Singapore and the United States look to develop their cyber security cooperation after signing a new memorandum of understanding (MoU) aimed at strengthening information sharing and encouraging cyber security exchanges between the two countries. The Memorandum of Understanding was signed by the chief executive of Singapore’s Cyber Security Agency (CSA), which oversees keeping Singapore’s cyberspace secure and the director of the United States Cybersecurity and Infrastructure Security Agency (CISA), which leads the country’s national effort to protect and enhance the resilience of its physical and cyberinfrastructure.
Singapore and the United States share deep mutual interests in enhancing cyber security cooperation, particularly as cyber security has become a key enabler for both countries to leverage the benefits of digitalisation to grow our economies and improve the lives of our people.
The agreement came as US Vice-President visited Singapore as part of a tour to the broader Southeast Asia region. “Singapore and the United States share deep mutual interests in enhancing cyber security cooperation, particularly as cyber security has become a key enabler for both countries to leverage the benefits of digitalisation to grow our economies and improve the lives of our people,” said chief executive of Singapore’s Cyber Security Agency (CSA).
“This expanded MoU is a testament of our shared vision to work together towards a stable, secure, resilient and interoperable cyberspace. We look forward to continuing our work with the US to strengthen cybersecurity cooperation between our countries,” he added.
Along with increasing and strengthening information sharing, the agreement is expected to broaden cooperation through joint exercises, as well as expand the countries’ partnership into new areas of cooperation such as critical technologies and research and development. “Cyber threats don’t adhere to borders, which is why international collaboration is a key part of the administration’s approach to cyber security,” said the director of the United States Cybersecurity and Infrastructure Security Agency (CISA).
“The MoU allows us to strengthen our existing partnership with Singapore so that we can more effectively work together to collectively defend against the threats of today and secure against the risks of tomorrow,” she added. The agreement comes just weeks after the CSA flagged an increase in cyber threats, such as ransomware and online scams since the pandemic started in 2020.
According to new figures in CSA’s Singapore Cyber Landscape (SCL) 2020 report, released in July, the CSA’s SingCERT (Singapore Computer Emergency Response Team) handled more than 9,000 cases last year, compared to nearly 8,500 cases reported in 2019 and 4,977 cases in 2018. The latest threat tally marks the second consecutive year of increases in cyber threats handled by the agency.
“Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly-evolving global cyber landscape and increased digitalisation brought about by the COVID-19 pandemic,” CSA said in a statement.
The agency asserted that throughout 2020, it observed global threat actors capitalising on the pandemic’s anxiety and fear, with ramifications felt by individuals and businesses. These threat actors specifically targeted e-commerce, data security, vaccine-related research and operations, and contact tracing operations. Some of the observed global threat actor trends were mirrored locally, according to CSA, with an increase in ransomware incidents and the emergence of COVID-19-related phishing activities in the region, the latter of which coincided unsurprisingly with the rise of work-from-home (WFH) arrangements.
Breaking down the types of threats observed, the latest report reveals that 89 ransomware cases were reported to CSA in 2020, a 154% increase from the 35 cases reported in 2019. These incidents primarily impacted small and medium-sized businesses (SMEs) in industries such as manufacturing, retail, and healthcare.
The CSA also stated that the rise in local ransomware cases was most likely influenced by the global ransomware surge, with three distinct characteristics observed as ransomware operators deployed increasingly sophisticated tactics: shifting from indiscriminate, opportunistic attacks to more targeted ‘Big Game Hunting’; the use of ‘leak and shame’ tactics; and an increase in ransomware-as-a-service (RaaS).
Looking ahead, the report identified several emerging cybersecurity trends to keep an eye on in the context of an increasingly complex and dynamic cyber threat landscape. According to the CSA, one of the major trends to keep an eye on is the continued evolution of ransomware attacks.
The President of Taiwan said that no stone is being left unturned in strengthening Taiwan’s cybersecurity industry in line with the goals and objectives of the government’s five-plus-two innovative industries plan. Cybersecurity is one of the most important of the six core strategic industries founded on the plan. This is evidenced by strong legislative support in the form of amendments to the National Security Act in 2019 and the passage of the Cybersecurity Management Act in 2018.
