Home Global-ICTGlobal-ICT 2012 Effective strategies for a secure and trusted infocomm hub
Global-ICT 2012

Effective strategies for a secure and trusted infocomm hub

by david.nunes
Leong Keng ThaiIssue:Global 2012
Article no.:4
Topic:Effective strategies for a secure and trusted infocomm hub
Author:Leong Keng Thai
Title:Deputy Chief Executive & Director-General (Telecoms & Post),
Organisation:IDA
PDF size:201KB

About author

Mr Leong Keng Thai is the Deputy Chief Executive & Director-General (Telecoms & Post) of the Infocomm Development Authority of Singapore (IDA).

Mr Leong graduated with a Bachelor of Engineering (Honours) from the University of Singapore and obtained a Master of Business Administration from the University of Southern California, USA.

Article abstract

Cyber attacks are increasingly becoming more targeted and bold and continue to thrive on the lagging progress in cross-border cyber security collaboration. This poses serious challenges to policy makers in ensuring a secure and trusted infocomm environment without undermining the vibrancy of the infocomm ecosystem. The key to successful and effective strategies in mitigating cyber security risks is close partnerships among Government, businesses, industry and individuals.

Full Article

The widespread use and reliance on the Internet has led to significant changes in cyber space over the years. Asia, in particular, is fast gaining prominence on its usage of Internet after the United States and Europe. According to the Cisco Visual Network Index global IP traffic forecast released in May 2012, Asia Pacific will take the lead in global Internet traffic with IP traffic projected to reach 40.5 exabytes per month by 2016, exceeding North America’s 28 exabytes per month and Western Europe’s 24.3 exabytes per month. The proliferation of information and data that is instantly available online coupled with high Internet usage and changing cyber landscape would potentially lead to greater security challenges in the new era.

The shift in the usage of equipments such as bulky desktop computers in the past to various mobile devices that are now popular has also contributed to the change in the cyber landscape. The new era of mobility has fuelled the rise of the mobile Internet. This defines a new cyber space alive with online activities epitomised by mobile applications, location-based services and mobile social networking. With the advent of IPTV services, more online content and transactions services will be made available for Government, businesses and individuals.

The introduction of innovative infocomm technologies such as mobile Internet has certainly opened up new business and outreach opportunities worldwide. However, the success in this realm has also inevitably attracted cyber criminals and syndicates. McAfee reported in 2011 that a popular smartphone platform has become a common target due to its fast rising popularity and liberal application distribution model. The absence of application validation prior to mass distribution would potentially compound the occurrence of malware that can be exploited for fraud and service disruption.

Globally, cyber attacks are increasingly becoming more targeted and bold. According to wired.com, in early 2010, Google, Adobe, Intel and several other high profile organisations were targeted. In an approach that has become known as Advanced Persistent Threats (APT), the perpetrators employed attack vectors such as social engineering and sophisticated malwares that were able to circumvent the security defences in place.

Based on a cyber security study conducted by McAfee and Security Defense Agenda in early 2012, cyber threats continue to thrive on the lagging progress in cross-border cyber security collaboration. In late 2011, Symantec warned that with a new malware dubbed ’Duqu’, a Stuxnet-like attack that targets critical industrial computer systems may be on the horizon. And in mid-2012, Kaspersky Labs found the sophisticated ‘Flame’ malware that has been described as “one of the most complex threats ever discovered”. This enduring phenomenon requires further attention and collaboration between key stakeholders of governments, businesses, security industry and academia to accelerate the delivery of effective strategies and solutions.

Challenges for policy makers

As noted above, the changing infocomm landscape and the increasing sophisticated nature of threat actors pose serious challenges to policy makers in ensuring a secure and trusted infocomm environment without undermining the vibrancy of the infocomm ecosystem.

The balance that policy makers maintain today is a delicate one. Policy makers need to ensure that policies, regulations and guidelines are reviewed and updated, in pace with the changes in the infocomm environment, as well as the emerging cyber threat landscape. Infocomm security measures and controls need to evolve with technology. The key challenge for the policy maker is to achieve all these, while maintaining a pro-business and pro-consumer environment, in order to reap the full benefits of infocomm technologies.

Could we easily ensure infocomm security by just mandating the most stringent of such measures? In a paper titled ‘Striking the Balance’ presented at the NATO Advanced Research Workshop by Envisage Technologies Corporation in February 2009, security is, unfortunately, not a goal most users would strive for. Rather, it is regarded as an impediment to their work productivity and performance. Users typically adopt technology to enhance efficiency and effectiveness. However, in this context, security is deemed as yet another ‘task’ or ‘hurdle’ that should be overcome in order to perform productively. In such instance, users often respond by circumventing security mechanisms and perceive security as something that is complicated. As the paper has succinctly put it, paradoxically, “the more secure a system is, the harder it is to use; the harder it is to use a system, the less secure it will be”.

The Infocomm Development Authority of Singapore (IDA) recognises the need to strike a balance and constantly engages key stakeholders from the industry during policy formulation and provides regular updates through various committees and working groups. This is vital to ensure that sound policies and controls remain relevant and effective against evolving cyber threats.

