Public-private collaboration needed to combat security
SINGAPORE--A deeper level of partnership between public- and private-sector organizations is pertinent in the fight against cybercrime, in light of a fast-expanding Internet and increasingly sophisticated threats such as Stuxnet, according to security insiders.
Speaking at the Governmentware 2011 Conference and Exhibition here Tuesday, Masagos Zulkfli Bin Masagos Mohamad, Singapore's minister of state for home affairs and foreign affairs, said closer public-private collaboration is a "key ingredient" in the information age, as cyberattacks have increasingly targeted critical infrastructure.
Cyberespionage had risen in 2010 and governments were subjected to highly sophisticated cyberattacks that caused data to be leaked, Zulkfli noted. In addition, the trend of hacktivism or politically-motivated hacking has emerged, with recent high-profile incidents associated with the Anonymous and Lulzsec groups.
Another speaker, Shigeru Kitamura, director-general for foreign affairs and intelligence at National Policy Agency of Japan's security bureau, also pointed to the rise of cyberterrorism and cyberwarfare. Such acts could cause serious disorders and disruptions in systems and turn IT into "weapons", he said.
Robert Lentz, president and CEO of Cyber Security Strategies, added that there have been a number of cyberattacks on large public and private organizations between 2008 and 2011, including Sony, the International Monetary Fund (IMF) and RSA. The former deputy assistant secretary of defense for cyber, identity and information assurance in the U.S. Office of the Assistant Secretary of Defense also cited attacks associated with WikiLeaks and Stuxnet as among the notable cybersecurity incidents in the last three years, with the latter hitting a "cyber tipping point" for the U.S. Department of Defense.
Elaborating, Unmesh Deskmukh, Symantec's security sales director for Asia-Pacific and Japan, said the Stuxnet incident "crossed the digital divide", in that the malware had "obviously" gone through many years of development" to target specific industrial infrastructure. "If it can run a nuclear plant, it can definitely bring down an entire country," he warned.
According to Lentz, experts in the past had "misjudged" how fast the cyberworld and cyberthreats would grow, and underestimated waves of IT industry growth in the information age.
Kitamura concurred, noting that the Internet is expanding rapidly and people are increasingly dependent on the online realm. Cyberspace brings about benefits but unexpected threats are now waiting, making this dependence "society's vulnerability"--it is hence important for public authorities and private companies to "share the modus operandi of cybercrime", he said.
However, he acknowledged that cost and confidentiality are the "key concerns" of private enterprises, which lead to challenges in building sustainable and resilient public-private partnership.
Boost for Singapore cybersecurity
Being a financial, technological hub, Singapore must step up measures with a strong pool of cybersecurity experts and continual development of young pool of talents, Zulkfli said.
To that end, he announced that the Singapore Infocomm Technology Security Authority (SITSA) has signed educational agreements with the National University of Singapore (NUS), Singapore Management University (SMU) and Temasek Polytechnic to prepare for the next generation of security experts. Under the partnership, SITSA will set up cybersecurity labs to provide a "realistic environment" for students from the three tertiary institutes to learn and ease their transition into the working world as security professionals.
"It is important for Singapore to adopt a forward-looking posture with cyberthreats looming," Zulkfli said, adding the country will aim to forge alliances to establish strategy, government-to-government collaborations as well as constantly guard against security threats.
Gerhard Watzinger, corporate strategy & business development corporate vice president at McAfee, told ZDNet Asia in an interview on the event sidelines that Singapore has been a "role model" in cybersecurity with robust technology and well-educated citizens. In contrast, emerging economies and those associated with political instability do not have good cybersecurity practices.
"If governments don't open up and become part of the international cyber community, it hurts them at the end of the day because they do not have shared information on how to protect themselves," the Germany-based executive warned.
"Unique" to the Asia-Pacific region are rapid IT consumerization and rampant usage of hand-held devices--represented by Google Android-powered mobiles and "unlocked and jailbroken" Apple iPhones, Watzinger said. The employee and consumer are "one person" and the smartphone a single communication platform, which carries risks, he pointed out, adding mobile security is the topmost concern.
While Singapore has a strong "government-to-citizen relationship" and robust technology, it faced challenges of communicating cybersecurity issues to the "average Joe", Watzinger noted. There is a "huge gap" between the educated government and citizens with "no awareness" on security issues, he said.
Stressing that security is not just about technology, Watzinger said governments must recognize the importance of education and communicate to the country's and citizens through initiatives such as awareness campaigns. Guidelines and policies on cybersecurity should be created and governments must ensure they have the means to keep up with threats in real time, he added.