The number of cyberattacks is on the rise in Taiwan as malevolent actors seek to take advantage of an open internet and liberal social media environment. Left unchecked, the attempted theft of business-related data and intellectual property poses a threat to Taiwan’s freedom and democracy.
The government is responding to this challenge by integrating the development of cybersecurity, information and communication technology, the internet and telecommunications. In addition, a data-driven active defence system aimed at bolstering the resilience and security of Taiwan’s critical infrastructure is in the pipeline.
Taiwan is promoting a partnership between Taiwan’s public and private sectors, as well as like-minded partners in the international community. By sharing information, it is possible to efficiently and swiftly strengthen the country’s digital defences.
According to a page, to actively promote national cyber security policy, accelerate the establishment of the national cyber security environment, and enhance national competitiveness. After National Information and Communication Security Taskforce (NICST) was established, the “National Center for Cyber Security Technology, NCCST” was set up. The organisation aims to support NICST to establish the cyber security protection mechanism and provide technical services to government agencies, including prior-incident security protection, during-incident early warning and responses, and post-incident recoveries and forensics.
Since the establishment of NICST, our country has proactively led the government agencies to strengthen cyber security protection, which has achieved preliminary results in these years. However, cyber security requires long-term dedication. The goal is to enhance the overall cyber security defence capabilities and achieve the vision of “A Safety and Resilient Smart Nation” through four strategies listed below:
- Attract high-level talents all over the world; cultivate independent power of research and innovation.
- Promote public-private-partnership governance; enhance the resilience of critical infrastructure.
- Utilise smart and forward-looking technologies; Proactively defend potential threats.
- Complete an intelligent and secure society; boost non-governmental protection capabilities.
In response to Taiwan’s unique political and economic situation and global cyber security threats, it is urgent and necessary to continuously promote and implement cyber security tasks to respond to external challenges. Therefore, Taiwan formally established the Department of Cyber (DCS) to promote an overall national cyber security protection mechanism from the Yuan level; and led the national cyber security missions comprehensively with a team of dedicated professionals and special task forces.
As reported by OpenGov Asia, cybersecurity holds a significant impact on national security, public interest, national life, or economic activities. Enhancing the national security protection capacity, strengthening the security, and fostering resilience of basic communication networks are necessary.
Regarding the economy, various industries should incorporate cybersecurity protection thinking to form the basis of the united defence of government agencies and private enterprises. Hence, the awareness of cybersecurity will be deeply rooted in the mindset. To gradually enhance Taiwan’s cybersecurity protection capabilities, NICST proposed the National Cyber Security Programme of Taiwan (NCSP) as the reference guide for promoting cybersecurity protection strategy and plan.
Taiwan’s national cybersecurity policy has undergone systematic development and gradually achieved the scheduled milestones to effectively reinforce the readiness of national cybersecurity. The objectives include the establishment of a safe environment of cybersecurity, the completion of cybersecurity protection management, sharing of multiple cybersecurity information, the expansion of the cultivation of cybersecurity talent, and the reinforcement of international cybersecurity exchanges.
As banks embark on the journey of cloud and digital transformation, cybercriminals have taken advantage of the pandemic to target remote, distracted, and vulnerable workers through a new digital work-from-home operating model.
The head of the Bankers Association of the Philippines (BAP) has warned that cybercrime is a major concern for lenders as the country’s banking industry rapidly digitises. According to the Philippines Central Bank, Bangko Sentral ng Pilipinas (BSP), 98.4% of reports on crimes and losses filed by banks from March 15 to May 18, 2020, alone were online in nature and amounted to a total loss of P60.6 million. The Philippine National Police (PNP) Anti-Cybercrime Group, reported a 37% increase in online scams from March to September 2020 compared to the same period in 2019.
With this, a Philippine senator has introduced new legislation to combat new cybercrimes such as skimming and phishing, which have reached an all-time high since most transactions have shifted online during the pandemic. The “Bank Account, E-wallet, and Other Financial Accounts Regulation Act,” also known as Senate Bill No. 2380, aims to promote and maintain a stable and efficient financial system while also recognising the need to protect the public from cybercriminals and syndicates that target bank accounts and e-wallets.
