulatory compliance findings and engage stakeholders with immediate
follow-up actions if required

Build organisation's awareness on the risks in the OT environment and identify need for
OT cybersecurity awareness and training programmes

Champion the cross skilling and collaboration programmes across IT and OT teams

Enhance IT-OT alignment and


Streamline policies, tools and processes for OT and IT cybersecurity team
collaboration

Anticipate resistance to changes in work processes and develop solutions to address

Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability

Technical Skills & Competencies Critical Core Skills

Budgeting 5 Digital Fluency Advanced

Business Needs Analysis 4 Global Perspective Advanced

Learning and Development 5 Sense Making Advanced


Skills & Competencies
Manpower Planning 4 Creative Thinking Advanced

OT Compliance and Assurance 4

OT Cybersecurity Education and


5 Problem Solving Advanced
Awareness

OT Cybersecurity Governance and


56 Decision Making Advanced
Programme Management

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 32
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

OT Cybersecurity Risk Assessment


5,6 Collaboration Advanced
and Mitigation

People and Performance Management 4 Transdisciplinary Thinking Advanced

Stakeholder Management 4 Communication Advanced

Supply Chain Management 5

Vulnerability Assessment 2

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 33
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Monitoring and Assessment / Respond and Recover


Occupation OT Cybersecurity Operations Analyst
Job Role OT Cybersecurity Operations Analyst
OT Cybersecurity Operations Analysts support various activities in driving cybersecurity operations on OT systems. This includes performing comprehensive surveillance
and monitoring on OT systems and assets, supporting in the identification of threats or vulnerabilities, and providing incident response and remediation support. They
Job Role collect and document information based on established standards and guidelines and assist in preparing performance reports.
Description
They are familiar with various cyber security standards, protocols and frameworks and are knowledgeable in using various cybersecurity tools to perform their job
accordingly.

Performance Expectations (for


Critical Work Functions Key Task
legislated/regulated occupations)

Maintain data sources feeding cybersecurity or monitoring systems to facilitate


analysis and trending of security log data

Perform continuous security monitoring, analysis and reporting of cybersecurity


events or incidents affecting OT systems

Monitor OT systems for cybersecurity Maintain incidents and security data logs on OT systems and prepare regular
incidents documentation for reports

Support identification and analysis of security events and incidents against


indicators of compromise to detect attacks on OT systems
Critical Work
Functions and Key
Tasks / Provide inputs to shape development and maintenance of security monitoring rules
Performance and activities
Cyber Security Act 2018, Cyber
Expectations Security Agency of Singapore
Execute vulnerability scans on OT systems and components

Provide recommendations to maintain and improve OT cybersecurity posture in


alignment with monitoring and assessment outcomes

Improve and maintain cybersecurity Prepare OT system vulnerability mitigation and patch deployment report to escalate
posture of OT systems to systems and asset owners

Execute and support the implementation of OT cybersecurity programme

Prepare routine performance and metrics reports for OT cybersecurity operations

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 34
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Facilitate incident response activities according to incident response protocols and plans

Provide information to support triaging, analysis and eradication of cybersecurity incidents

Assist Incident Response personnel in containment and mitigation of incidents to recover


Respond to OT cyber incidents compromised systems to acceptable levels of confidentiality, integrity, and availability

Follow the crisis management plan according to organisation's guidelines

Support OT cybersecurity investigation activities through collection of relevant data during


cyber incidents

Assist in OT asset discovery and identification of attack surfaces


Discover and manage organisation's OT
assets
Maintain visibility and monitor OT asset inventory, devices and networks within the
organisation

Technical Skills & Competencies Critical Core Skills

Asset Identification and Inventory 2 Communication Basic

Business Continuity and Recovery 3 Creative Thinking Basic

Business Needs Analysis 2 Problem Solving Intermediate


Skills &
Competencies
Cyber Forensics 2 Sense Making Intermediate

Cyber Incident Response and


2 Collaboration Intermediate
Management

Failure Analysis 2

Network Administration and


2 Sense Making Basic
Maintenance

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 35
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

OT Cybersecurity Governance
3 Problem Solving Basic
and Programme Management

OT Cybersecurity Risk Assessment and


2 Transdisciplinary Thinking Intermediate
Mitigation

OT Vulnerability and Patch


3 Collaboration Intermediate
Management

Stakeholder Management 2 Digital Fluency Intermediate

Threat Intelligence and Detection 2

Vulnerability Assessments 2

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 36
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Monitoring and Assessment


Occupation OT Penetration Tester
Job Role OT Penetration Tester
OT Penetration Testers design and perform penetration testing and security assessments on live or simulated environments to determine if OT systems, components and
applications meet confidentiality, integrity, authentication, availability, authorisation and non-repudiation standards. They translate and scope test requirements or environments
in alignment with pre-approved standards and procedures to evaluate vulnerabilities. They outline findings and propose remediation plans. They work with relevant OT
Job Role personnel to ensure no operational disruption to systems are caused as a result of testing and assessments.
Description
They are well versed with the tools, standards, protocols and frameworks to conduct penetration testing in the OT environment without causing operational disruption and
putting the physical safety at risk.

Performance
Expectations (for
Critical Work Functions Key Task
legislated/regulated
occupations)
Enable continued or new exploitation operations in support of organisation objectives and target
requirements.

Collaborate with other internal and external partners on target access and operational issues.

Conduct analysis of physical and logical digital technologies to identify potential avenues of access to OT
systems and networks

Conduct in-depth target and technical analysis including target-specific information (e.g., cultural,
organisational, political) that results in access
Critical Work
Functions and
Key Tasks / Perform Vulnerability Assessments Perform comprehensive exploitation activities that identify exploitable technical or operational vulnerabilities.
and/or Penetration Testing Cyber Security Act 2018,
Performance
Cyber
Expectations
Conduct or support authorised penetration testing on OT systems or simulated environments Security Agency of
Singapore

Propose remediation measures and security posture improvements

Stay abreast of possible threats that impact operation criticality and physical safety of OT systems

Prepare penetration testing reports highlighting risk to business operations

Communicate new developments, breakthroughs, challenges and lessons learned on outcomes of testing
Enhance IT-OT alignment and and assessments across OT and IT cybersecurity teams
collaboration

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 37
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Develop standardised vocabulary for IT and OT cybersecurity teams based on the identified standards and
framework

Articulate potential pain points and solutions in aligning IT and OT departments

Manage cross-team strategic projects according to guidance from the senior leadership

Technical Skills & Competencies Critical Core Skills

Application Security Management 2,3 Digital Fluency Advanced

Threat Analysis and Defence 3, 4 Sense Making Advanced

OT Cybersecurity Education and


3 Transdisciplinary Thinking Intermediate
Awareness

Penetration Testing 3, 4 Problem Solving Advanced

Threat Intelligence and Detection 3


Skills &
Competencies
Emerging Technology Synthesis 4 Communication Intermediate

Stakeholder Management 3 Sense Making Intermediate

OT Cybersecurity Risk
3 Problem Solving Intermediate
Assessment and Mitigation

Vulnerability Assessments 3 Transdisciplinary Thinking Advanced

OT Cybersecurity Governance and


3 Creative Thinking Advanced
Programme Management

OT Products and Solutions Security


3, 4
Evaluation
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 38
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Security Monitoring and Assessment


Occupation OT Vulnerability Assessor
Job Role OT Vulnerability Assessor
OT Vulnerability Assessors perform vulnerability or security assessment across the OT environment to determine if OT systems, components and applications meet
confidentiality, integrity, authentication, availability, authorisation and non-repudiation standards. They obtain critical information and data with regards to vulnerabilities
and work with relevant cybersecurity personnel to prioritise threats and implement mitigation action.

Job Role Description They are well versed with the tools, standards, protocols and frameworks of vulnerability management. They also have in-depth knowledge of threat actors relevant to the
organisation.

They are systematic and analytical in performing their duties and are able to reveal threats and articulate the risks and impact to the organisation.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Perform technical risk and vulnerability assessments or scans across the OT environment

Perform discovery of missing patches, misconfiguration and lack of hardening

Analyse software and configuration snapshot of endpoints for possible exploitation points

Perform Vulnerability Assessment


Critical Work Prioritise vulnerabilities based on risk and impact to the OT environment
and/or Penetration Testing
Functions and Key
Tasks / Performance
Expectations Define attack vector, severity and complexity of affected OT systems based on Cyber Security Act 2018, Cyber
vulnerabilities identified Security Agency of Singapore

Manage and operate vulnerability management systems and tools for OT cybersecurity

Provide inputs to improve assessments or scans based on emerging security and risk
management trends and issues

Identify vulnerability gaps in existing security controls


Improve and maintain cybersecurity
posture of OT systems
Communicate the outcome of assessment initiatives and results to the stakeholder groups

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 39
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Provide recommendations or mitigating controls mitigate risks and improve OT


cybersecurity posture in alignment with monitoring and assessment outcomes

Discover and manage organisation's


Identify potential attack surfaces across OT assets and devices
OT assets

Communicate new developments, breakthroughs, challenges and lessons learned on


outcomes of testing and assessments across OT and IT cybersecurity teams

Develop standardised vocabulary for IT and OT cybersecurity teams based on the


identified standards and framework
Enhance IT-OT alignment and
collaboration
Articulate potential pain points and solutions in aligning IT and OT departments

Support the management of cross-team strategic projects according to guidance from the
senior leadership

Technical Skills & Competencies Critical Core Skills

Application Security Management 2 Communication Intermediate

Emerging Technology Synthesis 4 Creative Thinking Intermediate

Learning and Development 3 Problem Solving Advanced

Skills & OT Cybersecurity Education and


3 Sense Making Advanced
Competencies Awareness

OT Cybersecurity Governance and


3 Collaboration Advanced
Programme Management

OT Cybersecurity Risk
3
Assessment and Mitigation

OT Products and Solutions Evaluation 3, 4

Stakeholder Management 3 Communication Intermediate

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 40
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Threat Analysis and Defence 3 Sense Making Intermediate

Threat Intelligence and Detection 3 Problem Solving Intermediate

Vulnerability Assessments 4 Transdisciplinary Thinking Advanced

Creative Thinking Advanced

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 41
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Respond and Recover


Occupation OT Incident Responder
Job Role OT Incident Responder
OT Incident Responders promptly respond to cyber incidents in order to mitigate immediate and potential threats within the OT environment. They perform proactive
coordination with appropriate departments in the containment and mitigation of incidents, as well recovery processes. They work with cybersecurity personnel to identify
and define cyber threats and root causes, investigate into the cause and impact of the incident, and develop detailed reports on incident timeline, evidence, findings,
Job Role Description conclusions and recommendations. They are responsible for managing cyber incidents and resolving the incidents in a timely manner.

They are familiar with cyber security standards, incident response plans, procedures and protocols of the organisation, and work in compliance with them.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Receive incident escalations and activate incident response procedures as per


established incident response plan and protocols

Work with relevant cybersecurity or operations personnel to understand threat scenario


and security issues
Analyse security issues and perform triaging of OT cybersecurity incidents to enact
relevant identification, containment, and eradication measures while supporting recovery
efforts of OT systems
Coordinate with relevant personnel such as operations team to implement procedures
for the containment of cybersecurity incidents, activation of recovery processes, and
investigation processes
Critical Work Respond to OT cybersecurity incidents
Functions and Key Advise senior leadership with information to facilitate critical decision-making and
Tasks / Performance alignment in incident response and handling approach
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Implement procedures for the preservation of evidence or artefacts prior to the initiation
of recovery process to support investigation activities

Engage and liaise with external parties such as vendors for forensic/recovery activities
or law enforcement personnel to carry out required incident response protocols

Prepare accurate and detailed cyber incident reports in the OT environment to facilitate
after-action review processes

Organise or participate in cybersecurity exercises to ensure readiness and preparedness


across critical teams
Improve and maintain cybersecurity
posture of OT systems Present findings of cyber incidents to identify and recommend mitigation actions to
prevent recurrences

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 42
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Participate and contribute to the development of incident response plans and


identification of responsibilities across the organisation

Act as subject matter experts to provide insight and guidance to colleagues engaging in
incident response activities or prevention measures

Enhance IT-OT alignment and Support the development of standardised vocabulary to align IT and OT cybersecurity
collaboration teams

Articulate potential pain points and solutions in aligning IT and OT departments

Support the management of cross-team strategic projects or joint cybersecurity


exercises according to guidance from the senior leadership

Technical Skills & Competencies Critical Core Skills

Business Continuity and Recovery 3, 4 Communication Intermediate

Cyber Forensics 2 Creative Thinking Intermediate

Cyber Incident Response and


3, 4 Problem Solving Intermediate
Management

Failure Analysis 2 Sense Making Intermediate


Skills & Competencies
OT Cybersecurity Risk Assessment and
3, 4 Teamwork Intermediate
Mitigation

Supply Chain Management 3

Stakeholder Management 4

Problem Solving Intermediate

Sense Making Intermediate

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 43
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Communication Intermediate

Creative Thinking Intermediate

Decision Making Intermediate

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 44
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Track Respond and Recover


Occupation OT Cyber Investigator
Job Role OT Cyber Investigator
OT Cyber Investigators carry out investigation processes and protocols in the OT environment after a cyber-threat or incident.

Job Role Description They are familiar with different types of threats, cyber security standards, protocols and frameworks with regards to forensic investigation. They are knowledgeable of
hardware and software applications to analyse threat data from various sources.