Strategic plans to mitigate cyber security risks

Singapore’s strategic plans to promote a secure and trusted infocomm environment are encapsulated in the IDA-led Infocomm Security Masterplans. The first Infocomm Security Masterplan (ISMP) was launched in 2005 followed by a second Masterplan (MP2) in 2008. The Masterplans were developed through a multi-agency effort led by IDA, under the guidance of the National Infocomm Security Committee.

The MP2 is a five-year roadmap which aims to build upon the achievements of the ISMP by enhancing the tenacity of our economy against cyber attacks, thereby boosting the confidence of investors in choosing Singapore as a strategic and secure location for their investments. The framework for MP2 has the aim of attaining high resilience and availability of the nation’s infocomm infrastructure and services.

Since its launch, the Government has been working in close collaboration with the public, private and people sectors to achieve the outcome of MP2. Several nationwide initiatives were conceptualized and implemented. These initiatives included people-centric programs to address the development of infocomm security professionals and to raise infocomm security awareness for end users, as well as policy-centric programmes to address sector-specific security requirements and bolster international collaboration. Some of these initiatives are highlighted below.

Securing Internet infrastructures

As each sector has its unique security requirements, a ‘one-size-fits-all’ approach, whereby a single solution is developed to meet the diverse needs of different sectors, will be insufficient. Sector-specific infocomm security programmes are thus essential in order to provide precise and appropriate controls to ensure that the infocomm infrastructure and services in each sector remain secure.

As Singapore continues to increase its reliance on the Internet, the risks posed by cyber attacks also increase in tandem. It is thus crucial to establish sufficient infocomm security measures against prevalent and emerging cyber threats and to further enhance the security situational awareness of Singapore’s Internet infrastructure. IDA has strengthened its engagement with the Internet Service Providers (ISPs) to co-create prescriptive and sustainable infocomm security measures that ISPs can implement. These measures include the issuance of early warnings and undertaking of appropriate pre-emptive actions.

As one of the MP2 initiatives, IDA issued the Secure and Resilient Internet Infrastructure Code of Practice – aligned with international standards and best practices – to designated ISPs in April 2011. The Code of Practice has been incorporated into the telecommunications regulatory framework and sets specific security controls and outcomes to ensure that essential security is maintained to deal with current and emerging cyber threats. The Code covers the protection of the core Internet infrastructure such as routers, switches and critical network components, and details the objectives and controls essential to prevent, detect and respond to security incidents. The ISPs will be required to implement specific controls progressively and achieve full compliance by 2013. Periodic audits will be conducted by IDA to ensure that ISPs observe the Code of Practice.
To further raise the level of infocomm security readiness and response, sharing of infocomm security information among ISPs will be established through the coordination of IDA. This will allow ISPs and IDA to make more informed decisions so that early warning to emerging cyber threats can be developed and appropriate pre-emptive measures can be taken. Consumers of ISPs’ services will thus benefit from a more coherent and effective response to cyber threats. As mandated by the Code, ISPs will also put in place effective control measures further upstream to better protect businesses and end users from large scale cyber attacks such as distributed denial-of-service attacks which cannot be effectively mitigated by organisations alone.

International collaborations and engagements

In view of the cross-border nature of cyber threats, Singapore continues to actively engage other countries and contribute to global efforts in combating cyber threats. This includes participation in the international Meridian Process which aims to build trust and establish international relations with senior Government policy makers for Critical Information Infrastructure Protection (CIIP); share strategic approaches and experiences in CIIP from around the world, as well as explore benefits and opportunities for cooperation between Governments. Other engagements include regular exchange of information and experiences at multi-lateral fora such as Asia Pacific Computer Emergency Response Teams (APCERT) and the ASEAN Telecommunications and IT Ministers’ Meeting (TELMIN). Within the region, IDA has also founded and led the Association of South-East Asian Nation (ASEAN) CERT Incident Drill (ACID) since July 2006. ACID has since expanded beyond the ASEAN nations to include participation from ASEAN dialogue partners.

Also, as part of the Government’s efforts to develop Singapore’s infocomm security capabilities and to enhance cyber security situational awareness, regular exchanges and sharing of information were also held with international counterparts. IDA had signed collaborative agreements with its counterpart agencies in other advanced economies. This enabled our countries to share early and pertinent information on cyber threats, undertake joint development, training in enhancing technical capabilities and enhance the security of our respective national infrastructure.

Conclusion

While these initiatives are instrumental in mitigating the risks associated with ever changing cyber landscape, the dynamic nature of these risks will likely persist and subject critical infrastructures, organisations and individuals to new waves of exposure. IDA recognizes that the key to successful and effective strategies in mitigating such risks would be to continue the close partnership among Government, businesses, industry and individuals to strive towards the common goal of a secure and trusted infocomm environment in Singapore.

Related Articles

Is it possible to be secure in the...

The rise of the APT: the average persistent...

Protecting you and your business from cyber threat

Growing threats to businesses

Cyber crime: current and future threats

Digital threats in cyber life

Why security is still an issue

Attacks that leave no trace

Making the digital world secure and safe

The digital threats in cyber life

Upcoming Events

Contact us
Copyright © Connect-World 2022. All rights reserved

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More