Digital platforms made it possible to keep our economy going, but it has also become an opportunity for crime to thrive. That is why we must put up the proper safeguards that will not only avoid criminal activity but also unlock the potential of digital platforms as well.
– Chairperson of the Senate committee on banks, financial institutions, and currencies
The measure aims to ensure that the hard-earned money of the public is kept safe and that public trust and confidence in the nation’s financial system are maintained as it continues to innovate and traverse through cyberspace, said the senator.
If the bill is passed, agencies such as the Bangko Sentral ng Pilipinas, the Department of Justice, the Department of Information and Communications Technology, the National Bureau of Investigation, and the Philippine National Police will develop an “Anti-Scam/Financial Fraud Roadmap” to educate and inform consumers about financial scams and how to avoid them, as well as to expedite the regulation and prosecution of financial cybercrime cases.
The bill also requires banks, non-bank financial institutions, and other relevant institutions to not only respond to cybercrime reports more quickly, but also to enhance their online platforms, payment systems, and data security.
OpenGov Asia earlier reported that a joint statement issued by the Philippines business firm says the impact of cybercrime in the country is expected to grow further. Globally, it is expected to reach $6 trillion in 2021 and up to $10.5 trillion annually by 2025 if businesses and governments do not take proactive measures on this issue soon.
About 42% of the firms surveyed in the Philippines reported that they were hit by ransomware in 2020, which is an increase from 30% in 2019. Of these, 76% suffered data encryption, which means the hackers locked their databases until their demands were fulfilled. The number is said to be higher than the global average of 54%.
A UK-based cybersecurity firm found that Philippine organisations have spent an average of $820,000 (approximately P40 million) to recover from these attacks – costs that cover the ransom paid, and the costs incurred by the downtime. The cost is lower than the global average of $1.85 million. The global average is $170,404, with $3.2 million being the highest recorded in the survey.
Cybercrime is a major concern for businesses of all sizes, from small start-ups to large multinational corporations. With so many high-profile breaches in the last decade, the threat is as visible as it is constant. Furthermore, the COVID-19 has aided in increasing reliance on digital channels, but it has also attracted bad actors as online scams have grown in popularity.
The Australian Government has awarded the world’s largest data centre & colocation infrastructure provider with Certified Strategic Hosting Provider status, the highest-level assurance required of data centre providers to host Australian Government data, based on requirements defined in the Hosting Certification Framework managed by the Digital Transformation Agency.
This new certification applies to several of the company’s International Business Exchange (IBX) data centres in key metros across Australia. The Managing Director of the tech company says the company has a proven track record as a long-term provider. The firm understands and welcomes the need for clear and transparent whole-of-government outsourcing arrangements in respect of data centre service providers, whilst ensuring Australia remains a competitive, global digital economy.
The company has many certified, densely connected, highly secure IBX facilities in key metros across Sydney, Canberra, Perth and Melbourne and has been a data centre provider to the Commonwealth and state governments for many years under previous hosting panels. They also work with most of the major managed service providers, cloud providers and network providers who provide services to the Australian Government.
Combined with Defence Industry Security Program (DISP), Australian Cyber Security Committee (ACSC) membership and various ISO and SOC certifications, this latest certification ensures that the company meets the highest standards to continue supporting its partners’ capabilities to serve the Australian public sector.
Digital transformation initiatives that leverage cloud technologies and enable remote working are on the rise in Australia, and so is the demand for cybersecurity solutions, according to a new report published by a leading global technology research and advisory firm. The report sees the cybersecurity industry in Australia growing significantly in the coming years.
As enterprises move more data to the cloud and enable remote working, they want to improve their cybersecurity services. The COVID-19 pandemic has put a greater strain on cybersecurity systems as many employees continue to work from home.
In addition, the use of artificial intelligence with cybersecurity tools will grow, the report says, driven by the adoption of the IoT, an increase in threats, concerns about data privacy and stringent new regulations. Next-generation identity and access management, messaging and network security will be key cybersecurity investment areas for Australian companies through 2022.