Performance Expectations (for


Critical Work Functions Key Task legislated/regulated
occupations)

Identify, collect, examine, and preserve evidences and artefacts for the purpose of
conducting cyber forensic investigation on OT systems

Critical Work Analyse evidence and artefacts to investigate cyber incidents and examine root causes
Functions and Key
Tasks / Performance
Expectations Conduct Forensic Investigation on OT Identify attacker tools, tactics, and procedures and develop indicators of compromise
systems

Develop and implement remediation plans and investigative reports in conjunction with
incident response

Present reports and outcomes in investigations or legal proceedings to senior Cyber Security Act 2018, Cyber
management and stakeholders Security Agency of Singapore

Recommend threat and vulnerability mitigation actions based on investigation findings

Contribute to the development of digital forensic investigation policies and standards for
the organisation
Improve and maintain cybersecurity
posture of OT systems

Suggest improvements to cyber forensic investigation techniques and methodologies for


the OT environment

Skills & Competencies Technical Skills & Competencies Critical Core Skills

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 45
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Cyber Forensics 3, 4 Communication Advanced

Business Continuity and Recovery 4 Developing People Advanced

Emerging Technology Synthesis 4 Problem Solving Advanced

Failure Analysis 3, 4 Resource Management Advanced

OT Cybersecurity Risk Assessment and


4 Sense Making Advanced
Mitigation

Stakeholder Management 3

Problem Solving Intermediate

Communication Intermediate

Sense Making Intermediate

Transdisciplinary Thinking Intermediate

Collaboration Intermediate

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 46
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

4 TECHNICAL SKILLS & COMPETENCIES (TSC)


TSC Category Protect

TSC Title Application Security Management

TSC Description
Detect, mitigate and prevent vulnerabilities to protect applications that have been deployed

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Perform application code Examine associated Integrate best practices to
review, application testing vulnerabilities in applications drive secure software
and unit testing to identify to deploy mitigation development practices
security lapses measures throughout an application
lifecycle, in consideraration
of evolving threats and
trends

Knowledge • Organisation operational • Types of threats to • Best practices for


technology security organisational application security
standards technology security • Secure software
• Techniques for posed by applications development lifecycle
application and unit • Operational technology practices
testing security standards • Types of mitigation
• Types of vulnerabilities • Types of operational strategies
that exist in applications technology security • Implications of technical
used in organisation controls and mitigation changes on applications
• Methods to perform procedures
source code review • Implementation process
• List of applications used and considerations for
in the organisation appropriate measures to
address vulnerabilities
that exist in applications
Abilities • Identify the need to • Facilitate efforts with • Oversee the
perform application code relevant subject matter maintenance and update
review prior to experts to assess and of the list of approved
application testing address source code applications for usage in
• Provide technical defects prior to OT systems required to
assistance to users for application testing drive operations and
the installation and • Inspect adherence of cybersecurity
maintenance of applications and its • Lead implementation of
applications, in-line with components to patches or
application security application security compensating controls
standards and secure standards and baselines for applications in
software development • Develop processes, consultation with
lifecycle practices methods and relevant stakeholders
• Perform functional technologies to facilitate • Evaluate criticality of the
application testing or unit application testing applications and
testing to review across varying specifics of the
cybersecurity capabilities vulnerabilities to

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 47
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

across all installed applications that exist in prioritise mitigation


applications OT systems action to undertake
• Assess lapses in • Examine security risks, • Collaborate with relevant
security standards or threats and stakeholders to integrate
issues that exist in vulnerabilities associated best practices into an
applications which would with existing applications application life cycle in
endanger operations utilising appropriate tools order to uncover and
security and integrity and techniques address vulnerabilities
• Collate user feedback on • Deploy mitigation actions before usage of
existing applications to address application applications
• Perform troubleshooting security gaps and • Define processes to
to determine if the root- facilitate alignment with manage and maintain an
cause stems from a operations security application from its
cybersecurity lapse standards design phase to its
• Consolidate list of • Implement follow-up decommission and
applications and reviews or regression manage application
softwares which conflicts tests to validate the defects
effectiveness of the • Establish processes to
with or poses potential
mitigation actions incorporate controls or
risk to existing OT • Identify list of software or non-repudiation actions
cybersecurity systens applications to be to verify the usage of
• Facilitate blacklisting and blacklisted or whitelisted applications
whitelisting of softwares to prevent access from • Review and update
to prevent system unauthorised software approvals for existing
conflict and unauthorised applications to ensure
that only applications
usage
required for the
operation and
cybersecurity of OT
systems are whitelisted
for usage and installation
• Evaluate OT
cybersecurity landscape
for evolving threats and
trends and identify
implications on existing
application security
measures

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 48
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Identify

TSC Title Asset Identification and Inventory

TSC Description Identify and manage the organisation’s OT assets and inventory to enable the organisation in delivering cybersecurity activities across different functions

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Facilitate implementation of Improve asset identification Drive asset identification, Spearhead collaboration
asset identification, change process to deliver a robust practices and configuration with relevant departments
management and asset inventory standards across varying and stakeholders to drive
configuration processes OT assets asset identification across
OT and IT assets

Knowledge • Asset identification tools • Lifecycle stages and • Industry best practices • Components of OT and
and techniques management of OT in configuration IT asset management
• Metadata required for assets standards plans
asset inventory • Asset identification • Elements of an • Impact of change
• Baseline configuration process organisation asset management practices
standards • Asset change management plan and on cybersecurity
• Proper asset handling, management practices procedures operations
maintenance and • Impact of asset • Industry standards and • Industry best practices
storage procedures identification tools and best practices in asset for strategies and
• Types of OT assets and techniques identification and techniques in asset
systems that exist in the • Potential cyber security management performance and
organisation risks from OT assets • Mitigation strategies to maintenance
• Vendors for OT assets deal with vulnerabilities • Emerging threats and
and weaknesses of OT trends in the OT
assets cybersecurity landscape
• Regulatory
requirements or
standards for asset
management
Abilities • Perform identification of • Review • Define scope and • Guide integration of
assets and comprehensiveness of approach for asset asset identification
maintenance of asset inventory and identification to drive updates into change
inventory utilising recommend additional comprehensiveness control processes to
identified asset tools for effective and and efficiency of asset ensure that processed
identification tools and continuous monitoring identification process changes are aligned
techniques of assets • Establish information or with asset inventory
• Maintain and update • Assess risk and additional data points • Liaise with relevant IT
data points in alignment implications on required to drive stakeholders to
with asset identification implementing IT or OT- delivery of OT leverage IT networks
requirements specific asset cybersecurity and protocols to assist
• Consolidate identification tools and • Oversee utilisation of in asset identification
configuration and techniques ongoing identification • Articulate value of asset
information on OT • Provide tools and ensure that identification in reducing
assets from existing recommendations and proper measures are in recovery times and
network maps, historical mitigation strategies on place to mitigate threat lowering organisational
data or other asset identification vulnerabilities risk to gain buy-in from
documentation approach when utilising relevant stakeholders

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 49
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Perform logging of IT asset identification • Endorse changes and • Spearhead consolidated


changes that impact the tools on OT assets updates to asset reporting and
availability, integrity, • Monitor configuration of identification processes management by
confidentiality of OT OT assets against • Establish configuration keeping up-to-date with
assets established baselines baselines for OT asset identification
• Identify owners of OT throughout the assets’ inventoried and program and identifying
assets to facilitate lifecycle and escalate deployed assets in implications on IT asset
assignment of issues where necessary alignment with management programs,
responsibilities across • Review OT assets and cybersecurity objectives vice versa
asset management perform identification of • Plan mitigation of risks • Anticipate future OT
practices and processes end-of-support or end- posed by end-of- assets requirements of
of-life assets and support or end-of-life the organisation and
systems assets systems in impact on existing OT
consultation with asset assets based on
owners emerging trends and
• Maintain oversight on evolving needs
the presence and • Lead review and
efficiency of major updates of configuration
technical controls baselines or changes at
across OT assets, an organisation-defined
determining where frequency
controls may be missing
or malfunctioning

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 50
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title Cryptography and Encryption

TSC Description
Implement cryptography and encryption to mitigate threat vectors posed to unsecured OT systems

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Support cryptography and Execute and implement Assess the effectiveness of Drive creation of new
encryption testing, and cryptography and encryption existing mix of cryptography frameworks, guidelines and
storage and providing initiatives and evaluating and encryption initiatives in processes to strike a
support to stakeholders for potential threat vectors securing OT systems and balance between encrypting
decryption of relevant data posed to existing OT ensuring proper storage of information while minimising
for operations systems decryption keys disruption to operations for
cryptography and encryption
initiatives in the organisation

Knowledge • Techniques for • Vulnerability points and • Strength and • Impacts of emerging
acccessing confidential threat vectors posed for weaknesses of various threats and best
data flowing through OT systems cryptography and practices affecting
different types of OT • Understanding of varied encryption techniques organisational initiatives
systems (SCADA, PLCs, algorithm creation • Impacts of encryption on • Differentiating levels of
etc.) techniques and business operations, impact to business
• Audit and monitoring application continuity, safety and operations, continuity,
techniques • Cryptography and recovery from OT safety and recovery from
• Internal guidelines for encryption techniques cybersecurity incidents OT cybersecurity
storage of encryption • Cryptography and • Business processes incidents
keys
encryption frameworks utilising encrypted • Flows of confidential
• Cryptography and
information throughout
(IPsec, etc.), standards information
encryption techniques
and skills (IEC62351, etc.) and • Vulnerabilities of OT organisational OT
techniques systems during the systems
• Industry guidelines and integration process
best practices for
storage and securing
encryption keys
Abilities • Support the testing of • Identify the need to • Create cryptography • Establish requirements
encrypted algorithms execute suitable algorithms to encrypt OT for identification and
prior to the execution of algorithms for systems communication of
cryptography and cryptography and • Facilitate cryptography confidential data
encryption initiatives encryption initiatives and encryption initiatives between OT systems to
• Support requests from • Review security logs to in-line with OT security drive encryption
other stakeholders to identify unauthorised requirements activities, in alignment
decrypt information activity • Identify the appropriate with relevant industrial
• Consolidate data on • Analyse potential threat encryption technique to standards
security logs in order to vectors on various provide expected level of • Design guidelines and
monitor effectiveness of processes for the

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 51
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

existing cryptography cryptography and protection on OT identification of threat


initiatives encryption techniques systems vectors and allocation of
• Monitor storage and • Identify appropriate • Recommend further critical OT assets into
usage of decryption keys storage channels for improvements for different cryptography
to ensure alignment with encryption keys cryptography and the and encryption layers
guidelines and • Assess effectiveness of encryption of OT • Prioritise decisions on
processes existing modifications to systems encrypting information
cryptography and • Identify key stakeholders by assessing operation
encryption initiatives to possess appropriate disruption or safety risks
user rights and on existing OT systems
decryption keys • Cultivate relationship
• Evaluate impact, with stakeholders
relevance and internally and externally
effectiveness of to incorporate
encryption on internally cryptography and
shared information encryption best practices
and trends into
organisational initiatives
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 52
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title Network Security and Segmentation

TSC Description Design and configure network systems to ensure integrity and reliability of network infrastructure of OT systems through segmentation of network infrastructure, incorporating uses of
apprioriate protection, detection and response mechanisms to confine and detect security incidents
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Monitor, review and execute Manage, identify and Design frameworks to
operational requirements to analyse functional and assess differentiating
ensure the integrity of OT performance security network security
network infrastructure requirements of networks requirements across varying
involved in OT systems OT systems and develop
policies to mitigate threats

Knowledge • Security requirements of • OT network zones and • Frameworks, guidelines


the organisation their configuration and regulatory
• Virtual Private Network • Types of network requirements
(VPN)- types, functions attacks, vulnerabilities • Industry trends of best
and operation, and related weaknesses practices and threats in
limitations, bandwidth of installed infrastructure the landscape
and dynamic security • Types and techniques of • OT assets and OT
environment OT security network and security network
• Configuration of routers security measures segmentation
and switches • Network security requirements
• Hardware and software implementation and
security products, procedures
features and capabilities • Network segmentation
• Network protocols and • Wireless security
operating systems impacting OT systems
• Security perimeters,
functions, protocols,
standards and data
encryption

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 53
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Monitor security network • Assess need for network • Define planning, building
for incidents and security segmentation in and management
identified operational order to ensure secure phases for network
threats affecting OT OT systems
security design on OT
systems • Collaborate with relevant
systems
• Propose stakeholders to keep up
recommendations to to date with current • Determine perimeters,
address network security security posture of boundaries and trust
deficiencies networks in critical OT levels for network
• Implement perimeter systems security zones in order
security, network • Identify threats to OT to limit broadcast
hardening measures and systems based on domain, restrict
authentication and user network security bandwidth usage and
account controls requirements in reduce attack surfaces
according to identified consultation with • Define security
network security relevant stakeholders requirements for network
requirements • Assess feasibility for security zones to drive
• Conduct testing to verify unidirectional gateway availability, integrity and
the key functions and implementation in highly confidentiality of critical
performance measures critical environments OT systems
of network security • Deploy and configure • Establish planning,
• Monitor packets and firewalls to control building and
information to facilitate network traffic and run management phases for
diagnosing of network inspection, on abnormal network security design
problems, investigating protocol behaviour, on OT systems
security or policy search for patterns of • Conduct research and
violations, and aiding in compromise, and verify evaluate organisational,
security incident traffic signatures against regulatory and security
response and network known malware and policies used to
forensics activities exploit traffic benchmark acceptable
• Assess if identified alerts • Deploy security network security
are false positives measures and controls standards
• Debug network security across network • Prioritise
according to test results components and zones recommendations to
address current and
• Perform collection, to reduce risk of
compromises and future security network
storing and correlation of
increase network gaps
logs utilising appropriate
security information and visibility • Evaluate degree of
event management • Analyse and recommend integration between end-
Review logs and audit configurations aligned to-end OT security
reports of security with incident response solutions with wireless
incidents, intrusions and procedure designs networks
attempts • Identify gap between • Formulate policies
expected and actual concerning VPNs and
performance for VPNs firewalls implementation
and firewalls to optimise • Collaborate with relevant
troubleshooting, stakeholders to
response practices and formulate network
forensic practices intrusion detection and
• Execute recovery plan recovery processes OT
for false positives systems
identified

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 54
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Monitor network traffic to • Implement device


ensure that there is no profiling framework for
unauthorised access on devices that are
OT systems connected to the
organisational OT
network
• Define rules of
communications across
network security zones
and facilitate efforts to
drive resiliency and
redundancy best
practices for network
zones
• Assess need to identify
cell area zones in
alignment with goal of
the security efforts for
networks involved in OT
systems

Types of networks may include but are not limited to:


Range of Application
• LAN network (e.g., SOHO network, WLAN)
• Telecommunications network
• Next generation network (NGN)
• Wide area network (WAN)

Types of zones may include but are not limited to:

• Indutrial zones
• Enterprise Zones
• Industrial Demilitarised Zones
• Cell Area Zones

Log mangement:

• Firewall logs
• Network intrusion detection logs
• Router and switch logs
• Operating system logs
• Application logs
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 55
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title OT Compliance and Assurance

TSC Description Facilitate compliance and assurance processes by reviewing adherence to regulations and standards involving OT systems; assess and enhance the thoroughness of compliance
and/or governance processes and organisation's internal controls to align with changing compliance standards and ensure audit’s readiness.

