CENS – GFF Cyber-Security Workshop: Towards a Secure and Resilient Cyberspace

CENS – GFF Cyber-Security Workshop: Towards a Secure and Resilient Cyberspace

CENS – GFF Cyber-Security Workshop: Towards a Secure and Resilient Cyberspace 12–13 JULY 2010 MARINA MANDARIN HOTEL SINGAPORE REPORT ON THE WORKSHOP JOINTLY ORGANIZED BY THE CENTRE OF EXCELLENCE FOR NATIONAL SECURITY (SINGAPORE) AND THE GLOBAL FUTURES FORUM (INTERNATIONAL) WITH THE SUPPORT OF THE NATIONAL SECURITY COORDINATION SECRETARIAT (SINGAPORE) Contents Page Executive Summary 3 Welcome Dinner Speech 5 Welcome Remarks 6 Welcome Address 7 Keynote Presentation 8 Panel 1: Overview of Cyber Threats 9 Panel 2: Technological and Legal Tools 12 Panel 3: Implications for Homeland Security 16 Panel 4: Cyber-Security from a “Real World” Perspective 19 Panel 5: Cyber-Threat Mitigation Strategies & Policy Implications 24 Panel 6: Roundtable Discussion: Policy Takeaways & the Way Forward 27 Rapporteurs: Jenna Park, Clinton Lorimore, Yeap Su Yin, Yolanda Chin and Ng Sue Chia Edited by: Ng Sue Chia This report summarizes the proceedings of the conference as interpreted by the assigned rapporteurs and editor of the S. Rajaratnam School of International Studies. Participants neither reviewed nor approved this report. The conference adheres to a variation of the Chatham House rules. Accordingly, beyond the points expressed in the prepared papers, no attributions have been included in this conference report. EXETI CU VE SUMMARY Online terrorist communication has driven concerns that anticipation of current and impeding cyber-security threats. violent extremist groups/individuals have advanced from Similarly, the need for a whole-of-society approach towards disseminating propaganda on the Web to conducting cyber-security was underscored by Mr. Peter Ho, Head multi-level outreach activities and possibly planning of the Singapore Civil Service and Permanent Secretary cyber-based attacks on par with real-life wars. While for National Security and Intelligence Coordination, in his the threat of cyber-terrorism seems impending, it also welcome address. highlights a range of potential cyber-threats to national security that needs to be addressed fairly quickly. They The implications that cyber-security breaches have on range from online financial fraud to the pilferage of national security are broad and far-reaching. Indeed, personal identities and state information by criminals and Ruth David highlighted that a key challenge to state-backed hackers. cyber-security is perhaps in the development of counter-attack strategies that would be followed through Recent Botnets, or Internet Robots, attacks have illustrated by governments, corporations and private Web-users alike. the ease at which cyber-attacks can be conducted. A Given the dependency on Web-based technologies for network of computers could be infected and, thereby, daily operations and day-to-day chores, states, corporations setting off a domino chain of database and systems crashes and individuals are inevitably affected when a seemingly without the need for a highly skilled computer engineer to remote network or database crashes whether as a result of carry out the attack. The mainstreaming and incorporation an unintentional technological fault or a deliberate attack. of advance communication technologies into such devices as smart phones and game consoles has drastically changed It is generally agreed that to counter cyber-threats, there the way information is owned, exchanged and modified. needs to be collaboration among all sectors of a society Anyone with a Wifi-enabled phone, for instance, is capable and between states. It may sound Cliché, but, the threat of transmitting information to the cyber-community and certainly lies in the borderless and virulent nature of cyber- altering public perception. attacks of any sort. As such, cooperation and collaboration are imperatives to outwitting, outlasting and outlawing the As such, the Centre of Excellence for National Security perpetrators and malwares per se. Against this backdrop (CENS), a research unity of the S. Rajaratnam School of the Honourable John Grimes and John Savage stressed, International Studies, and the Global Futures Forum (GFF), over and above other recommendations, the importance with the support of the National Security Coordination of information sharing and international partnerships in Secretariat (NSCS), part of the Prime Minister’s Office, moving ahead of our adversaries. Singapore, jointly organized a two-day workshop (12–13 July 2010) on “Cyber-Security: Secure and Resilient David Auscmith, on the other hand, opined that Cyberspace” to deliberate on ways to counter current and cyber-defence is only as effective as our existing intelligence emerging cyber-threats from a whole-of-society approach. or knowledge of the threat allows it to be. Similarly, The workshop was held at the