Demand for cloud-based detection and response solutions is also expected to increase in the coming years, the report predicts. Threat intelligence and strategic security services can also help organizations become more resilient.
Identity and access management platforms have also become one of the most important technology investments for Australian organizations due to the move toward cloud and hybrid IT, the report adds. As enterprises move their IT infrastructure to the cloud, many cybersecurity providers are also moving identity and access management tools from on-premises to the cloud.
Advanced data loss prevention tools have also become a mature and important market in Australia, since the adoption of the Australian Privacy Act of 2018. Stricter privacy regulations have prompted enterprises in the country to adopt the technology.
Finally, many enterprises in Australia are adopting advanced endpoint threat protection, detection and response solutions to protect employees who continue to work from home, the report says. Demand is also triggered by legacy technology still being used and by an explosion of internet-facing endpoints and services that create technical complexity, leading to configuration errors.
The Internet can be a dangerous place where cybercriminals can steal one’s money, passwords, and even identity. E-commerce fraud is one of the most serious concerns when it comes to online scams. Consumers are the victims of most e-commerce fraud incidents, ranging from credit card fraud to bogus returns. Because of the safety and convenience of these platforms, as many Filipinos continue to stay indoors or strive to live under the “new normal,” there has been an increase in the adoption of digital banking and financial services.
With the significant increase in digital fraud in the country, Filipino consumers need to be warier of the people they interact and transact with online, especially when money is involved. Not only should they protect their financial information, but they should also be wary of people asking for personal information such as their phone numbers, email addresses or ID numbers,” said the Country Director for the Philippines, of a cross-border digital payments company.
“Over the past year, we have seen accelerated growth in the use of digital methods of making payments as well as sending and receiving remittances. But the current trend that we are seeing infers that the increase would likely continue beyond the pandemic,” he added. They have seen consistent, double-digit growth month-on-month since it opened international transfers to domestic mobile wallets.
Nevertheless, as the amount of money circulating in the digital sphere grows, so does the number of fraud cases. As per a study released in March 2021 by global insights company, 44% of Filipino consumers were targeted by digital fraud attempts in the previous three months, while enterprises saw a 315 increase in fraud attempts compared with the previous year. As the majority of financial and shopping activity moves online, he urges Filipinos to be cautious not only of the people they encounter online but also of the platforms and websites with which they transact.
Credit card fraud, identity theft, chargebacks, and bogus returns are the most common types of e-commerce themes. These have an impact on both consumers and merchants. Late-night orders, dropbox addresses, items listed for sale outside of the country, express shipping, free/anonymous email services, high dollar orders, and cases where the “ship to” address differs from the billing address are all red flags of possible fraud.
Consumers can protect themselves from e-commerce fraud by doing the following:
- Shopping at secure websites
- Doing research on the website before they place the order
- Reading the site’s policies on privacy and security
- Being mindful of cookies
- Never give out your social security number
Merchants can reduce fraud by:
- Verifying a cardholder’s info
- Using transaction controls
- Maintaining an internal negative file
- Implementing a transaction data field
OpenGov Asia reported that an international tech giant behemoth has unveiled details of its upcoming AI-powered chip designed to bring deep learning inference to enterprise workloads to help address fraud in real-time, to identify and stop a variety of fraud attacks and crime quickly and accurately – while improving customer and citizen experiences.
The new chip has an innovative centralised design that enables clients to use the full power of the AI processor for AI-specific workloads, making it ideal for financial services workloads such as fraud detection, loan processing, trade clearing and settlement, anti-money laundering, and risk analysis. The chip has 8 processor cores with a deep superscalar out-of-order instruction pipeline and a clock frequency of more than 5GHz, which is optimised for the demands of heterogeneous enterprise-class workloads.
“Consumers should think first before they click on a link, or before signing up for a financial service or an online shopping website. The more discerning users get, unfortunately, the more deceptive fraudulent activities get as well,” he added. He went on to say that Filipinos should avoid third-party intermediaries or those who offer to make transactions on their behalf, and instead only transact with trustworthy platforms that offer security measures to prevent fraud and other malicious activities.
