Estonia, a small nation in Europe, suffered the first nationwide cyberattack in 2007 when a DDoS attack crippled several key websites including those of banks, Parliament, government ministries and the media. Since then, cyberattacks against governments as well as private enterprises have been growing in prominence
Asia has also fallen victim to these attacks. Earlier this year, the Indonesian and Australian governments were invaded by hackers. Indonesia's voter database were infiltrated in a bid to disrupt the country's presidential election. The attacks included attempts to “manipulate or modify” content as well as to create so-called ghost voters. The computer network of the Australian Federal Parliament was also breached. Singapore healthcare group SingHealth saw hackers steal the personal information of 1.5 million patients including that of the Republic’s Prime Minister Lee Hsien Loong.
In 2018, cyber saboteursinfiltrated Cambodia’s government and media sites in advance of the national elections there. Vietnam in the same year also suffered a spear phishing campaign against government and military agencies.
The list of attacks in the Asia-Pacific, and elsewhere in the world, is long and growing. Is the world on the brink of cyberwar?
Three experts from Australia, Indonesia and Singapore have mixed feelings on this issue. They are aware of the escalating political tension in this sphere. But they are also actively campaigning for greater cooperation from various sectors including governments and cybersecurity companies and practitioners to work together against the cyber perpetrators.
David Koh, CEO of Cyber Security Agency of Singapore, agrees with his co-panellists, diplomats and security experts Johanna Weaver from Australia and Grata Endah Werdaningtyas from Indonesia, that states should respect each other and that peaceful co-existence is best. They shared their views in a Day 3 session at RSA Conference 2019 Asia Pacific & Japan titled, “Asia Pacific and Views On The Resurrected United Nations Norms Process.”
The trio have been involved in the 2015 United Nations report on norms for cybersecurity behaviour among countries. The report sets out 11 norms of behaviour including interstate cooperation on security, prevent wrongful acts against using ICT, do not damage but protect critical infrastructure, ensure supply chain security and report ICT vulnerabilities. This report has been accepted by the United Nations and member countries.
The panellists are passionate advocates, aiming to bring countries, governments and organisations to chip in and fight the bad guys. Werdaningtyas pointed out that the nature of cyber attacks are trans-boundary and cannot be solved by single countries. Koh added that countries should take action to stop the attacks if they originate from their shores.
State actors have the sophisticated technological capability to wreak digital havoc and bring whole countries to their knees. That’s the reason many countries cannot deal with the cybersecurity threat by themselves because they are small, in size as well as technological capability. They need to band together to fight the attacks which are coming from all over the world.
Singapore is also working with Indonesia and Australia to help other ASEAN countries get up to speed on cybersecurity, supporting them in capability development.
One major development needed is the sharing of information among ASEAN countries. An ASEAN contact database, said Weaver, with phone numbers and email addresses of relevant people, is available to any person or organisation faced with a cyber incident and or crisis.
It is a pity that this panel session played to a small audience. There is much the cybersecurity industry can contribute given its expertise, experience and cutting-edge technology. They can promote the message of respectful and peaceful co-existence to their customers and within the industry.
I’m reminded of the Fables of Aesops tale, where a father of three sons gave them a bundle of sticks and asked them to break it. They can’t. Then he gave them individual sticks to break, which they did easily. The moral of the story is that divided, you stand weak, but together you are strong. This is true in cybersecurity too.