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Conduct audits on various Develop and enhance Establish OT systems
OT systems in the compliance processes for compliance and assurance
organisations, highlighting the OT environment based strategy and objectives for
findings and implementing on an evaluation of gaps in the organisation.
changes to address business and operations.
identified gaps
Knowledge • OT systems’ processes • Range of OT systems in • Types of factors and
and principles the organisation and concepts which
• Principles of auditing how they are connected influence compliance
• Methodologies and tools • Elements and strategy development for
for the conduct of considerations in OT systems in the
compliance and development of organisation
assurance acitivites in compliance processes • Operational, safety and
the OT environment • External standards business priorities and
• Attributes of compliance relevant to organisation's considerations and their
findings context and application impact to compliance
• Techniques to interpret implications • Evolving statutory and
and analyse of • Organisation’s historical regulatory standards for
compliance results OT system compliance the OT environment
• Techniques and or audit findings and • Emerging trends,
processes to patterns approaches and industry
identification of non- • Process gaps and non- best practices of
compliance and good compliance analysis compliance and
practices techniques in the assurance in the OT
• Internal and external operations or OT environment
compliance and environment • Root cause evaluations
regulatory guidelines strategies for cases of
non-compliance
Abilities • Perform compliance or • Develop compliance and • Establish OT systems
inspection readiness assurance processes in compliance strategy
activities in line with the accordance with the considering emerging
organisation's organisation's strategy trends, approaches and
compliance processes and internal and external industry best practices
and guidelines guidelines • Oversee alignment of
• Review audit or • Evaluate inspection or OT system compliance
compliance findings to compliance results, and strategy with operation
identify relevant security liaise with stakeholders and safety requirements
controls, areas of

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 56
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

process gaps or key and asset owners to and business priorities


instances of non- identify reasons for gaps as well as external
compliance in the OT or non-compliance regulations and
environment
• Analyse findings to standards
• Collaborate with
determine systemic and • Evaluate compliance
stakeholders and asset
recurring compliance and inspection findings
owners to propose
findings and highlight root
improvement measures
• Evaluate adequacy and causes and potential
to align with
effectiveness of existing organisational impact
organisational internal
controls against • Determine adequacy,
and external
identified business alignment with internal
requirements
objectives and and external regulations
• Propose changes in in
requirements and standards, and
alignment with internal
• Recommend effectiveness of OT
compliance standards or
enhancements to asset owner’s control
external regulatory
compliance processes or and governance
guidelines to drive
security controls to • Prioritise areas that have
security on OT systems
strengthen cybersecurity matured further and
governance in the OT require further
environment enhancement
• Endorse enhancements
to critical compliance
processes
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 57
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Identify

TSC Title OT Cyber Risk Assessment and Mitigation

TSC Description Develop and implement cyber risk assessment and mititgation strategies across the systems’ life-cycle, taking into considerationthe organisation’s OT environment and external threats

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Support risk assessment Conduct OT cyber risk Develop OT cyber risk Assess and direct Authorise OT cyber risk
exercises across OT assets assessment according to assessment techniques as enhancements to OT cyber assessment activities and
and systems and techniques and framework well as analyse the risks in risk assessment techniques, define operational, business
terms of likelihood and and develop strategies to and safety implications of
documenting results endorsed by the
impacts and roll-out address and mitigate OT the risks, as well as
organisation endorsed measures to cyber risks evaluating the preparedness
address identified cyber level to manage such risks
risks
Knowledge • Techniques to perform • Interconnectivity and • Cyber risk assessment • Design of cyber risk • Evolving cybersecurity
cyber risk assessment in communication paths of techniques for the OT assessment techniques landscape and emerging
the OT environment assets in the OT environment for the OT environment threats for the OT
• Security risks, threats • Projection of cyber risks, landscape
• Methods to identify OT environment
and vulnerabilities in the threats and • Measures of
assets and categorise • Processes of OT organisation’s OT vulnerabilities in the OT organisational readiness
them based on risk systems in the environment environment and preparedness
criticality organisation • Operational, safety and • Key requirements and against OT cyber threats
• Risk analysis • Cyber threat libraries business risks and objectives of various OT
methodology and stages of cyber implications from cyber cyber risk assessments
• Methods to categorise attacks security loopholes • Pros and cons of various
• Possible treatments of risk mitigation treatment
risk and build risk matrix • Elements of risk
OT cyber risks approaches
• Methods to document assessment and risk
risk analysis results scenarios
• Risk analysis
methodology
• Methods to categorise
risk and build risk matrix
Abilities • Identify OT assets and • Perform a cyber risk • Consolidate insights • Guide the development • Establish organisation's
owners of the assessment on from various of OT cyber risk position and strategy for
organisation and create organisation’s OT departments and assessment techniques assessing and managing
assets inventory within environment
stakeholders for the • Collaborate with relevant OT cyber risk aligned to
purpose of designing OT stakeholders to overall enterprise risk
the OT environment • Develop threat models cyber risk assessment implement relevant approach
• Document threat events or risk scenarios based techniques policies and processes • Define roles and
that are relevant to each on key risk indicators, • Develop cyber risk in order to mitigate OT responsibilities for OT
asset business context, assessment techniques cyber risks cyber risk assessment
• Document outputs from system environment and to identify loopholes and • Evaluate effectiveness and mitigation exercises
the risk assessment pertinent threats for the vulnerabilities in the OT of current OT cyber risk • Formulate risk
environment and across assessment techniques assessments and testing
exercise and update OT environment, monitor
a system’s life cycle • Drive improvements or policies and authorise
them in a risk register risk register updates • Review the related activities within
modifications to OT
• Collaborate with relevant implementation of OT cyber risk assessment the organisation
stakeholders to cyber risk assessments techniques

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 58
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

implement endorsed • Analyse the likelihood of • Lead the implementation • Articulate implications of
treatments and OT cyber risk impacting of OT cyber risk potential OT cyber risks
measures to address creating operational, assessment activities and threats and translate
and mitigate risk safety or business throughout organisation them into a business
impacts • Weigh potential case
• Assess effectiveness of operational or safety • Assess overall strength
risk mitigation treatments risks associated with and preparedness of the
against organisational cyber security risks organisation's existing
policies, processes, • Evaluate options and defences in light of
procedures and key risk determine treatment identified OT cyber risks
indicators approaches for OT • Endorse strategies to
cyber risks effectively address and
• Develop key risk mitigate the OT cyber
indicators or indicators risks identified and
of compromise in evaluate potential costs
collaboration with key to the organisation to
stakeholders and asset implement the strategies
owners to categorise • Formulate strategies and
severity of risk and plans to address current
potential impact to and future risks gaps in
organisation and consultation with
operations relevant stakeholders
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 59
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title OT Products and Solutions Security Evaluation

TSC Description Develop test strategy and procedure to verify and ensure that OT solutions and products are in line with cybersecurity requirements; this includes the ability to define and verify the
cybersecurity requirements across the product life stages, the tools used to perform the test, the data and/or resources needed to conduct the test.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Conduct evaluation of OT Design evaluation plan and Define frameworks,
products and solutions in analyse test results in processes and standards to
line with defined framework alignment with cybersecurity guide cybersecurity
and processes standards evaluation of OT vendors,
products and solutions
Knowledge • Testing tools and • Different types and • Testing objectives and
processes levels of testing over scope
• Documentation product life stages • Range of tests and their
requirements of software • Range of tests, testware pros, cons, applicability
and hardware testing and applications and compatability
• Methodologies to • Optimal scheduling • Key resources, data and
implement and assess times for different tests tools required to
OT products and • Functional and implement product
solutions performance security
requirements of OT • Key components of OT
products and solutions products
• OT industry and
landscape trends

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 60
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Conduct evaluation and • Identify types of • Define product and


testing of OT products evaluations and testings solution requirements in
and solutions in required by OT products alignment with
accordance to and solutions throughout cybersecurity standards
established timelines, the product life cycle and processes
and functional • Configure functional and • Establish evaluation
requirements performance test framework to facilitate
• Draft functional and scenarios for OT systematic test
performance test products and solutions to procedures and
scenarios for OT ensure that approaches across
products and solutions they are not exposed to varying OT products and
• Prepare reports on varying cybersecurity solutions
operational security vulnerabilities • Spearhead review of
incidents for OT • Monitor evaluation existing evaluation
products and solutions process to ensure processes and
• Conduct network and alignment with frameworks against
end-point security testing requirements and emerging trends or
of OT products and standards cybersecurity threats in
solutions • Evaluate results against the industry landscape
• Coordinate efforts with cybersecurity and assess implications
end-users to identify requirements and on OT products and
potential cybersecurity standards and assess solutions
vulnerabilities for effectiveness of products • Establish escalation
implementation of OT and solutions in procedures for OT
products and solutions delivering cybersecurity products and solutions
• Draft report of observed to OT systems that do not comply with
outcomes evaluations of • Identify anomalies and cybersecurity
OT products and vulnerabilities of OT requiements
solutions products and solutions • Collaborate with relevant
and recommend stakeholders to mitigate
mitigation strategies cybersecurity risks
• Monitor updates of OT posed by OT products
product and solutions and solutions based on
updates from vendors security evaluation
and identify implications results
• Cultivate partnerships
with vendors or clients to
facilitate effective
performance and
security evaluation of OT
products and solutions
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 61
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title OT Security Design and Architecture

TSC Description Embed security principles into the design and specification of security architectures and controls for OT systems to meet defined OT cybersecurity needs

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Design secure OT systems Develop a security blueprint Establish organisational
and define security and direct the design of a guidelines and principles for
specifications of robust and coherent OT the design of OT security
architecture and controls,
components, integrating security architecture, based
and drive the enhancement
appropriate security controls on a suite of security of organisation-wide OT
solutions and key design security systems
principles

Knowledge • Security threats and • Emerging security • Industry best practices in


vulnerabilities facing OT threats and impacts on OT security
systems OT systems architectures and
• Levels of security • Key components of OT systems design
assurance and functional security system • Emerging trends and
requirements blueprints potential impacts on
• OT security system • Principles of security enterprise architecture
components system integration and security controls
• Elements and workings • Range of OT system • Key criteria for
of security controls security tests and determining required
• Objectives and purpose interpretation of results level of security controls
of security controls • Evaluation guidelines for • New and emerging OT
• Common specifications OT system secuirty security system design
and designs for secure architectures methodologies, tools
OT systems • Interdependencies and techniques
• Types of models for OT between OT systems • Interdependencies and
secuirty (such as impact of changes on
Incoporation of Purdue OT systems
Model for ICS Security
(PERA))
• Methods to acess OT
systems
Abilities • Identify security risks • Evaluate potential • Establish organisational
and problems posed by security threats and guidelines and principles
new technologies articulate implications on for the design of OT
integrating with OT OT systems design security system
systems and assets • Define security system architectures and
• Design secure systems blueprint for relevant OT controls
and controls based on systems or • Evaluate OT security
OT architectural infrastructure, including system architecture
guidelines and against industry best

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 62
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

requirements aligned protection profile and practices and business


with business priorities security targets requirements
• Define security • Integrate security • Define the level of
specifications of system solutions and design security controls needed
components, that principles to develop a for the organisation's OT
address security robust and coherent OT systems, information
objectives and functional security architecture and assets
requirements • Lead design of new or • Plan the design and
• Incorporate controls into enhanced OT security integration of
OT security system systems and organisation-wide IT-OT
components to minimise architectures security systems
security breaches or • Plan and embed security • Endorse new, modified
lapses controls for OT systems or strengthened security
• Assess the level of architecture based on controls that are in line
security robustness in understanding of system with the organisation's
OT system designs interdepedencies, security strategy
organisational guidelines • Introduce new security
and security principles system design
• Lead the review of OT methodologies, tools
system architecture and techniques to the
against security organisation
requirements • Evaluate OT systems'
• Recommend security plans and
modifications to OT interdependencies
security control designs between systems in view
to boost the protection of of potential evolution of
organisation assets the enterprise strategy
and architecture
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 63
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Identify

TSC Title OT Cybersecurity Governance and Programme Management

TSC Description Develop and implement OT cybersecurity enterprise programs, policies and standards to govern the organisation's approach towards protecting OT systems in alignment with
regulations, organisation’s context, operating environment and cyber threats
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Facilitate efforts in Assess adherence of OT Develop OT cybersecurity Develop OT cybersecurity
implementing and tracking cybersecurity policies, policies, standards, programmes at an
of OT cybersecurity standards and protocols, protocols and develop plans enterprise level, defining
programmes and driving the OT cybersecurity and resources to implement organisation’s risk appetite
conformance to policies, programme implementation the programmes and providing direction for
standards and protocols and monitoring effectiveness OT cybersecurity policies,
standards and protocols

Knowledge • Organisation • Various OT threats and • Critical elements of • Emerging trends and
cybersecurity policies, system vulnerabilities in corporate security developments in OT
standards and protocols the OT environment policies, standards and cybersecurity
• OT cybersecurity • Implementation process protocols management and
programmes and and considerations for • International OT practices
indicators of good cybersecurity policies, cybersecurity • Industry standards,
practices standards, protocols and frameworks regulations and best
• Common tools and programmes • Geographical and practices for OT
methodologies in OT • Types of security sectoral regulations and cybersecurity
security programme controls in the OT codes of practices for • Key business and
development environment of the OT cybersecurity operation implication of
• Maintenance procedures organisation • Policy, standard and changes in policies,
for OT security • Methods to assess protocol writing standards and protocols
programmes processes against techniques concerning the OT
policies, standards and • Methods to environment
protocols communicate • Methods to analyse cost
• Objectives and plans for organisation’s policies, and benefits of
OT cybersecurity standards, and protocols implementing an OT
programmes • Related operational or cybersecurity
• Metrics to evaluate OT business policies, programme
cybersecurity standards, protocols and
programmes programmes
Abilities • Coordinate efforts with • Validate compliance of • Develop OT • Define and articulate the
appropriate stakeholder cybersecurity policies, cybersecurity policies, organisation’s risk
to drive or maintain standards and protocols standard, and protocols appetite and tolerance
ongoing cybersecurity • Highlight areas for based on the • Set direction for the
programmes improvement and frameworks, regulations, organisation's
• Support the roll out and propose solutions or OT cyber threats and cybersecurity policies,
communication of OT revisions to standards, protocols and