New Zealand’s third-largest internet provider said its response to a cyberattack had temporarily caused widespread internet outage. The company said its systems had blocked a denial of service (DDoS) attack on one user, but in doing so, it caused outages for some of its customers in the country’s largest cities, Auckland, Wellington, and Christchurch. According to the company, the problem was resolved in 30 minutes.
“We are working closely with the vendor of this platform to understand why this occurred,” said a company spokesperson. A DDoS attack is an attempt to disrupt internet access, which is usually caused by overloading the target resource. In general, perpetrators flood the attack victim from a variety of sources, making it impossible to stop the attack quickly. Site users across Aotearoa reported problems accessing sites, with major ISPs all reporting a massive spike in connection problems.
The pace of change and emergence of new and complex threats mean constant vigilance is required. By refreshing the action plan each year, we will keep pace with any emerging threat.
– New Zealand Government’s Communications Minister
In the case of a sudden outage, the focus will be on questions such as “how much will it cost, and what steps can the organisation take,” and this is where cybersecurity measures come into play. Options for redundancy or backup may be available. Consumers may be able to avoid problems and stay connected if they have a backup cellular internet service to which they can turn if their fixed service goes down.
Some internet service providers bundle 4G backup with fixed-line broadband, recognising that service continuity is an important feature of modern internet service. Similarly, network redundancy has historically worked for larger organisations, allowing them to avoid connectivity issues. According to new research, 64% of users have Wi-Fi routers in their homes, but 1 in 6 do nothing to protect them. According to an IT company, a group of hackers developed a new method for involving home routers in phishing attacks.
The attackers were hacking and changing the settings of vulnerable routers. After that, they could redirect users to a bogus web page that displayed a message purportedly from the World Health Organisation, instructing them to download an application that provides information about COVID-19. The application would then act as an information thief, uploading the stolen data to the hackers’ servers.
New Zealand’s cyber security solutions and initiatives are required in response to these internet outages and attacks. The New Zealand Government’s Communications Minister has launched an action plan and a national plan to combat cybercrime and keep New Zealanders safe online.
This new strategy highlights New Zealand’s vision of being secure, resilient, and prosperous online. Individuals will be safe online due to this strategy, while New Zealand businesses will be able to thrive and function. This strategy also recognises that New Zealand’s ability to be secure and resilient online is critical to developing a more productive and competitive economy.
OpenGov Asia reported that the Home and Community department and the housing ministry are on the approach of implementing zero-trust security in the government of New Zealand. After COVID-19 transformed the risk profile of the company, it rapidly introduced laptops and remote access for its employees and led the Home and Community department as a member of the Government Information Security Forum. Zero trust does not replace perimeter safety but works on the presumption that an infringement has taken place. Under the model, system access requests are treated as if they came from an open network on a “never trust, always verify” basis.
Sophisticated intelligence and analytics are then deployed to detect and respond to anomalies in real-time. The Data Protection Officer, the Information Manager, and the cyber security / IT security manager of the Home and Community department worked closely together to protect information that can be personally identified. In its 2022 financial year, the agency also had 21 projects under its programme, while the Home and Community Department reported to the Social Services Parliament and the community selection committee in June.
Under the Ministry of Electronics and Information Technology, the National e-Governance Division (NeGD) plans to establish cyber labs for the ‘Online Capacity Building Programme on Cyber Law, Crime Investigation and Digital Forensics’. The government has signed a memorandum of understanding (MoU) with the National Law University (NLU) in Delhi and the National Law Institute University (NLIU) in Bhopal to set up these cyber labs.
The goal of this programme is to provide police officers, state cyber cells, law enforcement agencies, prosecutors, and judicial officers with the skills to deal with cyber forensics cases efficiently and effectively as per the Indian Cyber Law. According to a press release, it aims to adopt the best global practices, standards, and guidelines. The NeGD, in collaboration with NLIU-Bhopal, is offering a nine-month online postgraduate (PG) diploma to 1,000 Officials through its learning management system (LMS). This programme enables users to learn on the go-anywhere and anytime. The first batch started last November with a total of 579 participants approved for the course.