Marina Mandarin Hotel, Alexander Lim articulated the Interpol’s preference to Singapore, and was well attended by a multi-disciplinary train law-enforcement personnel to better understand cast of research analysts, technologists and national the uses of existing tools over random investments into security officers. technologies that may not add to existing intelligence over the current threat scenario. Anthony Lim also added that The workshop commenced with a welcome dinner lecture applications cannot be expected to “defend themselves”. It (11 July 2010) by Sheila Ronis where participants of the was asserted that the best way to prevent an application workshop gained an overview of the challenges to national attack is to ensure that the gap between software design and security. She noted in particular that a synthesized approach information security is bridged. Moreover, Tyson Macaulay that combines foresight tools, hyper-accelerated learning also argued that most anti-virus software is no more than and integrated government decision-making processes 60 per cent effective at detecting and removing novel pieces are the pre-requisites to the successful countering and of malware. He argued that it is only through information 3 C- ENS GFF CYBER-SECURITY WORKSHOP sharing and gathering from multiple sources, that Interdependency (CII) relationships. A shut down in one cyber-resilience could be built. component of a critical infrastructure, he emphasized, could bring about major disruptions to systems. As such, Applications security aside, Lori Lessner spoke on Manabu Nabeshima mentioned that the incorporation violent extremists’ presence and their modus operandi of CII analysis would not only give policymakers a fuller in the cyber-sphere. In particular, it was highlighted that picture of the impact of a critical infrastructure shutdown violent extremists are switching from the traditional but also offer them a range of possible scenarios. As for “call to prayer” Web-postings to the creative usage and Japan, existing policies and measures undertaken in the uploading of rap videos online to appeal to a resentful and field of information security aims to perpetuate the tradition “online” youth group. On the same theme, Sarah Womer of public-private sector cooperation. It was argued that shared with participants how a closer examination of the as what is being protected belongs to the private sector, “online enemy” and their activities in the cyber-sphere Japan’s information security policies have been designed could provide vital indications of impeding real-life plots. to allow room for the society to take appropriate measures In the Philippines’ context, Nicolas Ojeda argued that a to secure their own information networks and systems. general lack of understanding by key government and private stakeholders over the seriousness and impact of As a final roundup of ideas and suggestions put forth during both current and emerging cyber-threats have thus far the discussion panels and syndicate sessions, the workshop impeded any improvements in countering, for instance, closed with a roundtable discussion on the immediate the Abu Sayyaf Group’s communication with the world actions to take. It was generally agreed that: through new media technologies. 1. A legal framework needs to be established. As current Similarly concerned with cross-sector cooperation and the responses to threats tend to be reactive, expertise dual functions of Web-based communication technologies, can be better consolidated when a legal framework is the finance and telecommunication sectors face a dilemma in place; of securing their networks and making their services as 2. An operational definition of “cyberspace” would reduce accessible to public usage as possible. Gunawan Husin conceptual ambiguity and allow for workable solutions added that the financial sector, being the first line of to be devised. However, this should not be at the defence, is under tremendous pressure to counter the expense of developing high impact solutions; possible abuse of online financial services and products 3. There needs to be a holistic approach towards for criminal and terrorism purposes. There is also the cyber-security. To this end, three areas for development difficulty in getting financial institutions based in different were identified. The first was the need for robust jurisdictions to conduct regular checks on suspicious technology to protect information assets, namely financial acts. In India’s case, Srijith Nair mentioned that through the development of secure applications. despite the new cyber-security measures in place, a The second was securing the expertise to develop well-thought-out and cohesive cyber-strategy is still and manage the systems in place which requires lacking.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    39 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us