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 64
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

cybersecurity policies, cybersecurity policies, risks and organisation’s programme in line with
standards, protocols and standards and protocols context business requirements
programmes • Identify lapses in or • Establish internal and the external
• Monitor existing process potential issues that may processes to regularly environment
on a daily basis and endanger the OT review the adequacy of • Review and endorse
ensure conformance to environment security controls proposals for updates or
OT cybersecurity • Propose specific action • Introduce suitable enhancements to
standards and protocols plans for different OT technologies, processes organisation’s policies,
• Monitor ongoing OT area or business units to and tools to maximise standards, protocols and
cybersecurity improve conformance compliance and programmes
programme and highlight and programmes’ programmes • Assess overall
implementation hurdles effectiveness implementation effectiveness of OT
• Consolidate feedback • Evaluate technologies • Communicate and cybersecurity
and concerns of end- and tools that can educate the organisation programme and set
users with regards to address gaps and on new or updated priorities and
ongoing OT facilitate compliance with policies, standards or improvement activities
cybersecurity security policies protocols and • Establish benchmarks
programmes • Introduce and review cybersecurity and targets with regards
adequacy of security programmes to OT cybersecurity
controls in line with • Develop plans, schedule governance and set
corporate cybersecurity and resources to processes to be
policies implement OT regularly reviewed
• Implement and partner cybersecurity against
stakeholders on programmes • Establish and regularly
implementation of new • Collaborate with senior review OT cybersecurity
or updated cybersecurity stakeholders to ensure programmes’ strategy
policies, standards, that OT cybersecurity and objectives in
protocols and policies, standards , alignment with
programme protocols and organisation’s strategic
• Drive implementation of programme are priorities and risk
OT cybersecurity executable and aligned tolerance for OT
programmes with other with other enterprise- systems
stakeholders level initiatives • Lead communication of
• Regularly monitor impact business case to key
and metrics to determine leadership roles and
effectiveness of OT ensure buy-in for OT
cybersecurity policies, cybersecurity policy
standards, protocols and changes and programme
programmes management
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 65
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title OT Vulnerability and Patch Management

TSC Description
Deploy vulnerability mitigations and patches in phases to minimise operation disruption during testing, deployment and validation to mitigate vulnerabilities in OT systems

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Perform patch testing, Analyse and combine Establishing patch
deployment and post- various vulnerability and management strategy
deployment validation of patch management through collaboration with
patches to identify potential configurations to correct other stakeholders to
vulnerabilities and conflict threats and mitigate adverse manage testing and
with other systems effect through phased deployment of patches
deployment of patches while balancing security
and operations

Knowledge • Vulnerability and patch • Range of patch • Host architectures


management mangement (Appliances, mobile
configuration tools and configuration techniques devices, laptops,
techniques • Internal stakeholders firmwares) and
• Analysis and verfication requirements and interdependencies with
process, tools and guidelines for patching of OT systems for patch
techniques for testing OT systems or updates
effectiveness of patch embedded devices • Vulnerability and patch
• Internal guidelines for • Threats posed by management
managing vulnerability relevant stakeholders techniques and
and patch deployment, provided with access strategies and their
validation and user- and privilege to OT implications on OT
access systems or embedded system operations and
• Types of system devices legacy systems
conflicts created when • Types of interactions • Industry best practices,
implementing external and possible conflict frameworks and
vendor patches and during patch deployment developments in
resources by internal and external vulnerability and patch
stakeholders management
• Tools and techniques for • Tradeoffs between
safe deployment of patch security, usability
patches in OT systems and availability of OT
or embedded devices systems
Abilities • Monitor environment to • Develop change • Spearhead
ensure OT systems are management plan and collabaration with
up-to-date and are in procedures to facilitate stakeholders in
compliance with internal systematic and timely prioritising and planning
patch processes approach to reduce vulnerability and patch
vulnerability exposure deployment efforts in

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 66
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Consolidate and group while ensuring ongoing phases on a


OT systems in the operations to OT combination of
organisation according systems platforms and systems
to the different • Evaluate legacy OT to prevent overloading
configuration methods systems exposed to of resources and other
and highlight legacy potential vulnerabilities networks
systems that are no • Propose and prioritise • Lead creation of
longer supported by alternative patch alternative vulnerability
vendors solutions and patch management
• Coordinate with vendors, • Define roles and strategies for legacy OT
asset owners or relevant responsibilities for systems that are no
stakeholders to ensure involved parties across longer actively patched
smooth deployment of the industrial by vendors
patches or other environment to facilitate • Asses industry trends
modifications to OT patch management and emerging threats to
assets and systems processes inform ongoing patch
• Evaluate severity of • Manage guidelines on management strategies
vulnerabilities and vulnerability and patch • Establish internal
weaknesses and management policies for the
prioritise actions to management,
configuration to
undertake optimisation and
• Execute patch testing standardise efforts to
protection of the
and implementation in mitigate conflict and organisation's assets
line with identified disruption in alignment with
phased roll-out • Conduct vulnerability business priorities and
• Conduct post-patch and exposure reviews industry standards
verification through of OT assets and • Plan appropriate tools
further testing of identify preventative and techniques for the
vulnerabilities action when threat safe deployment of
• Monitor feedback from vulnerabilities and patches to reduce
other stakeholders to weaknesses are unauthorised interaction
determine possible detected between control and
unintended side-effect • Execute planning, operation servers
from patch updates testing and • Evaluate data from
implementation of existing systems to
patches in phases for determine if additional
safe deployment and to follow-up patches are
minimise disruption and required
unauthorised traffic
• Analyse post-patch
validation data to
determine if further
actions are required
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 67
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Identify

TSC Title Supply Chain Management

TSC Description
Manage OT cybersecurity risks associated with services or systems that are dependent on vendors or external entities through formulation of frameworks, guidelines and processes

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Monitor service levels, Analysing the effectiveness Design processes in Spearhead the creation of
review and report service of existing initiatives in conjunction with various frameworks, processes and
delivery deviations evaluating the cybersecurity stakeholders to ensure OT guidelines to develop a
compliance of vendors cybersecurity compliance to secure and agile supply
mitigate risk posed chain

Knowledge • Methods for data • Types of cybersecurity • Organisation’s OT • OT cybersecurity


collection and analysis risks and vulnerabilities cybersecurity risk emerging trends and
• Organisational impacting OT sysetems assessment and threats
procedures for • Types of supply chain prioritisation frameworks • OT cybersecurity
escalation and reporting interdependencies and processes frameworks, legislation
of service level • Organisational standards • Types of threats posed and requirements
agreements (SLAs) and guidelines for by interdependencies • Various types of OT
breaches service delivery and variability in the system vulnerabilities
• Service performance, • Communication supply chain and potential threats
conformance testing and channels and methods • Service recovery policies • Alternative suppliers of
assessment measures • Diagnostic methods and and methods specialised and sensitive
• Key performance tools • Stakeholder relationship OT equipment
indicators to measure • Service resolution development concepts
supply chain systems procedures and and techniques
techniques
Abilities • Monitor service delivery • Communicate roles, • Establish supplier risk • Spearhead review of
in accordance to responsibilities and profile to assess overall existing vendor
established service level expectations to vendors security posture of management and
selection framework to
agreements and or external vendors and
formulate consideration
compliance with dependencies in dependencies of abilities to meet
contractual obligations delivering associated • Lead evaluation and cybersecurity
• Evaluate vendors' products or services in prioritisation of supplier requirements against
performance against alignment with risk profile and internal or regional
conformance testing, cybersecurity dependency risk in line standards
assessment, requirements with organisation’s risk • Formulate supply chain
OT cybersecurity risk
performance standards • Identify critical criteria and frameworks
management framework
and benchmarks depdencies and • Define clear parameters to guide procedures and
• Assess gaps in service associated risks across and expectations of information sharing on
delivery and identify the end-end supply vendors' roles and OT cybersecurity
chain management responsibilities in incidents, threats or
potential issues or
alignment with establish mitigation measures
breaches that would process of OT systems
cybersecurity • Lead communication of
requirements and cybersecurity risks

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 68
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

impact cybersecurity on • Establish key controls to protect the posed by supply chain
OT systems performance indicators organisation against dependencies and gain
• Consolidate feedback for assessment of cybersecurity threats buy-in for proposed
• Establish processes to mitigation or actions to
from end-users and vendor service delivery,
enable the monitoring of from key stakeholders
external depencdencies conformance testing, service performance and • Establish organisational
to analyse future assessment and validate compliance with cybersecurity
demands and needs to performance levels cybersecurity requirements across OT
deliver secure OT • Review dependencies’ requirements systems and
systems and assets ability to continually • Collaborate with relevant dependencies in
• Facilitate information meet cybersecurity stakeholders to build OT consultation with key
cybersecurity awareness stakeholders
sharing on relevant OT requirements for delivery
for external • Establish benchmarks
cybersecurity information of services and identify dependencies on against regulatory
or incidents actions for improvement prevailing OT standards to guide the
of service levels cybersecurity threats,
development of supply
• Evaluate the impact of impacts and mitigations
chain framework from a
contractual issues and • Develop contractual
provisions to pre-empt OT cybersecurity
problems on
and address significant perspective
cybersecurity of OT
OT cybersecurity risks • Formulate detection
systems, and determine associated with varying strategy for critical
if a major contractual dependencies components in the
breach has occurred • Evaluate overall
supply chain to detect for
• Identify stakeholders to performance of vendors
early signs of
be involved in to review and endorse
information-sharing compromise
decisions on future
processes based on • Assess need to
contract renewals, renegotiate the terms of
shared interest in risk to
OT systems and assets changes or termination SLAs or outsourcing
• Assess the proportion contracts in the event of
and type of clients new legal or regulatory
served by the vendors requirement
for potential conflict of
interest and threats
• Establish alternative
sourcing plans in the
event of operation
disruptions
Range of Application • Suppliers
• Customers
• Single-source or other essential dependencies
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 69
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Respond and Recover

TSC Title Business Continuity and Recovery

TSC Description
Plan, design and test contingency plans to ensure organisational resilience and maintenance of the availability, stability and integrity of OT systems in the events of cybersecurity incidents

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Implement business Develop business continuity Define the optimal business
continuity and contingency plans for OT systems, and continuity strategy and
procedures and exercise, direct resources to establish objectives for business
and management of and maintain business continuity and contingency
alternative resourcing of continuity processes plans for OT systems to
critical OT systems minimise disruption and
threats to stakeholders

Knowledge • Data information • Interlinkages between • Regulatory requirements


processes and OT systems and and industry best
procedures stakeholders involved practices for business
• Steps required to • Potential long-term and continuity and recovery
implement and test short-term risks to the strategy and plans
business continuity plans availability, stability and • Potential risks posed to
and procedures integrity of OT systems stakeholders in the events
• Business continuity and of a disruption
recovery procedures • Potential disruption and
• Techniques to analyse adverse impact during the
continuity plan tests testing of contingency
plans
• Strategies to analysis risk
of disruptions to
operations and
stakeholders

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 70
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Collate information to • Assess • Lead formulation of


identify critical OT interdependencies that business continuity and
systems to be exist among the critical recovery plans for critical
OT systems in
considered for business OT systems and
consultation with relevant
continuity stakeholders to guide stakeholders
• Facilitate the formation of continuity • Segregate business
identification of the plans operations into key
interdependences that • Evalute the relative components of business
exist in driving impact of potential risks operations to determine
availability, stability and to the availability, priority areas with
cascading levels of
integrity of OT systems integrity and reliability of
acceptable OT system
• Coordinate efforts to key OT components performance
execute business • Develop business • Assess and identify key
continuity, recovery and continuity procedures interdependencies and
contingency procedures outlining tasks, reliances across external
for OT systems based responsibilities and stakeholders beyond the
on organisational schedules in alignment organistion
strategies with the organisation’s • Guide the definition of the
• Facilitate OT security strategy organisation’s system and
cybersecurity or • Recommend process data recovery objectives
business continuity enhancements to based on organisation
exercises based on achieve improved levels needs, industry best
of business continuity practices and regulatory
defined objectives,
action plans and criteria
• Develop a business standards
continuity test or • Guide the definition of
• Document test results exercise plan, including continuity assessment
and propose follow-up its objectives, benchmarks to ensure
actions to achieve procedures, assessment
desired levels of that plans are relevant,
criteria and roles and adequate and closely
business continuity responsibilities of
involved personnel aligned with the

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 71
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Analyse the long-term organisation's needs and


outage and short-term priorities
outage of critical OT • Evaluate overall result of
systems implications on OT systems business
business operations continuity exercise and
• Define frequency of effectiveness of
change for critical data contingency plan to
and configuration and determine implicationsand
requirements for prioritise areas for further
ensuring completeness review and improvements
of back-ups • Evaluate the need to
source for critical
alternative components or
to develop alternative
processes while balancing
costs to achieve desired
level of business
continuity
• Formulate backup and
restoration policy
considering criticality of
OT systems and
frequency of change for
critical data and
configuration
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 72
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Respond and Recover

TSC Title Failure Analysis

TSC Description Examine the root cause of OT system failures and execute appropriate analysis and mitigation techniques for both physical and digital incidents to ensure compliance with
organisational and regulatory requirements
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support and respond to Conduct failure analysis to Lead failure analysis and Outline procedures,
failure incidents and initiate determine cause of defect review the results to guidelines and plan failure
process of failure analysis and impact to OT assets determine root causes analysis activities and lead
communication and
remediation plans

