How EMA Protects Singapore's Power System from Cyber Threats

How EMA Protects Singapore's Power System from Cyber Threats

04 Feb 2026 Featured Stories 04 Feb 2026 Share

Electricity powers almost everything we do — often without us noticing. We flip a switch, the lights come on, our homes cool down, and our devices stay charged. Most days, it simply works.

Behind this everyday convenience is a complex power system that must operate seamlessly around the clock. Like any other power system in the world, our system is becoming more interconnected and digitalised, protecting them from cyber threats has become a critical part of keeping Singapore’s power system reliable. Much of this work happens quietly, behind the scenes.

Reliability cannot be taken for granted. As power systems become more digitally enabled to improve efficiency and resilience, the need to proactively manage cyber risks increases in tandem.

“If cyber attackers infiltrated our power systems and disabled critical functions, this could potentially trigger widespread outages and a national emergency”, Ng Jui Seng, a Specialist (Physical & Cyber security) at the Energy Market Authority (EMA) said.

Ng Jui Seng, Specialist (Physical & Cyber Security) at EMA, works behind the scenes to protect Singapore's power system from cyber threats.

Behind the scenes, Jui Seng and his team work tirelessly to prevent such scenarios from happening.

“Our role is to ensure the continued reliability and security of the power system as cyber risks continue to evolve,” he said. “Much of this work happens quietly in the background, and our aim is to ensure that daily life and essential services continue without disruption.”

From

“Black Swan” to National Security Priority

In the past, cyberattacks on power systems were often seen as unlikely – a so-called "black swan” event.

That mindset has completely changed.

Jui Seng shared that managing cybersecurity in the power sector is particularly challenging as Operational Technology systems are of different made and designed years ago. “The systems were designed to operate continuously and safely, but cyber threats are becoming increasingly sophisticated,” he explained.

Power generation facilities on Jurong Island, Singapore's energy hub.

And unlike a laptop or smartphone, which can be restarted to install security updates or patches, power systems cannot simply be shut down. “They are required to operate continuously to ensure an uninterrupted supply of electricity and gas. Simply put, you can’t just pause the power system to apply updates because any disruption has immediate consequences for homes, businesses and the economy,” he reiterated.

That is why protecting the power system is not something EMA can do alone. It takes trust, coordination, and a shared responsibility across the entire power sector.

Building a Strong Defence Together

So how does Singapore protect its power system?

Jui Seng and his team work closely with the Cyber Security Agency (CSA) and critical information infrastructure (CII) owners. These CII owners include organisations that operate the power system, power/gas plants, electricity transmission and distribution networks.

EMA taking part in a 2024 cybersecurity tabletop exercise led by CSA.

When potential cyber risks surface, they are first picked up through ongoing monitoring and information-sharing arrangements. From there, EMA works closely with CSA and CII owners to understand what is happening on the ground, check the health of the critical systems and align on the appropriate precautionary actions to be taken.

Where needed, EMA steps in to take a closer look at the cybersecurity posture of CII owners, from how they monitor and detect threats to the additional protective measures they put in place, so that the power system continues to operate securely and reliably. “We work closely with CII owners to strengthen the security of their infrastructure, so that risks to the power system are well mitigated and protected,” Jui Seng said.

EMA also works closely with stakeholders through various exercises, forums, and dialogues to help them stay prepared.

For example, EMA organises regular forums where CII owners receive updates on emerging cyber risks and lessons from overseas incidents. EMA also takes part in multi-agency exercises where operators respond to realistic cyber and crisis scenarios. These exercises help identify gaps and strengthen their responses before similar incidents happen locally.

Learning from Every Crisis

Jui Seng credits the role of sustained close collaboration between CSA, EMA and CII owners in supporting Singapore’s power system resilience.

"The CII owners take their responsibilities seriously," he said. "When new security measures are introduced, they understand why they are needed and act on them quickly."

Still, he stressed that cybersecurity work is never “done”. Every incident, whether cyber-related or not, is treated as an opportunity to learn and improve.

He cited a power outage incident that happened several years ago. While subsequent investigations confirmed that it was not cyber-related, the incident prompted a valuable experience to validate our response plan. EMA, together with CSA, developed a checklist to help operators quickly assess whether a cyber element may be involved during a major power outage. This enables operators to narrow down potential causes more efficiently and support faster restoration of power.

Preparing for the Future

As Singapore’s power system becomes more digital and complex, Jui Seng said cybersecurity must be built in from the start.

“Security cannot be an afterthought. New systems must factor in cybersecurity at the design stage. This is what we call ‘security by design’,” he said.

For individuals and businesses, Jui Seng also shared simple but essential cyber hygiene tips – e.g. keeping systems updated with the latest patches, using multi-factor authentication, being cautious of phishing emails, and regularly backing up important data. He also stressed the critical need to maintain ownership of all IT assets and regularly back up important data to ensure systems can be restored safely.

As power systems become more digital, cybersecurity is essential to power system security.

“These steps make a real difference when it comes to recovering quickly from incidents,” he said.

Looking ahead, Jui Seng emphasised the importance of continued vigilance and collaboration across the sector to sustain Singapore’s power system reliability and security.

“We have experienced CII operators, strong governance, regular exercises, and close collaboration with one another,” he said. “It’s this quiet, behind-the-scenes partnership that keeps the power system running smoothly and securely.

From 1 to 15 February 2026, EMA will be co-leading Exercise SG Ready with MINDEF and partners to strengthen Singapore’s preparedness for crises and disruptions.

For more information on how individuals and organisations can prepare and respond to power outages, visit this page for more information.

Tags

{{ event }}

Related Media

{{whiteTags}} ## {{whiteTags}} {{whiteTags}} View All