An official at the inauguration event noted that the programme is expected to be met with enthusiastic response from a wide spectrum of law enforcement, from senior officers in law enforcement agencies and the judiciary. It holds immense potential for vast scalability since it is an online programme. With regards to expanding and strengthening the programme, the official spoke about the design of forensic labs and said that other law schools will be engaged in the hub.
Another objective of the programme is for each enrolled participant to undergo a practical training session and personal contact programme at the designated cyber lab to be set up in the NLU-Delhi campus to facilitate the course. The proposed cyber lab will be equipped with hybrid architecture, which supports both virtual and physical modes of capacity building in the areas of cyberlaw, cybercrime investigation, and digital forensics. The lab will have a training room with a capacity of 25 users and remote connectivity for 25 users each at a given time augmented with AR/VR features.
Other law schools and universities will be on-boarded in the hub and spoke models for future endeavours. The law schools will provide the necessary faculty members, expertise, and content for the virtual classes. NeGD will develop the e-content based on the support received from faculty members. NLIU-Bhopal, being the lead academic partner for the course, will award the PG diploma certificate to the participants who successfully complete the course.
India was ranked 10th in the Global Cyber Security Index (GCI) 2020, which was released by the United Nations specialised agency for ICT, the International Telecommunication Union (ITU). The United States ranked first, followed by the United Kingdom and Saudi Arabia. Estonia was ranked third, South Korea, Singapore, and Spain shared the fourth spot. Russia, the United Arab Emirates, and Malaysia shared the fifth spot, Lithuania came in sixth followed by Japan, Canada, and France. The countries were measured along five pillars, namely, legal measures, technical measures, organisational measures, capacity development, and cooperation to generate an overall score. The countries were asked 82 questions where 20 indicators were measured. India answered questions on legal measures for data protection of its citizens and its Computer Emergency Response Teams (CERT), which is responsible for coordinating responses to computer security events on a national level. India’s overall score was 97.49. It placed 4th in the Asia-Pacific region.
Riding the current digital wave, many companies are changing their operating processes and moving to a more digitalised environment. Along with this transition, comes a host of new cyber threats. Digital transformation and hyper-convergence also create unintentional gates for risks, vulnerabilities, and attacks.
Additionally, the COVID-19 pandemic has exposed businesses to cyber-attacks and data breaches and malicious cyber actors who exploit working models in the new normal, where many businesses operate remotely.
Companies may be unaware of and are not prepared for these events with a suitable plan in place.
Security, along with wealth and sustainability is one of the three key aspects of the Thailand 4.0 Plan. It strongly encourages businesses to alter their cyber safety strategies to implement more protective measures. Nonetheless, the Thai government remains deeply committed to cyber resilience and works closely with businesses to ensure they deploy rigorous measures.
With first-hand experience and lessons from others, organisations are becoming increasingly aware of their vulnerability to cyber-attacks that could paralyse the company or destroy IT systems permanently.
Business continuity plans could use a cyber-resilience strategy that can help to cope with disruptive cyber incidents. Typically, the plans include means to protect critical applications and data against such risks and to recover from infringement or malfunction in a controlled and measurable way.
To withstand and thrive during these numerous threats, firms have recognised that they need to do more than build a reliable infrastructure for growth and data protection. Now businesses develop holistic continuity plans that can maintain their business operations, protect data, protect the brand, retain customers – and ultimately help to lower total operating costs over the long run.
The implementation of a business continuity plan will then reduce downtime and improve business continuity, IT crisis recovery, corporate crisis management capacity, and regulatory compliance in a sustainable way.
This was the focal point of the OpenGovLive! Virtual Breakfast Insight on 2 September 2021 – a closed-door, invitation-only, interactive session with digital executives from Thailand’s top enterprise organisations. Resonating the objective of imparting the current advancements in Cyber Security which will benefit business operations in the long run.
Have the right partners for the right protection
To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia delivered the opening address.
He acknowledged that there have been numerous events involving ransomware and other cyber-attacks over the last eighteen months. Businesses have been targeted from all directions and from every angle.
How much of a business’ legacy systems have been retained as people shift – or want to shift – to hybrid models. As every organisation, agency and institution makes digital transitions, doors are being opened that create vulnerabilities without even realising it.