Knowledge • Organisation’s OT • Types of OT cyber • Potential root causes of • Regulatory and


system and network incidents and failures failure in the OT systems organisational
• Organisational • Physical attributes of OT • Root cause analysis requirements for OT
procedures and system • Failure analysis tools system failure
processes for safety and • Physical safety and techniques for OT • Risks and operation
failure analysis in the OT guidelines of the systems implication of conducting
environment organisation • Types of failure analysis failure analysis in the OT
systems
• Allowable down-time of • Procedures to conduct techniques and
• Industry best practices
OT systems for failure physical failure analysis procedures for OT
systems and emerging trends in
analysis • Failure analysis tools
• Stakeholders mapping OT failure analysis
and techniques for OT with regards to OT
systems failure incidents

Abilities • Respond to failure • Evaluate incidents and • Review failure incident to • Create process and
incidents and initiate identify appropriate determine appropriate guidelines to document
appropriate process for failure analysis failure analysis and conduct failure
failure analysis technique procedures for physical analysis activities
according to • Execute failure analysis and digital assets • Incorporate and update
organisational and
organisation guidelines on OT systems in line • Identify and segregate regulatory requirements
and procedures with organisational list of possible failure into failure analysis
• Draft failure report and guidelines and techniques for potential process
incident log for review procedures physical and cyber • Set the depth and level
• Support communications • Review failure reports incidents and of analysis standards
with asset owners and • Conduct physical failure appropriate required for compliance
with regulatory and
other stakeholders in analysis on OT systems, • Define time-frame for
organisational
preparation for failure keeping abreast of failure analysis to requirements
analysis organisation’s safety minimise operation • Identify best practices
guidelines disruption and emerging
• Prepare communication • Analyse result of failure technology in the failure
materials and conduct reports and develop analysis field
communication session remediation plans • Assess and approve
changes to existing
processes and

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 73
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

with internal • Assess root causes of procedures to improve


stakeholders failure outlining lesson failure analysis activities
learnt and and • Engage operation team,
recommend remediation asset owners and other
key stakeholder in
actions
planning failure analysis
• Supervise the failure activities balance and
analysis activities minimise operational
• Communicate findings to disruption and risk
asset owners and other • Lead communication
stakeholders efforts of findings and
remediation plan
• Collaborate with
stakeholders and key
asset owners to develop
failure analysis
processes

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 74
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title Network Administration and Maintenance

TSC Description Monitor to provide for optimum levels of network performance and minimisation of downtime. This includes detection, isolation, recovery and limitation of the impact of failures on the
network as well as provision of support to system users through ongoing maintenance information sharing and training
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Monitor network Review, optimise and align Assess network capabilities
performance, investigate network performance with and set network rules to
and resolve network faults operation needs, and ensure support OT networks and
or downtime adherence to configuration systems, as well as and
rules optimise performance in
changing environments

Knowledge • Purposes of OT systems • OT network visualisation • Industry best practices in


and their dependencies and modelling fault detection, isolation
on network • Impact of network and recovery in the
• OT network performance performance on OT context of network
indicators and methods operations administration in the OT
to assess them • Best practices in network environment
• Detection, identification, administration and • Resources and
isolation and limitation maintenance in the OT capability requirements
techniques of network environment to support software-
faults and failures in the • Priorities, audience and defined infrastructure in
OT environment dependencies with the OT environment
• Potential causes and regards to • Network virtualisation
impacts of network faults communicating network management and
or downtime updates in the OT monitoring tools and
• Resolution techniques environment methods
for a range of different • Relevant programming • Scope of multi-tier
network issues in the OT languages for networking in OT
environment applications environment
• Critical information to be • Indicators of network • Range of network rules
communicated to the performance and programming codes
organisation regarding • Semantics of different
network updates networks and network
types in the OT
environment
Abilities • Monitor network • Conduct review and • Establish guidelines and
performance in the OT evaluation on network Standard Operating
environment performance in the OT Procedures (SOP) to
• Highlight areas for environment and detect and recover
further review to determine areas for network faults and
optimise network improvement failures in the OT
performance environment

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 75
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Identify potential impact • Optimise and align • Establish OT network


of network faults and network performance maintenance processes
failures with operation and to ensure performance is
• Take appropriate action business needs stable and optimal for
to isolate or limit network • Assess incidents of the operation
faults and failures in the network faults, failures or • Assess the readiness of
OT environment downtime in the OT equipment and
• Resolve network faults environment and capabilities in the OT
and failures in the OT determine recovery and environment for
environment resolution efforts emerging software-
• Investigate the causes • Determine network defined infrastructure
for unresolved faults and updates and • Determine network rules
propose solutions to maintenance information and desired behaviours
address them and customisation for to be programmed in to
• Develop required different audiences meet the OT network
communication materials • Ensure adherence to requirements
for information sharing established configuration • Establish configuration
baselines or rules for baselines or rules for
network security network security across
• Monitor performance the OT environment
and health status of • Direct overall network
applications, controllers programming activities
and components in the and performance,
OT environment determining adjustments
• Implement adjustments to be made in light of
to network-wide traffic changing contexts and
flow to meet changing environments
needs
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 76
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title Access Control Management


Manage access controls to ensure authorised access for OT assets and systems in accordance with the organisation's policies, including creating and managing identities
TSC Description

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Apply access control Develop access control Develop organisational
policies by following the policies in alignment with the access control frameworks
access limitation and organisation's policies and to determine granting and
responsibilities granted cybersecurity advisories revocation of user access
control rights

Knowledge • Access enforcement • Types of access control • Organisational access


methods systems control needs
• Remote access methods • Access control rogue • Financial costs for
• Wired and/or wireless connection audit access control changes
authentication methods techniques • Laws and regulations
• Least privilege principles • Access control risk related to cybersecurity
• Account management mitigation techniques • Stakeholder
principles • System interfacing communication channels
• Access control • Investigative techniques • Policy-based and risk
technologies • Root cause analysis adaptive access controls
• Troubleshooting tools techniques • Best practices, industry
and techniques standards and emerging
• Access control methods trends for access control
• Wired and/or wireless
access restrictions
• Authorisation methods
Abilities • Establish and maintain • Review and update • Formulate requirements
identities through identity repositories and for identity credentials in
provisioning and de- credentials to ensure alignment with
provisioning for validity organisation’s risk
personnel and other • Define time threshold for criteria
entities who require provisioning and de- • Establish policies and
access to OT systems or provisioning of identities procedures specifying
assets • Deploy appropriate the usage of system
• Perform troubleshooting control systems utilising resources by only
for verified users with appropriate models authorized users,
access control issues based on understanding programs, processes, or
• Grant users access of OT systems and other systems
control rights according needs • Define organisational
to defined frameworks • Solve system interfacing access control
and best practices issues or problems frameworks for
• Manage access control • Perform audits on managing system
lists access control systems accounts, including
• Maintain audit logs and to identify rogue establishing, activating,
ensure ensuring proper connections modifying, reviewing,

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 77
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

access habits are • Analyse and recommend disabling, and removing


enforced mitigation measures to accounts in alignment
reduce access control with relevant industry
breaches standards
• Design group policies • Define controls for
and access control lists addressing the use of
to ensure compatibility portable and remote
with organisational devices and personally
standards and needs owned information
• Assess adequacy of systems to access the
access controls based OT systems as well as
on principles of least the use of remote
privilege and need-to- access capabilities and
know the implementation of
wireless technologies
• Determine
communication plans
with relevant
stakeholders on access
control breaches
• Develop access control
audit frameworks
• Evaluate and adopt new
access control
technologies
• Champion best practices
on access controls to
protect OT systems and
assets from
unauthorised access
and are put into place

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 78
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Respond and Recover

TSC Title Cyber Forensics

TSC Description Perform forensics investigations on cyber-related incidents on OT systems through preservation of digital evidence

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Coordinate the cyber Gather and preserve digital Perform in-depth Establish forensics policies
forensics execution of evidence from different investigation activities and and procedures to effectively
collection and preservation of systems and sources forensic analysis manage forensic
evidence following authorised investigations and recovering
procedures and provide of operations
preliminary analysis from
consolidated digital
evidence
Knowledge • Procedures used to • Potential types of data • End-to-end process and • Live forensics and impacts
acquire, preserve and from physical and digital procedures in a on OT system networks
maintain integrity of assets, found internally forensics investigation • New and emerging trends
evidence and externally • Critical asset owners in OT forensic
• Safe handling techniques • Range of analytical and stakeholders investigation
for physical safety and to techniques to examine involved in digital • New and emerging trends
prevent contamination or digital evidence evidence gathering in the OT and related fields
tampering of evidence for • Conflicts with integration • Emerging and • Impacts and
different OT systems of broad range of OT specialised forensic consequences of OT
systems, computer, tools, solutions and forensics investigation
network and mobile methodologies policies and procedures on
forensic tools and • Changes and updates to organisational operations
techniques regulatory or legal • Legal and regulatory
• Statistical analysis requirements requirements for OT
procedures used to • Implications of forensics investigation
identify trends regulatory and legal
• Legal principles and parameters on forensic
regulations in relation to investigations
forensic investigations

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 79
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Facilitate collection and • Combine digital • Perform investigation • Develop forensic
preservation of digital evidence and identify activities and forensic investigation plan,
evidence in consultation patterns, or analysis to determine including the tools,
with relevant stakeholders unauthorised access the underlying causes processes and
• Coordinate execution of from digital evidence and effects of incidents methodologies to be used
forensic investigation plan • Combine digital • Establish processes to • Develop guidelines and
in compliance with evidence from several facilitate the digital Standard Operating
organisational physical sources and methods to evidence acquisition to Procedures (SOP) for
safety guidelines analyse forensic minimise impact to OT investigation procedures
• Monitor a range of internal evidence, document systems functionality including guidelines for
and external OT data inferences, patterns and and uptime physical and digital
sources to identify correlation of events to • Assess suitability of new interviews, data handling,
relevant information to draw evidence and emerging forensic surveillance etc.
incident at hand • Prepare report on digital tools, given investigation • Identify types and time-
forensics finding in requirements and OT sensitivity of data gathered
compliance with legal operation requirements from OT systems
regulations and • Determine the key tasks, • Collaborate with external
standards timelines, milestones vendors to identify
• Access and extract and accountabilities for a appropriate forensics tools
evidence from OT specific forensic and potential conflict with
systems utilising investigation integration to OT systems
appropriate forensic • Lead forensic • Assess and approve
tools investigations, involving recommendations for
• Document OT system interaction with OT changes to minimise
security incidents systems involving time- impact to OT systems and
including detail, trend sensitve, critical OT improve the digital
and handling assets, large data sets evidence integrity validity
• Store original and copied and networks • Formulate plans to identify
evidence in safe considerations types of data and
environments with • Review multi-source appropriate methods and
limited access evidence and tools required to acquire
• Extract digital evidence conclusions drawn in digital evidence from OT
from various sources, in light of broader trends systems while minimising
compliance with and contextual impact to digital evidence
authorised procedures considerations integrity validity
• Identify alternatives and • Lead presentation of
solutions for potential reports and outcomes in
barriers and conflicts for significant investigations or
communication between legal proceedings
investigative methods,
tools, procedures and
OT systems that
prevents data collection
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 80
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Respond and Recover

TSC Title Cyber Incident Response and Management

TSC Description Detect and report cyber incidents in the OT environment, identify affected systems and user groups, trigger alerts and announcements to ensure efficient resolution of the situation

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Conduct real-time incident Troubleshoot incidents, Develop incident Formulate incident response Drive cross-collaboration
and status reporting in the escalate alerts to relevant management procedures strategies and direct teams efforts to co-develop
OT environment and identify stakeholder, and analyse and synthesise incident- in the remediation, strategies to manage OT
affected systems root causes and implications related analyses to distil key resolution, communication cyber incidents on an
of incidents insights, resolve incidents and post-mortem of large- industry, national or
and establish mitigating and scale, unpredictable OT international scale
preventive solutions cyber incidents

Knowledge • OT systems and network • Prioritisation criteria for • Mechanics of incident • Industry standards and • Political, national and
in the organisation OT incidents alert triggers in the OT best practices in incident international sensitivities
• Incident detection and • Procedures and system management in the OT regarding cyber crimes
reporting protocols processes to conduct • OT cyber Incident environment in OT sectors
• Types of security Root cause analysis and remediation solutions • Key components of an • Potential impact of
incidents timeline analysis of OT and strategies incident management incidents to the
• Types of threats, cyber incidents • OT cyber Incident playbook for the OT organisation and
attacks and breach in • Tools and processes to mitigation strategies environment stakeholders and
the OT environment conduct remediation of • Criteria and community
• Categorisation OT cyber incidents requirements of an OT • Best practice and types
guidelines for incidents • Security implications of incident response team of OT cyber incident
• Impact of incidents on incidents • Key stakeholders for OT management strategies
systems and operations incident management • Risk mitigation strategies
• Post-mortem processes for OT cyber incidents
for OT cyber incidents • Procedures to manage
• Communication OT cyber incidents on an
strategies and protocols industry, national or
• Prosecution processes international scale
and requirement related
to cyber attack
Abilities • Provide real-time • Review categorisation of • Define incident alerts • Establish incident • Direct the management
status reporting on incidents in the OT mechanisms, processes management of OT cyber incidents on
affected OT systems environment and and relevant parties in procedures for the an industry, national or
• Maintain logs of determine its priority the OT environment detection, reporting and international scale
incidents level • Develop a holistic view handling of incidents in • Manage OT cyber
• Report incidents, in • Conduct containment of of OT incidents by the OT environnment incidents to minimise
line with incident cyber incidents in the OT integrating information, • Develop a playbook for significant reputational
management systems data, alerts and analysis OT cyber incident risk to the organisation
protocols • Escalate alerts to from detection system management • Lead collaboration
• Gather relevant relevant stakeholder logs to • Lead the remediation across industries to
information or groups upon the • Distil key insights and and resolution of cyber manage manage OT
collection of occurrence of incidents impact from analyses of and data incidents at the cyber risk and incident
evidence from to facilitate execution of incidents organisational level management
stakeholders and information collection • Co-develop incident
plan of evidence management strategies

