State of ICS cybersecurity in SE Asia
This incident is not unique to Thailand but is a recurring trend across Southeast Asia. According to Kaspersky’s latest report on ICS cybersecurity, the region leads the ranking of regions worldwide when it comes to the highest number of ICS infections blocked by Kaspersky, with 61% of machines almost infected during H1 2018 and 57.8% during H2 2018.
In H2 2018, the Internet remained the main source of threats in the region, with 39.5% of ICS computers on which internet threats were blocked. Kaspersky also observed a slight increase in the percentage of ICS computers on which malicious email attachments were blocked.
When we look at other trends pertaining to other cybersecurity challenges surrounding ICS in Southeast Asia, 13% of APAC respondents surveyed in Kaspersky’s “State of Industrial Cybersecurity 2019” report who recognized that there is a lack of security awareness among asset owners and operators came from the Philippines, along with 26% from Singapore. When it came to the issue of finding a reliable third-party service provider who could implement ICS cybersecurity solutions, Singapore led the list with 22% who cited it as a challenge, followed by Indonesia with 18%, and the Philippines with 6%.
While these figures on their own appear to be insignificant, they are telling as to which areas require more focus. For example, low percentages of respondents from Indonesia and the Philippines which selected the challenge of finding a reliable third-party service provider may indicate that there is a lack of awareness on what kind of help can organizations seek when it comes to addressing their ICS cybersecurity issues. On the other hand, when it comes to highly developed countries such as Singapore, it comes as no surprise that the level of awareness is naturally higher than that of other countries in the region.
Economic progress requires good cybersecurity
As a region, if we do not step up against ICS attacks, it is only a matter of time before we experience cyberattacks along the likes of Stuxnet, the malicious computer worm which damaged Iran’s nuclear system, a cyberattack which rendered a portion of Ukraine powerless for days after infecting a power plant, or having alleged North Korean attackers infiltrating the SWIFT network to move money around the world.
In response, security strategies must extend far beyond organizational siloes to include interactions with suppliers, customers, vendors, governments and the public. The proverbial “a chain is only as strong as its weakest link” is especially true in cybersecurity.
Rapid technological changes are expected as we continue to advance our digitalization agenda under Industry 4.0. So will the nature of threats as cybercriminals continue to come up with more sophisticated and complex methods of breaching ICS. A good starting point for companies to start building on cyber-resilience in their ICS would be to:
- Regularly update operating systems, application software, and security solutions
- Apply necessary security fixes and audit access control for ICS components in the enterprise’s industrial network and at its boundaries
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network
- Restrict network traffic on ports and protocols used on edge routers and inside the organization’s Operational Technology (OT) networks
- Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
- Deploy dedicated security solutions on ICS servers, workstations and Human Machine Interfaces that secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
- Form a dedicated security team for both IT and OT sectors
- Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports.
In this new era of Industry 4.0, how far can Southeast Asia go when it comes to harnessing innovative technologies for economic growth? Your guess is as good as mine. But what is clear is that the demands and needs for cybersecurity are different across markets in the region. This necessitates a tailored approach to ICS cybersecurity which is both specific and adaptive to the evolving landscape of the region’s key industries.
However, starting from the basics would augur well for Southeast Asia, as we look towards transitioning into the next chapter of our economic growth.