The question we have to ask in all this, said Mohit, is what the root causes are and how do we overcome them. At some point, he opined, a business will become a target of an adverse cyber event. It is up to the business to prepare themselves, maintain awareness and ensure business continuity plans are in place.
Businesses must continuously ask how they plan to protect themselves for the long term. For that, he firmly believes, it is important to have the right partner to assist with cyber security – the most critical aspect of business continuity.
Furthermore, having competent partners who can focus on data protection, data recovery and compliance against a wide range of cyber threats enables businesses to concentrate on their primary tasks and key deliverables.
Cyber resiliency in a VUCA environment
The next speaker, Vijay Iyer, Regional Vice President – Solutions Engineering, Claroty shared his perspective on the variety of cyber-attacks against the industry, the increasing frequency, and severity.
The most notable threat in recent times has been ransomware attacks. Although they have been around for years, they have resurfaced with renewed ferocity. In the ransomware attack on the Colonial Pipeline attack, cybercriminals seized business data from the company’s networks and held it hostage until the company paid a $5 million ransom.
Although the pipeline was only shut down for a few days, it took several days to reopen. The effects of temporarily shutting down one of the largest pipelines in the United States, which supplies the East Coast with roughly 100 million gallons of fuel per day, rippled across the economy, causing gas prices to spike to a six-year high.
According to Vijay, there is an active threat landscape with a wide range and scope of where and how assaults occur. While most organisations are undergoing necessary digital transformation – undoubtedly beneficial to the business, country and citizens – it creates greater cyber risks.
Companies that run facilities with old and new systems should be classified as brownfield. The concept commonly used in the industry describes problem areas that require the development and deployment of new software systems while legacy applications and systems are still functioning Brownfield Operational Technology poses a significant risk because these legacy components were not designed to be secure. This has been Claroty’s primary focus area to date, based on market demand.
Another reason for susceptibilities comes from evolving critical infrastructure. In most organisations, there are several infrastructures areas where companies need to deploy newer generations of components. Industrial IoT systems are being infused into older OT environments and, in some cases, replacing or complementing the existing infrastructure.
Businesses need to address the cybersecurity need for critical infrastructure. Industrial and commercial OT and industrial IoT are getting inseparable as they have combined security needs. This leads to an increased threat surface from cyber-attacks on both sides of the supply chain stated Vijay.
As a result of the pandemic, most organisations have shifted to hybrid or hybrid access which has resulted in significant exposure to critical infrastructure. In addressing this, clients face issues such as complex firewall configurations, slow emergency response time, too many perforations, purdue violations etc.
There are four pillars on how companies should build visibility, continuity and resiliency in industrial operations – Reveal, Protect, Detect and Connect.
Visibility, which is the most essential part for the company, includes asset visibility, network visibility and process visibility. According to Vijay, companies must understand not only the details of their assets but also how they are placed in the environment. When businesses have this granular understanding, they will be in a much better position to detect deviations and anomalies from that novel operating condition.
In the end, organisations must bring their findings and correct issues by filling the gaps and connecting them to the existing technology stack that the company has invested in. This will extend their business ROI and other technology applications that have been invested in the IT and OT areas.
Bowtie: robust cybersecurity strategy for the new normal
Digitalisation and IoT have upended the most basic assumptions about operational security, said the next speaker, Mathieu Lahierre, Principal, Application & Data Security – Cybersecurity, Technology Risk & Compliance, BHP.
Today’s industrial facilities, including mine sites, mineral processing plants and remote operation centres, are unquestionably the most vulnerable to cyber-attacks. Their operational systems can be compromised by internal and external bad actors, resulting in safety and production failures.
Today, an approach that brings together IT and engineering is required to address cyber security programmatically while also being sustainable. Businesses must be aware of the types of cyber risks they face in the primary sector, as well as the consequences of those risks. The main reason, he feels, it is difficult to secure Industrial Control Systems (ICS) is that it was not designed to be connected in the way that networks are today.