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 81
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

asset owners about • Perform first responder • Manage the containment • Resolve large-scale, on a national level with
incidents troubleshooting by of incidents within the unpredictable OT cyber external experts and
• Categorise the following pre-determined organisation incidents stakeholders for the OT
importance of procedures • Lead recovery and • Develop framework and sectors
incidents based on • Analyse incident reports, preservation of key lead the communication • Lead critical
established log files and affected evidence in line with activities to different communications to the
guidelines systems to identify organisational needs of critical stakeholders public, authorities,
• Identify the OT threats and root causes contained OT incidents • Direct post-mortem internal and external
systems and affected of incidents • Establish and drivee the activities following stakeholders
parties by the • Perform incident triage implementation of critical incidents in the • Define required
incident based on to assess severity of mitigation and OT environment standards of
information gathered incidents and security prevention processes • Develop OT cyber preservation of evidence
• Assist in mitigation of implications and policies incident mitigation in line with
incidents as directed • Implement plans and strategies organisational legal or
• Document the processes for • Support the legal action regulatory needs
modifications made remediation and prosecution
to troubleshoot and activities where
resolve problems or necessary
incidents in the • Collaborate with key
system internal stakeholders,
• Coordinate efforts to external stakeholders,
facilitate incident OT system vendors and
response processes asset owners to create
across different evidence collection and
stakeholders preservation plans

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 82
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Detect

TSC Title Penetration Testing

TSC Description Conduct penetration testing to reveal vulnerabilities or lapses in the existing OT systems

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Conduct authorised Design security testing plan, Authorise and establish
penetration testing of OT and perform advanced, organisation guidelines and
systems to expose threats authorised penetration strategies for penetration
testing testingfor OT systems, and
determine the future-
readiness of the
organisation's security
posture

Knowledge • General process and • Organisational • Design guidelines and


technical requirement objectives of best practices for
for penetration testing penetration testing penetration tests
of OT systems • Key components and • Organisation priorities
• Penetration testing methodologies in the and OT security
techniques and design of security objectives
methodologies for OT testing activities • New and emerging
systems • Types of risk trends in cyber-
• Penetration testing implications of attacks, hacking
tools and their usage penetration testing for techniques and
for OT systems OT systems security threats
• Range and types of • Penetration testing • Cost-benefit analysis
security loopholes and techniques, tools and between conducting
threats their usage for OT penetration testing OT
systems systems and
• Range and types of maintaining
security loopholes and operational uptime
threats
Abilities • Perform technical • Design security testing • Establish organisation
coordination of plan involving key guidelines and
penetration testing stakeholders and asset methodologies for the
according to test plan owners for penetration design and conduct of
templates testing activities penetration testing
• Conduct authorised • Manage the activities
penetration testing of implementation and • Develop
OT systems consisting scheduling of implementation
of a range of penetration testing strategies for
penetration testing activities, in line with penetration testing
methodologies, tools the organisation-wide activities to ensure
and techniques strategy organisation-wide
• Assess current security • Evaluate potential risks consistency of
practices and controls and, such as information security
plans

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 83
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

performance against operational or safety • Prioritise different


expected performance risks, of conducting levels of identified
during penetration penetration testing on potential risks, and key
testing attempts OT systems areas of OT systems
• Develop a penetration • Identify alternative for specific tests to be
testing report, penetration testing conducted to minimise
highlighting key threats techniques and downtime to OT
and areas for improving methodologies for OT systems
OT system security systems which • Authorise penetration
minimise risk of testing activities on
disruption, such as organisation's
creating system digital systems, in line with
twins or back-up air- business priorities and
gapped OT security requirements,
environments partnering with
• Conduct advanced, stakeholders across
authorised penetration the organisation to
testing of highly evaluate wider risk
complex and secure OT impacts of penetration
systems testing
• Determine possible • Synthesise key
impact of penetration organisational
testing on implications from
organisational OT penetration testing
operations to inform reports and propose
penetration testing appropriate follow-up
strategy actions to relevant
stakeholders
• Refine and propose
penetration test plan
templates to model
after evolving trends in
the landscape
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 84
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Analyse and Detect

TSC Title Threat Analysis and Defence

TSC Description Conduct analysis of new and incoming threats, to examine their characteristics, behaviours, capabilities, intent and interactions with the environment as well as the develop defence and
mitigation strategies and techniques to effectively combat such threats
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Perform static, dynamic or Examine threat behaviours Define and establish an
behavioural analysis on and capabilities and enterprise threat defence
malicious code and threats, circumventing anti-analysis and mitigation strategy,
debug malware, thraw mechanisms, incorporating new
attacks and document recommending techniques techniques to combat
incidents to block and mitigate emerging threats and
malicious code and attacks attacks

Knowledge • Types of threats or • Types and • Industry developments


malware characteristics of new and trends in threat
• Patterns of common and emerging threats analysis and defence
malware characteristics • Range of malware • New and emerging
• Mechanism of malware analysis techniques techniques in threat
• Various file formats of • Core concepts for analysis
malicious threat types reverse-engineering • Different enterprise
• Programming languages malware at the code threat mitigation
which malware are level strategies, approaches
created from • Anti-analysis mechanism and critical
• Types and usage of in anti-disassembly, anti- considerations
static, dynamic and debugging and • Principles underlying
behavioural analysis obfuscations threat defence and
tools mechanisms analysis strategies and
• Types and usage of anti- • Techniques to methodologies
malware tools circumvent anti-analysis • Long-term trends and
mechanisms evolution in the types
Malware defence and perpetrators of
techniques threats and attacks

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 85
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Debug malware with • Apply countermeasures • Evaluate threat analysis,


debuggers and to circumvent or subvert outcomes and reports to
monitoring tools to anti-analysis identify potential
gather information on vulnerabilities and
mechanisms
malware impact to the OT
• Correlate stages, actions • Unpack protected systems, building a clear
or malicious commands malicious executables picture of the overall
in an attack • Evaluate and make attack surface
recommendations to • Establish organisation
• Perform static and
existing strategies to threat protection and
dynamic analysis of defence strategy,
malicious code and incorporate lessons
balancing protection,
executables learn from incidents safety, operations,
• Implement behavioural • Utilise a combination of capability and cost
analysis tools to analysis techniques and • Approve
understand nature of reverse engineering recommendations to
techniques to determine strategies to improve
threats affecting OT
threat characteristics effectiveness in
systems mitigating current and
and capabilities
• Utilise anti-malware and potential threats to OT
threat gateways to • Conduct in-depth systems
thwart malicious attacks examination of malicious • Lead internal cross-
threats to understand the functional
• Generate reports on
behaviour, capabilities, communications on
incidents and threats
intent and interactions threats to OT systems,
identified, and highlight building awareness
with the environment
newly identified across the organisation
• Recommend proactive
vulnerabilities in OT • Formulate relationships
systems steps to combat and with stakeholders
mitigate malicious code, externally to stay
• Draft recommendations
threats and attack abreast of new and
to mitigate malware,
exploit kits and attacks • Assess incidents and emerging threats,
threats identified by attacks and anti-
• Document threat systems and determine if detection mechanisms in
specimen's attack existing mitigation the OT landscape
capabilities, propagation strategies are effective • Define threat techniques
characteristics and • Identify emerging and to combat emerging or
threat signatures complex threats from emerging forms of
malicious software and attacks
codes and modify • Employ new methods or
existing techniques or tools to analyse
develop new ways to malicious software and
block malicious code attacks
and attacks

The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 86
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Protect

TSC Title Threat Intelligence and Detection

TSC Description
Monitor and anticipate potential threats to OT systems and its components

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Perform security monitoring Implement intrusion detection Develop strategies to monitor Establish a threat intelligence
and interpret logs to detect technology and analyse multi- threats and project future strategy and direct analysis
anomalous activity, intrusions source information to identify technical cyber threat and integration across various
and threats vulnerabilities, potential scenarios and present mission sources to present a robust
exploits, methods, motives, reports to key stakeholders view on threats, perpetrators,
and capabilities motivations and modus
operandi

Knowledge • Methods and tools for • Range of intrusion • Mechanisms for threat • Multiple fields in cyber
monitoring network detection and monitoring detection and monitoring intelligence, including
activities, systems and technologies for OT for OT systems intelligence collection
mechanisms systems • Advanced statistical and operations and cyber
• Intrusion detection • Applied principles and tools trend analysis techniques counter-intelligence
techniques, software, and of information security • Emerging trends and • Emerging threats,
their functions • Techniques for analysis developments in OT perpetrators, doctrines and
• Types of security threats and integration of threat cybersecurity methods of operation
and intrusions affecting OT data • Types of impact analyses • Types of business,
systems • Relevant data sources of of cyber threats for OT financial, operational and
• Security protocols, threat intelligence in the systems safety impacts of
standards and data form of firewall logs, • Range of possible tactics, cybersecurity threats
encryption intrusion detection system techniques and procedures
• Indicators of attacks logs, open source internet used for security attacks
• Attack patterns and threat searches, honeypots • Key components and
vectors • Types and features of objectives of intelligence
• Techniques, methods and exploits and malware products and mission
technologies in threat data reports
collection
Abilities • Perform security monitoring • Identify resources and • Develop strategies for • Formulate mechanisms
to detect intrusions utilising technologies required for threat monitoring and and processes for
appropriate tools and intrusion detection tracking efforts across detection and identification
applications according to technical and enterprise systems of cybersecurity events as
• Monitor access control cost guidelines • Synthesise multiple well as collation and
mechanisms, network • Implement intrusion information sources and analysis of events, threats
activities and operating detection and analysis analysis reports into a or incidents affecting OT
systems based on key objectives holistic view of potential systems and its
• Interpret information from and stakeholders' threats components
logs and scanners to detect requirements • Draw insights about the • Manage the research,
threats and intrusion • Analyse collected potential impact of analysis, and data
attempts information to identify integration across a wide

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 87
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Apply detection vulnerabilities and potential estimated cyber threat variety of information
technologies, checks and for exploitation scenarios for OT systems sources
techniques to identify • Review multiple sources of • Develop threat hunting and • Determine the tactics,
anomalous activity and data and intelligence feeds intelligence reports so as to techniques and procedures
patterns • Conduct intelligence present analysis of threat used for intrusions and
• Identify indicators of analysis of OT cyber data to key stakeholders attacks on OT systems
attacks during the detection activities to identify entities • Lead comprehensive • Present an informed and
process of interest, potential evaluation of the robust point of view on both
• Escalate security threats or methods, motives, and capabilities and activities of current and anticipated
intrusions detected with capabilities cyber criminals, foreign threats, perpetrators,
with relevant parties • Assess and identify critical intelligence entities or motivations, doctrine and
contextual information for perpetrators modus operandi
cyber events • Conduct in-depth research • Articulate significance of
into OT cybersecurity evolving OT cybersecurity
issues of industry-wide or threats to critical decision-
nation-wide significance makers and senior
• Produce findings to help management in the
initialise or support law organisation
enforcement and • Present policy
counterintelligence
recommendations and
investigations or activities
impact assessments to
critical industry
stakeholders and leaders
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 88
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Detect

TSC Title Vulnerability Assessment

TSC Description Conduct threat modelling and vulnerability assessment to reveal vulnerabilities or lapses in the existing OT systems

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Execute vulnerability scans Conduct authorised testing Design security testing plan, Authorise and establish
and conduct research on of OT systems to expose and perform advanced, organisation guidelines and
exploitation of OT system threats, vulnerabilities and authorised testing as well as strategies for security
vulnerabilities, interpreting potential attack vectors in intelligence analysis on testing for OT systems, and
findings to identify security systems cyber attack incidents determine the future-
lapses readiness of the
organisation's security
posture

Knowledge • Application and usage • Process and techniques • Organisational • Design guidelines and
of basic vulnerability for secured source objectives of best practices for
assessment tools and code review vulnerability threat modelling,
tests for OT systems • Threat modelling assessment vulnerability
• Types of OT system techniques • Key components and assessment and
security vulnerabilities • Network monitoring methodologies in the source code review
and threats tools and their usage design of security • Organisation priorities
• Internal and external • Vulnerability testing activities and OT security
security standards assessment tests and • Advanced threat objectives
interpretation of results modelling, hacking, and • New and emerging
• Range and types of source code review trends in cyber-
security loopholes and techniques attacks, hacking
threats • Data and trend analysis techniques and
in cyber attacks security threats
Abilities • Perform technical • Carry out threat • Design security testing • Establish organisation
coordination of modelling and secured plan and evaluation guidelines and
vulnerability source code review criteria for vulnerability methodologies for the
assessments according • Deploy a suite of assessments design and conduct of
to test plan templates network monitoring and • Manage the vulnerability
• Execute vulnerability vulnerability scanning implementation of assessments
scans on smaller tools to assess the vulnerability • Lead security reviews,
systems, using basic threats and assessments activities, specifying the OT
vulnerability vulnerabilities in an OT in line with the systems, applications,
assessment tools and system organisation-wide processes, people to
tests • Identify vulnerability strategy be assessed
• Document the results of exploitations and • Implement advanced • Develop
security assessments potential attack vectors threat modelling and comprehensive criteria
and tests, according to into an OT system source code review for assessing the
test plan guidelines • Analyse vulnerability techniques effectiveness of
• Identify security lapses scan results to size and • Analyse patterns in security mechanisms
in the system or assess security incident data to identify and controls
security mechanisms, loopholes and threats new and emerging • Develop
based on issues • Evaluate if current trends in vulnerability implementation
documented from systems can overcome strategies for

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 89
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

vulnerability scan emerging threats and exploitation and vulnerability testing


results hacking techniques hacking techniques activities to ensure
• Record evidence of • Assess current security • Lead advanced organisation-wide
controls which are practices and controls analysis of intrusion consistency of
inadequate or not duly against expected signatures, techniques, information security
enforced performance and procedures plans
• Conduct research on parameters or associated with cyber • Synthesise key
threat actors, their guidelines attacks organisational
techniques and ways in • Develop a vulnerability • Determine hacking implications from
which vulnerabilities in assessment report, techniques and attacks vulnerability
security systems can be highlighting key threats that the organisation's assessments
exploited and areas for improving OT systems are most • Evaluate the future-
OT system security vulnerable to readiness of the
• Refine test plan organisation's security
templates to model posture in light of the
after new and advanced organisation's mission
hacking actions and the changing
technological
environment
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 90
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Identify

