At a recent regional online forum, the ideas discussed were aligned with those from other cybersecurity forums, indicating global cyber coherence.
Last year’s high profile supply chain cyberattacks have caused many governments to step up national efforts to raise cyber awareness, reduce roadblocks for digital transformation security, and harness national and cross-border cyber intelligence to boost cyber vigilance.
In a recent online forum where Asia Pacific region (APAC) policy makers and experts shared ideas to address the ongoing cybersecurity threat in 2022, there was unanimous agreement on the need for intelligence sharing and international cooperation.
Commenting on the trend, Eugene Kaspersky, CEO, Kaspersky, which was the host of the forum, said: “As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond. The long term solution is to make systems immune. This means the system being designed in such a way that even if an Information and Communications Technology (ICT) supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a Zero Day or any other vulnerability somewhere in the supply chain, it doesn’t carry over into other components in the chain.”
Awareness and collaboration are key
Explaining possible solutions, the firm’s CEO believed that short-term and long-term strategies should be look into by both government and private sectors.
Short term solution includes improving procedures and regulations on ICT supply chain infrastructure. Organizations need to start certifying supply chain partners to reduce the risk of indirect attacks. The role of government regulations must also play a key role in this, as in the case of critical infrastructure.
Echoing this opinion, one forum dignitary, Dato’ Dr Haji Amirudin Abdul Wahab, CEO, Cybersecurity Malaysia, said there is a need to include awareness and education across all sectors involved in ICT supply chain, including small- and medium- sized enterprises (SMEs) that do not have the budget and assets to invest in improving their cybersecurity.
“The attacks on those working in the supply chains, which are heavily targeted, more vulnerable and at risk than ever before, have increased. Supply chain attacks are difficult to handle due to (the ability to stay hidden) among the infected system and users’ devices. Especially in today’s environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations,” he explained.
At the forum, Indonesia’s representative Dr Pratama Persadha, Chairman of Communication & Information System Security Research Center, Indonesia, noted: “Resilience is all about resistance and recovery. One way for both government and non-government stakeholders to minimize risks is to improve cybersecurity capabilities, which will subsequently improve ICT supply chain resilience. However, this will be constrained if all relevant parties do not improve the cybersecurity of their systems. The main obstacle to increasing ICT supply chain resilience is the lack of understanding surrounding the importance of cybersecurity. In the end, stakeholders must consider significant investment to increase the overall standard of cybersecurity to improve the resilience of the ICT supply chain.”
Finally, India’s Minister of State in the Ministry of Electronics and Information Technology; and Ministry of Skill Development and Entrepreneurship, Shri Rajeev Chandrasekhar, commented: “The responsibility of securing the ICT supply chain and ensuring safe and trusted internet space is something that the Indian government accords high priority to. A core part of the strategy is cross border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain.”
Tackling cyber threats as one world
The concurrence on cross-border collaborations to reach a global scale is mirrored in numerous forums around the world, such as the recent Paris Call for Trust involving the European Union and the United States.
The initiative espouses nine principles nine principles:
- Protect individuals and infrastructure
- Protect the Internet
- Defend electoral processes
- Defend intellectual property
- Prevent proliferation of malicious cyber activity (i.e., Non-proliferation)
- Strengthen lifecycle security of digital processes, products and services
- Support strengthening and advancements of cyber hygiene
- Prevent private hack backs by non-state actors and the private sector
- Promote widespread acceptance and implementation of international norms of cyber conduct
So far, the Paris Call has roped-in 81 states; 36 public authorities and local governments; 390 organizations and members of civil society, and 706 companies and private sector entities at last count.