Mathieu introduced the cyber risk bowtie analysis that offers a powerful tool to effectively visualise complex IT risks. The bowtie diagram also provides a useful structure for implementing control measures and preventing incidents. The importance of an IT process for business becomes clear through this clear risk visualisation, which is easy to understand not only by IT personnel but also by all people within the organisation.
In short, using bowtie models for cybersecurity allows leaders to show employees why the IT department insists on controls that have been accused of being tedious and obstructive. They understand that greater compliance is an immediate benefit and avoiding cyber events will help the company retain control of its intellectual property, assets, market share, revenue and reputation.
Mathieu concluded that it is critical to clearly define the roles and responsibilities of every department involved, from the manager to third parties, with a single line of accountability. In his opinion, the mining industry, where traditional boundaries between corporate IT and ICS did not exist, is now autonomous, with the digitalisation of mining sectors in operation.
He stressed that businesses could begin by assisting the maturity of cyber security controls and going beyond traditional operational safety considerations by implementing a secure vision and resilience programme. BHP’s vision is to achieve operational experience by taking advantage of productivity benefits offered by the digitalised and fully integrated ICS setup within its version.
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences, and impart professional learning and development for participants.
The first poll asked about the concerns delegates have when considering the current cyber security landscape. Over half the delegates (54%) went with the Increasing incidence of ransomware, supply chain attacks and vulnerabilities. About a third (29%) said their concern was that legacy systems and lack asset visibility, lack of awareness of what to protect and how. A tenth indicated adversaries targeting OT systems to inflict cyber-physical attacks and 7% opted for increasing remote work arrangements due to COVID-19.
Delegated were asked what they rely on to check and guide the cyber security posture of their organisation. About two-thirds (67%) went with industry compliance-based controls e.g., ISO, NIST, IEC62443. About 15% said that regulatory codes of practice or guidelines passed by a regulatory authority was their go-to while 11% opted for threat-based Risk modelling e.g., Mitre ATT&CK, Lockheed Martin Kill Chain. About 7% chose supply-chain risk management e.g., accreditation schemes to rely on.
Asked about their top key value driver would be to address or fix cybersecurity gaps within their organisation, over half (54%) chose understanding risk with actionable response and remediation. About a third (32%) opted for detecting Threats and Vulnerabilities. The remaining delegates were equally divided (7% each) between securing how Remote Access is done and achieving complete visibility and segmented environments.
Surveyed on what the key adoption challenge within their organisation would be, about one third (36%) answered legacy systems and proprietary protocols in OT. Just over a quarter (27%) felt bridging the IT-OT divide, extending SOC technology and resources to embrace OT would be an issue. Another 27% felt that priorities in OT systems, safety and availability and hesitancy to adopt IT solutions (Cloud, MFA, key management) were considerations. A tenth went with integrating new technology in brownfield infrastructure.
The fifth question asked how they would describe the current state of their cyber security technology stack. Well over a third (39%) say that they have gaps in cyber security trained people and cybersecurity-related processes and professional services. Over a quarter (26%) are looking to better understand what they need and why they need some of the technologies they do not have. Another 26% said while they have a technology stack addressing IT parts of the enterprise, they have specialised technology for OT needs. Just under a tenth (9%) confirmed that they have all the technologies they need to achieve cyber security resiliency and desired posture.
Delegates were finally asked how they would best describe their current state of cyber security operations. To this 54% answered they have a Security Operations Centre that is already catering to IT but need to extend controls to OT. A fifth (21%) stated that they do not plan to have a Security Operations Centre and cyber team and another 21% said they do not have a Security Operations Centre yet but have gone through an assessment and have a defined program. About 4% are in the process of building a Security Operations Centre.
Companies are now developing holistic business continuity plans that can keep your business up and running, protect data, safeguard the brand, retain customers – and ultimately help reduce total operating costs over the long term. Having a business continuity plan in place can minimise downtime and achieve sustainable improvements in business continuity, IT disaster recovery, corporate crisis management capabilities, and regulatory compliance.
In closing, Vijay thanked the delegates for the interesting and insightful session. He gained and learned a lot in terms of how the delegates presented their perspectives on cybersecurity. He invited delegates to reach out to his team and him to explore ways they could assist their organisations on their cyber resilience journey.