In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore’s “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.
Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.”
Other topics covered in the interview include:
- The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.
- Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they’re dealing with is the same. It’s a threat actor out there to try to disrupt.”
- The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation
- What does success mean in information sharing – diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences.
John Lee, Managing Director, Global Resilience Federation
John has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.
Thian Chin Lim Senior Director (Governance Group) GovTech
Thian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity.
Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA).
Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.
Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor’s Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.
Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.