TSC Title OT Cybersecurity Education and Awareness

TSC Description Drive education and awareness of potential risks, mitigation strategies and best practices in OT cybersecurity; this includes facilitation of communication and training to ensure
employee capabilities, adoption and adherence to security policies and protocols.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support delivery of security Define activities required Develop communication
activities and programmes to bridge gaps in priorities and strategies in
to drive education and knowledge and alignment with industrial
trends and business priorities
awareness of OT capabilities of key
to drive awareness of OT
cybersecurity in existing personnel to effectively cybersecurity and capability
work practices deliver OT cybersecurity development in the
functions and processes to organisation
the organisation

Knowledge • Critical elements in OT • OT cybersecurity • Trends and threats in the


cybersecurity education education needs and evolving OT cybersecurity
and awareness imperatives landscape
programs • Potential threats and • Strategic partnership
• Principles of OT vulnerabilities building strategies in up-
cybersecurity encountered by end- and-coming areas in OT
• Types of OT security users during • Key business priorities
awareness or delivery operations and security implications
methods • Job roles and across OT and IT
• Methods to measure responsibility systems
effectiveness of security requirements in OT • Best practices and
education and cyber security emerging areas in
awareness programs external training
programs and research
• Matury of organisation
OT cybersecurity and
possible exposure to
cyber-threats
Abilities • Coordinate efforts to • Drive communication • Lead critical
drive awareness and and awareness of communications of OT
understanding of basic regulatory matters, cybersecurity education
OT cyber security best practices, and awareness
concepts and standards, methods programmes
importance of OT and tools in assessing • Formulate training
cybersecurity to users and mitigating OT timeline, plans,
across the organisation cybersecurity risks procedures and controls
• Identify end-users and • Define priorities and to cultivate a culture of
key responsibilities gaps for OT safe OT cybersecurity
involved in delivering cybersecurity practices in consultation
OT cybersecurity knowledge and

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 91
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Consolidate data and capabilities required to with relevant


feedback to analyse drive delivery of OT stakeholders
effectiveness on existing cybersecurity • Establish strategic
OT cybersecurity processes alliances with partners to
education and • Develop a business implement OT
awareness efforts case for OT cybersecurity training and
• Suggest content, cybersecurity ensure the ongoing
structure or approach of education and suitability and
OT cybersecurity awareness competence of personnel,
awareness programmes programmes in commensurate with the
to maximise consultation with risk to OT systems and
effectiveness based on relevant stakeholders security objectives
feedback and • Determine outcomes • Lead development of new
sentiments gathered and imperatives of OT cybersecurity
• Manage employee education and training materials in consultation
queries on potential OT programs aligned with with relevant
cybersecurity threats organisation’s security stakeholders to increase
and risks in their daily priorities awareness of developing
work practices • Identify active roles in trends and industry best
• Collaborate with the OT environment to practices
different departments to facilitate thedesign of • Guide development of
execute and incorporate OT cybersecurity cybersecurity education
OT cybersecurity education and training and awareness strategies
practices into existing programs aimed to for specific workforce
work practices drive understanding of segments with relevance
the OT cybersecurity to OT cybersecurity
risks relevant to their • Formulate processes to
duties communicate new OT
• Oversee cross- cybersecurity insights to
communication, end users in the
collaboration and organisation in a timely
sharing of knowledge manner
between different • Evaluate opportunities to
departments to enable cross-
increase awareness communication and
and bridge knowledge collaboration to enable
gaps resulting from IT integrated IT and OT
and OT convergence responses and
• Identify areas for awareness of
improvement in the convergence
organisation's existing • Review the effectiveness
OT education and of current education plans
training programs in light of developments
• Collaborate with key in the OT cybersecurity
stakeholders to landscape and regulatory
address knowledge requirements

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 92
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

gaps for key roles in • Endorse improvement to


delivering OT the organisation’s existing
cybersecurity and OT cybersecurity
facilitate safer practice, policies and
adoption of new education and training
working programs
responsibilities
The information contained in this document serves as a guide.

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 93
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Budgeting#

TSC Description Prepare organisational budgets to support short- and long-term business plans through forecasting, allocation and financial policy setting

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Prepare business unit’s Manage budgeting and Develop long-term financial Endorse organisational
operational budgets forecasting for annual plans and budget financial and treasury
financial and business requirements management policies,
planning within the business systems, budgets and plans
unit

Knowledge • Objectives, parameters • Analyse business • Recommend parameters • Determine short- and
and types of budgets function strategies, and assumptions for long-term financial
• Key principles of functional objectives and budget forecasting in needs to assess current
accounting and financial operational plans accordance with financial situations
systems • Carry out forecasting organisational needs • Formulate financial plans
• Types of data sources and budgeting for the and market conditions aligned to overall
and data required to financial year • Prepare financial organisational strategies
prepare a budget • Calculate the business forecasts to facilitate • Allocate budget
• Accounting principles unit’s cash flow financial and business resources in accordance
and practices related to requirements planning with organisational
budget preparation • Determine the business • Implement budget plans financial plans
• Key principles of unit’s financing needs for to manage resource • Review financial
budgetary control and the financial year allocation to business forecasts to anticipate
budget plans, budgetary activities changes in business and
• Compare budget data
control techniques • Manage actual budget to operational
with estimations to
• Requirements of highlight discrepancies
enable financial circumstances
Singapore’s taxation operation n to be • Review draft budgets in
• Report budget
policies measured against accordance with
calculations and
• Functional objectives discrepancies to
forecasted business organisational guidelines
and key requirements plans • Monitor and evaluate
organisation
• Organisational financial • Monitor budget actual expense figures
management to facilitate
data outcomes to ensure against budget to identify
decisions on budget
• Financial analytical allocation
proper utilisation and and address variances
techniques and accounting of resources • Report findings,
• Ensure adherence to
methodology against their intended recommendations and
financial controls in
• Stakeholders to consult purposes options to organisation
accordance with relevant
on budget calculations • Present financial management for review
organisational corporate
forecasts, budgets and in accordance with
governance and financial
budget outcomes to organisational policies
policies, legislation and
immediate supervisors
regulations
for review and approval

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 94
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Analyse business • Recommend parameters • Determine short- and • Set direction for
function strategies, and assumptions for long-term financial organisational budget
functional objectives and budget forecasting in needs to assess current planning in consultation
operational plans accordance with financial situations with stakeholders
• Carry out forecasting organisational needs • Formulate financial plans • Align budget plans with
and budgeting for the and market conditions aligned to overall organisation’s strategic
financial year • Prepare financial organisational strategies plans
• Calculate the business forecasts to facilitate • Allocate budget • Review organisational
unit’s cash flow financial and business resources in accordance financial and treasury
requirements planning with organisational management policies,
• Determine the business • Implement budget plans financial plans systems, budgets and
unit’s financing needs for to manage resource • Review financial plans
the financial year allocation to business forecasts to anticipate • Evaluate effectiveness in
activities changes in business and increasing business
• Compare budget data
• Manage actual budget to operational value
with estimations to
highlight discrepancies
enable financial circumstances • Evaluate implications of
operation n to be • Review draft budgets in financial and treasury
• Report budget
measured against accordance with management policies,
calculations and
forecasted business organisational guidelines systems, budgets and
discrepancies to
plans • Monitor and evaluate plans on the
organisation
• Monitor budget actual expense figures organisation
management to facilitate
outcomes to ensure against budget to identify • Advise senior
decisions on budget
proper utilisation and and address variances management on
allocation
accounting of resources • Report findings, refinements to financial
• Ensure adherence to
against their intended recommendations and and treasury
financial controls in
purposes options to organisation management policies,
accordance with relevant
• Present financial management for review systems, budgets and
organisational corporate
forecasts, budgets and in accordance with plans
governance and financial
budget outcomes to organisational policies • Evaluate financial and
policies, legislation and
immediate supervisors treasury management
regulations
for review and approval policies, systems,
budgets and plans for
endorsement purposes
Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 95
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Business Needs Analysis#

TSC Description Identify and scope business requirements and priorities through rigorous information gathering and analysis as well as clarification of the solutions, initiatives and programmes to enable
effective delivery. This also involves the development of a compelling and defensible business case and the articulation of the potential impact of the solution to the business.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Document business Elicit and analyse business Investigate existing business Lead comprehensive
requirements and identify requirements from key processes, evaluate analysis to understand
basic needs as well as stakeholders and assess requirements and define the underlying drivers and
potential solutions relevant solutions and their scope for recommended present a compelling
potential impact solutions and programmes business case for proposed
IT solutions

Knowledge • Processes in business • Business requirements • End-to-end requirement • Best practice


requirement from key stakeholders elicitation process methodologies in
documentation • Relevant solutions or • Business process and business requirement
• Typical business programmes priorities analysis gathering
processes and functional • Types of business • IT programme / solution • Strategic planning and
requirements solutions scoping techniques prioritisation for IT
• Existing or standard IT • Evaluation techniques or business requirements
solutions and initiatives processes for IT • Business modelling
solutions and initiatives techniques and tools
• Business case elements • Projection of long term
implications of IT
solutions or changes
• Business case
development

Abilities • Document requirements • Elicit business • Lead business • Design requirement


from operational requirements from requirements elicitation elicitation process,
management or other operational management effort, conversations and defining analysis and
stakeholders or other stakeholders interactive processes inputs required
• Identify basic and using appropriate with internal or external • Lead complex and
immediate business techniques stakeholders comprehensive analysis
needs and requirements • Review documentation • Analyse existing of business processes
• Conduct exploratory to verify accuracy and business processes and and inputs gathered to
research or information understanding of information gathered to understand long-term
scanning to consolidate business needs understand short-mid business requirements
relevant information, • Analyse data gathered to term business and their driving factors
options or ideas that can identify the business requirements of varying • Facilitate scoping and
be used problems, requirements complexity business priority setting
• Support in the and opportunities • Define scope and for strategic and
shortlisting or presented business priorities for complex IT initiatives
development of options • Assist in analysis of small-medium sized with senior stakeholders
stakeholder objectives

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 96
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

or solutions for and their underlying initiatives and • Obtain formal agreement
consideration drivers programmes from stakeholders and
• Explore relevant • Analyse requirements for recipients to the scope,
solutions or alignment with business prioritised requirements
programmes, from an objectives and priorities and establishment of a
existing repertoire, that • Obtain formal agreement baseline for solution
can address business by stakeholders or delivery
needs recipients to the scope • Manage effective
• Present solution options and establish baseline business processes,
for consideration for commencement of through changes and
• Explain how solutions solution delivery enhancements in IT
will impact the business • Evaluate potential systems, management
and address options and recommend and processes
requirements effective solutions and • Establish the
programmes that can be contribution that IT
combined or customised initiatives, programmes
to address root of and solutions can make
business needs to business objectives
• Present business case • Oversee development
for recommended and implementation of
solutions, defining solutions, taking into
potential benefits, account the change
options, associated risks implications to the
and impact organisation and all
stakeholders
• Utilise in-depth analysis
and business models to
present a strong,
compelling business
case for proposed IT
changes and solutions
• Project long-term costs
and benefits, options,
risks and impact to
senior stakeholders

Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 97
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Emerging Technology Synthesis#

TSC Description Monitor and integrate emerging technology trends and developments, structured data gathering for the identification of new and emerging technological products, services and
techniques. In addition, the performance of cost-benefit analysis and evaluation of their relevance, viability, sustainability and potential value add to the business.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Conduct research and Evaluate new and emerging Establish internal structures Establish an emerging
identify opportunities for new technology and trends and processes to guide the technology strategy and
and emerging technology to against the organisational exploration, integration and spearhead organisational
support the business needs and processes evaluation of new norms to synthesise and
technologies leverage new technologies
and trends to propel
business growth

Knowledge • Market scanning and • Current industry and • Key sources of • Critical elements of an
research techniques for technology information information on new emerging technology
emerging technology sources technologies in adjacent, blueprint
• Similar or relevant • Industry-accepted competing or relevant • Short and long-term
industries hardware and software industries impact of new and
• New technologies and IT products • Risk analysis of the new emerging technologies
products and services in • Emerging trends in technologies, and • Trends and
the market technological products implications on legal, developments in
• Typical business and services in the IT ethical or security adjacent industries
process flows industry dimensions of the • Potential impact and
• Cost-benefit analysis business disruptions to process
and evaluation methods • Change management norms in the Infocomm
for assessing new and implementation Technology (ICT)
technologies considerations relating to industry or field
• Business process flows introduction of new • Strategic partnership
and interdependencies technologies and alliance
• Business priorities, development
planning, value chain
and key processes
• Current and future
impact analysis

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 98
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Explore relevance of • Determine the suitable • Lead the identification • Develop an emerging
technologies or IT sources and relevant and evaluation of new technology strategy and
processes in use and sectors or industries to and emerging blueprint
under development in explore new technologies, techniques • Harness new
other industry sectors technologies in detail and models technologies and trends
• Conduct research on • Monitor the market to • Decipher impact of new in moulding business
new technologies keep abreast of new and emerging strategy
• Assess potential of technologies that will technologies on • Decipher the impact of
emerging technologies impact the ICT market business operations emerging technology on
to address challenges • Evaluate emerging • Experiment with the the ICT industry or field
or enhance processes technology against the integration of new and • Establish organisational
within the organisation existing business needs emerging technology norms of evaluating
• Identify processes that and infrastructure in a into the existing emerging technologies in
will be improved by the nimble and iterative business context a rapid, nimble and
application of new and manner • Establish internal iterative manner
emerging technologies • Review market research processes and • Synthesise different
and approaches and validate the new guidelines to facilitate emerging technologies
• Put forth technologies against the the research on and and trends into initiatives
recommendations or organisational needs evaluation of new or products that propel
options of technology • Provide technologies business growth
models that offer recommendations with • Establish organisational • Establish alliances to
process improvement strong rationale for the need and selection facilitate emerging
outcome of the criteria for new technology exploration
evaluation technologies across organisations
• Communicate with • Articulate the business • Build strategic
external partners to considerations and partnerships with
obtain and explore parameters relating to organisations and
emerging technologies the adoption of new suppliers to optimise
technologies access to new and
• Manage collaborations emerging technology
with external partners to • Create thought
gain access to and leadership around
explore emerging emerging technologies
technologies and their impact
Contexts in which this skill may be applied includes, but is not limited to:
Range of Application
• Overall business operations
• New IT products or services
• IT operations
• Marketing function
• Sales function
The information contained in this document serves as a guide.
#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 99
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Learning and Development#

