Govt red tape adds to security threats

SINGAPORE--Bureaucracy as well as a lack of communication and information sharing amongst countries, are impeding the fight against cyberthreats, according to experts.

Citing a 2007 incident, where Estonia suffered a series of denial-of-service attacks that forced the country to disconnect from the Internet, Datuk Mohd. Noor Amin, chairman of the International Multilateral Partnership Against Cyber Threats (Impact), said the attacks were "not high-tech in nature" but needed swift action from countries involved.

Speaking at a media briefing held here Monday, Amin noted that Estonia was not able to resolve the matter quickly enough because cooperation was required from countries with which Estonia did not have diplomatic relations.

Before Impact was established, governments "generally do not share any [cybersecurity] information" with other administrations, he said. The group's aim to improve global collaboration and information sharing is a "first step" in facilitating the sharing of data relating to the threat landscape.

Eugene Kaspersky, founder and CEO of Kaspersky Labs, said the borderless nature of cybercrime also exposes inadequacies in how law enforcement agencies cooperate to solve cases. Police in one country often has to contact law enforcement departments in several other countries to assist in investigations, he said, noting that this system is "bureaucratic" and has a low rate of success in nabbing the cybercriminals.

Reiterating his call for an Internet Interpol, or a dedicated global agency with power to rein cybercrime, Kaspersky said the Internet has to be regulated like other public networks such as transport and utilities.

Impact, the Russian security veteran added, is "one of the most promising" agencies to manage regional and national police departments. Kaspersky, along with other illuminaries including former White House security adviser Howard Schmidt and "Father of the Internet" Vinton Cerf, serve as international advisory board member of Impact.

First announced by former Malaysian premier Dato Seri Abdullah Badawi at the World Congress on IT in 2006, Impact was officially launched last year and includes among its functions, the management of a Global Response Center that offers a snapshot of the threat landscape based on real-time data from 18 industry partners.

According to Amin, over the last year or so, there have been incidents where Impact had managed to "flag early warning of impending threats" toward a specific sector in a particular country. With the information, authorities involved were able to take proactive steps to mitigate risks, he said, noting that without this intelligence, the effects of an attack would have been severe.

The initiative also goes some way in tackling emerging issues such as cyberespionage and cyberwarfare, he said. "When you have everyone at the table, there is going to be a consensus eventually on what are the acceptable codes of conduct by member countries.

"This is a far more effective tool than just one country--no matter how powerful--telling others [what or what not to do]," said Amin.