Govts need multi-faceted cyberespionage stance

Cyberespionage is a growing threat to governments around the world, if the level of spending poured into securing cyberinfrastructure is anything to go by.

In a phone interview with ZDNet Asia last week, Joe Pasqua, Symantec's vice president of research, said the resources put into cybersecurity programs are "a pretty good indication of the level of perceived threat out there" from government-sponsored activities or attacks.

"If you look at what's going on in the U.S., there are literally billions of dollars being put forward by the government for new cybersecurity programs," he pointed out. "That's a response to the rising threat that is there, both to government-based as well as corporate systems which are part of each nation's critical infrastructure."

Explaining that critical infrastructure can include telecommunications networks, Pasqua said the U.S. government, for instance, is "very justifiably concerned" that not only its own systems, but also the infrastructure of corporations that serve citizens, are protected.

Canadian researchers last week released a document about GhostNet, a cyberespionage network they claim comprising 1,295 infected computers in 103 countries. The report said nearly 30 percent of these machines are considered of high value and they resided in the foreign affairs ministries or embassies of Asian and Southeast Asian economies including Indonesia, Korea, the Philippines, Taiwan and Thailand.

In addition, it revealed that sensitive information, including documents from the private office of the Dalai Lama, were exposed when Tibetan computer systems were compromised. The report pointed to a China link, but said it would not draw conclusions about the exact motivation or identity of those responsible.

A spokesman from China's foreign ministry last week however, slammed the allegations as "lies", according to an Agence France-Presse report.

Pasqua told ZDNet Asia that to defend against cyberespionage, governments need to take a "multi-faceted approach"--in line with the complexity of threats. "[Those threats are] everything from very intricate technical attacks all the way to, in some sense, completely non-technical social engineering attacks--getting people to do things for you that they shouldn't be doing."

Just as there is a wide spectrum of attack surfaces, there are also varied technologies to defend against and manage threats, he added. The strategy, therefore, needs to incorporate all three elements, that is, preventing the attacks, and detecting and responding to them.

At the same time, each layer of the technology stack--hardware, operating systems, applications, connectivity--needs to be hardened, said Pasqua. This is especially relevant as more and more governments and societies head into cloud computing, which is set to "introduce a whole new set of both attack vectors and technologies for preventing, detecting and responding".

Symantec Research Labs, he added, would be stepping up research efforts to provide additional online safety for its customers, including governments.