TSC Description Manage employees’ learning and development activities to maximise employee’ potential and capabilities to contribute to the organisation

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Support employees to Drive employee Mentor successors, support
develop their skills and developmental programmes organisational learning and
facilitate learning in alignment to business develop and engage
opportunities and coaching needs employees to develop a
junior management strong organisational base
employees

Knowledge • Legal and ethical • Legal and ethical • Legal and ethical
considerations relating to considerations relating to considerations relating to
identification of individual the broader development succession planning,
training requirements and provision of human and organisational
• Market trends and resource information and learning and
developments in relation services development
to business functions • Links between human • Organisational policies
which may aid in resource and and procedures relating
identifying new and organisational strategies to succession planning,
emerging skill • Communication and organisational
requirements techniques and channels learning and
• Roles and accountability relevant for development
for identifying disseminating • Relevant professional or
appropriate employee • Facilitation and industry codes of
skill requirements communication skills for practice and standards
• Methods of facilitation of working with relating to learning and
individual learning stakeholders in the development
opportunities development of human • Implications and impact
• Instructional techniques resource activities, on employees and the
and methods for working services and organisation arising from
with team members to programmes succession management
increase performance • Models and methods for processes, learning and
• Relevant professional or evaluating the development processes,
industry codes of effectiveness of human and engagement
practice and standards resource activities, activities
• Communication services and • Relationship between
techniques and channels programmes engagement and
relevant for • Legal and ethical performance
disseminating considerations relating to • Concepts and theories of
information regarding consultation and succession planning and
communication with employee engagement

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 100
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

team activities, services organisational • Market trends and


and products stakeholders developments in relation
• Models and methods of • Relationship between to succession
training needs analysis strategies developed at management, employee
• Negotiation techniques more senior levels and engagement and
for encouraging the operational or learning and
employees to participate functional requirements development
in processes to improve of other areas within an
skills organisation
• Implications and impact
of coaching and
mentoring activities on
the individuals
participating in the
process
Abilities • Review organisational • Identify human resource • Develop a succession
strategies and business trends that may impact management strategy in
plans that impact on the on organisational consultation with the
team’s competency performance human resources function
requirements • Implement identified and other relevant
• Select and use tools to changes to human personnel to facilitate
review current skills of resource activities, succession planning
employees services and • Identify critical roles and
• Establish employees’ programmes to support feeder positions to provide
learning priorities the organisation’s opportunities to groom
• Support employees in strategic and business successors
drafting learning and goals • Work with managers and
development plans • Establish performance identified successors to
• Facilitate learning and indicators and measures create and implement
development for the effectiveness of development and
opportunities to address human resource retention plans
skills needs activities, services and • Prioritise learning and
• Provide resources and programmes designed to development programmes
support for learning and support the to support employees in
development organisation’s strategic the development of their
• Establish clear learning and business goals professional, technical
outcomes and • Review organisation’s and managerial
timeframes strategic and business competencies
• Guide senior managers to
• Review learning plans to identify areas
impacting on human demonstrate
outcomes against
resource activities, independence and
learning goals
services and responsibility for their
programmes personal development
• Facilitate involvement of • Provide engagement
stakeholders to review strategies to improve

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 101
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

human resource service organisational


effectiveness and clarify performance
future expectations and
requirements
• Communicate with
stakeholders to clarify
their needs relating to
human resource
activities, services and
programmes
Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 102
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Manpower Planning#

TSC Description Estimate and fulfil manpower requirements to achieve business goals and targets

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6


TSC Proficiency
Description Facilitate recruitment of Conduct project level Formulate organisational
manpower to meet forecast manpower forecasts to manpower plans to bridge
requirements bridge gaps between gaps between manpower
manpower demand and demand and supply based
supply, and facilitate on current and projected
development of recruitment needs of the organisation
strategies
Knowledge • Elements of • Factors influencing • Organisation's products,
organisation-approved future manpower policies and processes
job description templates demand • Types of links between
• Organisational and • Techniques of manpower plans and
project workflows manpower modelling organisational strategies
• Talent needs of the • Parameters for accurate • Types of workforce
organisation forecasting trends that impact
• Job architecture • Statistical analysis organisational
elements techniques for reviewing performance
capacity and capability • Legal and ethical
of existing workforce considerations affecting
• Methods to identify manpower policies
elasticities of substitution • Types of Human
in headcounts and skills Resource policies and
• Organisation's human procedures
resources capabilities • Models and methods for
and people strategies evaluating the
effectiveness of
manpower forecasting
and planning

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 103
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

Abilities • Determine job roles and • Review workforce • Gather data to forecast
positions required execution plans needed demand of headcount
• Identify skills needs to meet project and/or and skills at
related to job positions functional objectives organisational level
• Develop job descriptions • Adapt mathematical • Review internal
to articulate role and skill models to conduct education and training
requirements statistical analyses of programmes to verify
• Assist in developing manpower demand manpower supply
recruitment strategies • Review productivity against future demand
with Human Resource metrics of existing • Prepare contingency
department residential contractors plans to meet the turn of
• Negotiate with (RCs) and common economic and
residential contractors contractors (CCs) technological change
(RCs) and common • Develop manpower circumstances
contractors (CCs) on forecast based on job • Initiate changes to
manpower needs roles and positions Human Resource
required activities, services and
programmes
• Guide key stakeholders
with information on how
manpower decisions
assist in achieving
strategic organisational
goals

Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 104
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Partnership Management#

TSC Description Build cooperative partnerships with inter-organisational and external stakeholders and leveraging of relations to meet organisational objectives. This includes coordination and
strategising with internal and external stakeholders through close cooperation and exchange of information to solve problems.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support the development Propose strategic initiatives Evaluate and drive inter- Inspire direction and define
and coordination of with other organisations organisational initiatives, key imperatives for inter-
partnerships with external based on identification of and negotiate strategic organisational partnerships,
stakeholders and mutual benefits, and analyse information exchange with leading negotiations with
organisations their impact key partners senior leaders and on an
international scale

Knowledge • Types of external • Cost-benefit analysis of • Strategic partnership • Strategic networking


partnerships external partnerships management techniques
• Objectives of external • Return on Investment • Negotiation techniques • Inter-organisational
partnerships (ROI) calculation and strategy and relationship
• Stakeholders involved in assessment for external management
external partnerships partnerships and
engagements
Abilities • Support the identification • Propose potential • Manage inter- • Inspire direction for inter-
of potential initiatives, strategic initiatives, organisational initiatives, organisational
programmes and programmes and programmes and partnerships and culture
projects with other projects with other projects of collaboration
organisations organisations • Evaluate potential • Define key imperatives
• Coordinate partnerships • Identify common issues organisations and of partnerships with
with external as well as mutual assess the costs and external organisations
stakeholders benefits and potential benefits of a shared and stakeholders for
• Maintain communication gains of collaborating partnership mutual benefits
channels with inter- with other organisations • Recommend potential • Leverage broad and
organisational • Establish communication organisations with deep networks and
stakeholders and channels with inter- shared or relations to establish
partners organisational complementary cooperative and
stakeholders, to objectives, or which strategic partnerships
coordinate, address allow for mutual benefits and meet organisational
needs, queries or of a shared partnership objectives
concerns, and facilitate • Negotiate the strategic • Lead negotiations for
consensus-building exchange of information key partnership
• Analyse strategic impact with key partners or agreements
or outcomes of external stakeholders • Lead communications
partnerships to • Co-create a robust inter- with top management or
determine effectiveness organisational strategy senior leaders from other
of partnerships to effectively address organisations on an
common issues faced international scale

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 105
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

• Evaluate effectiveness of • Define a robust inter-


partnerships and identify organisational strategy in
room for enhancement consultation with
partners and
organisation
representatives

Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 106
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management

TSC Title People and Performance Management#

TSC Description Establish organisation-wide performance management strategies to facilitate performance management, including identification of key performance indicators and employee
performance assessment
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Implement performance Develop performance Establish organisation-wide
management programmes management programmes performance management
strategies
Knowledge • Organisational • Industry codes of • Organisational strategy
performance practice related to and the impact on
management performance human resource (HR)
programmes management strategies
• Statistical analysis • Best practices in • Emerging trends and
techniques for evaluating performance developments related to
current performance management performance
management • Market trends pertaining management
programmes to performance • Relationship between
• Key performance management performance
indicators (KPIs) used in • Roles and management
performance responsibilities of key programmes and
management stakeholders in development of business
programmes performance objectives
• Types on competency management • Stakeholder
frameworks in • Behaviours that engagement techniques
organisation influence employees’ • Links between
performance performance
• Statistical analysis management and
techniques for organisational strategy
evaluating performance
management data
Abilities • Facilitate the • Review the key • Cascade organisational
identification of KPIs for performance indicators level key performance
teams and individuals (KPIs) as identified by indicators (KPIs) to
with managers line managers departments
• Conduct research on • Cascade departmental • Engage stakeholders in
the best practices in KPI level KPIs to teams and identifying performance
development individuals management
• Communicate KPI • Provide guidance on the requirements
guidelines to line use of performance • Develop performance
managers management tools and management strategies
• Implement performance resources available aligned to organisational
management • Engage employees in strategies
programmes according understanding their

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 107
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

to overall performance roles and • Oversee the


management strategies responsibilities in implementation of the
• Communicate performance performance
performance management management strategies
management • Monitor adherence to • Facilitate the
programmes to performance development of
employees using management organisational policies
appropriate requirements that supports the
communication • Train line managers on performance
channels the appropriate mindset management strategies
• Analyse relationship and behaviours in • Manage performance
between performance conducting performance issues for senior leaders
management and reviews • Evaluate the impact of
business performance • Develop review systems performance
• Evaluate effectiveness for obtaining feedback management
of performance related to performance programmes on
management management systems business performance
programmes • Manage grievances • Monitor emerging trends
• Refine performance related to performance that may impact
management management for junior performance
programmes based on employees management
feedback • Review trends on the programmes
impact of performance • Endorse refinements to
management performance
programmes on management
businesses programmes
• Recommend
refinements to
performance
management
programmes based on
industry best practices
Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 108
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

TSC Category Organisational Management and Support

TSC Title Stakeholder Management#

TSC Description Manage stakeholder expectations and needs by aligning those with requirements and objectives of the organisation. This involves planning of actions to effectively communicate with,
negotiate with and influence stakeholders.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Identify key stakeholder Serve as the organisation's Develop a stakeholder Define a strategic Establish the overall vision
relationships, needs and main contact point for engagement plan and stakeholder management for the alignment of
interests, and coordinate stakeholder negotiate with stakeholders roadmap, and lead critical organisation's and
with stakeholders on a day- communications, clarifying to arrive at mutually- discussions and stakeholders' objectives, co-
to-day basis responsibilities among beneficial arrangements negotiations, addressing creating shared goals and
stakholders, and engaging escalated issues or strategic initiatives with
them to align expectations problems encountered senior stakeholders.

Knowledge • Key stakeholder • Stakeholder mapping • Analysis of stakeholder • Analysis and planning • Key processes and
relationships techniques relationships and levels approaches in considerations in
• Basic stakeholder • Stakeholders' roles and of interest, power and stakeholder formulating stakeholder
communication relationships, and their impact management management strategy
techniques impact on the • Process of setting and • Evaluation techniques to • Changes and trends in
organisation aligning expectations prioritise stakeholder stakeholders' demands
• Range of communication • Negotiation techniques relationships and priorities
channels, approaches and approaches • Negotiation styles and • Senior stakeholder
and techniques • Conflict resolution skills to gain consensus engagement strategies
• Stakeholder techniques and • Value added from and techniques
engagement strategies approaches stakeholder relationships
• Escalation procedures
for handling disputes
Abilities • Identify key stakeholders • Conduct stakeholder • Analyse the complexities • Prioritise stakeholder • Establish the overall
and the organisation's mapping to identify of stakeholder relationships based on vision for how the
relationship with them facets and nature of relationships and in-depth analysis and the organisation's and
• Identify stakeholder relationships with and determine their level of organisation's strategic stakeholders' objectives
needs, positions and between stakeholders interest, power and objectives and direction can be shared or aligned
interests • Manage stakeholders' impact on the • Develop a strategic • Anticipate changes in
• Coordinate basic expectations and needs, organisation stakeholder stakeholders' needs,
activities and processes based on the • Examine stakeholder management roadmap, demands, priorities and
with stakeholders on a organisation's position positions, agendas and aligned to the expectations
day-to-day basis and resources priorities which may be organisation's vision • Optimise alignment of
• Apply knowledge of the • Articulate each explicitly articulated or • Lead discussions and stakeholder
organisatisation's stakeholder's role and unspoken negotiations to influence management strategy
position to respond to responsibilities • Develop a stakeholder key stakeholder with organisational goals
simple queries from • Serve as the engagement plan to decisions • Lead strategic
stakeholders organisation's main guide communications • Address escalated negotiations, discussions
contact point or with different groups of issues raised by or and engagement
representative for stakeholders encountered with initiatives with key
communicating with stakeholders

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 109
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

stakeholders, addressing • Set clear parameters leaders and senior


queries and providing and expectations of stakeholders
clarifications stakeholders' roles and • Represent the
• Represent the responsibilities organisation to resolve
company's interests • Negotiate with major escalated issues
when interacting with stakeholders to align involving critical
stakeholders interests or goals and stakeholders
• Engage stakeholders arrive at mutually- • Deepen relationships
regularly to set and align beneficial arrangements with critical senior
expectations and • Investigate problems or stakeholders on an
activities as well as to issues encountered in ongoing basis
exchange feedback stakeholder relationships • Co-create shared goals,
• Review feedback from objectives and vision
stakeholders and with senior leaders and
affected parties, and stakeholders
recommend
improvements to
stakeholder
management strategy
Range of Application

The information contained in this document serves as a guide.


#Extracted from SkillsFuture ICT Framework

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1 Page 110
OPERATIONAL TECHNOLOGY CYBERSECURITY COMPETENCY FRAMEWORK

QUERIES & FEEDBACK

Questions and feedback on this document may be submitted to:


[email protected]
[email protected]
[email protected]

© Cyber Security Agency of Singapore


Effective Date: 8 October 2021 version 1.1

You might also like