The recent cyberattacks involving the largest oil product pipeline system and one of the world's biggest meat producers in the United States serve as yet another reminder that countries will continue to deal with cyber threats.
And the number is growing. Globally, 33.4% of computers in industrial control systems faced some form of attack in the second half of 2020 -- an increase of 0.85 percentage points from the first half.
Cyber gangs are stepping up their campaigns in Asia Pacific, which continues to attract more and more investments in supply chains and logistics.
Unfortunately, not all countries have the capacity to tackle cyber threats adequately. Laying the foundation for cyber-resiliency starts with having a cyber-capacity-building programme in place and cultivating a culture of cooperation among all stakeholders.
We group countries in Asia Pacific into three categories, according to their stage of preparedness:
Advanced: Leaders in cybersecurity that have a clear strategy in place and are already doing more in terms of development;
Intermediate: Those that have identified cyberattacks as an area they need to look into and have attempted to make some inroads;
Initial: Countries that have just begun paying attention to this area for various reasons, including more pressing domestic needs.
Singapore is a role model in the first category. Its Asean-Singapore Cybersecurity Centre of Excellence project, launched in 2019, offers policy and technical programmes for member state participants to help bolster regional capabilities. It also promotes collaboration among Asean members to conduct research, share knowledge and carry out training to respond to cyber threats.
Australia also placed data security high on the national agenda when it launched Cyber Security Strategy 2020 last year with an investment of A$1.67 billion (41 billion baht) allocated over 10 years. The three-pronged strategy involves building a stronger digital ecosystem, growing a skilled workforce and protecting Australians.
HELP FROM JAPAN
Japan has also gradually integrated cybersecurity into boosting capacity-building in Asean, offering platforms for collaboration with individual Southeast Asian countries as well as the United States through additional coordination.
Through mechanisms such as the annual Asean-Japan Cybersecurity Policy Meeting first held in 2009, Tokyo has gradually broadened its engagement with Southeast Asian states to include a range of areas such as mutual notification for incidents and joint industry-government-academic collaboration. The construction of new facilities includes the Asean-Japan Cybersecurity Capacity Building Centre in Thailand, and US-Japan training workshops are being held on areas like industrial control systems.
Among countries in the intermediate category looking to move towards the advanced group, Vietnam has been actively reinforcing regulations, including a national cybersecurity law, and standard-setting across the government and in partnership with the private sector.
The private sector is encouraged to collaborate with the government in disseminating information to customers, granting scholarships and co-organising campaigns and training. The government-led National Malware Detection and Removal Campaign, launched in 2020, was supported by 18 local and foreign cybersecurity firms, including Kaspersky.
Both India and Indonesia are on the cusp of releasing their national cybersecurity strategies, highlighting the awareness that these markets have of the importance of the issue.
India has made headway in training thousands of government officials and critical sector companies, initiating cybersecurity investments and establishing agreements outside Asean, such as with Japan, Israel and, more recently, with Bahrain to boost cooperation in cybersecurity capacity-building, research and development and protection of critical infrastructure.
Indonesia is counting on firming up its cybersecurity education and capacity-building initiatives to achieve its national interests including political stability and economic growth. Through its National Cyber and Crypto Agency (BSSN), the country has involved key stakeholders including the public in cybersecurity awareness to address the shortage of local cybersecurity experts.
Cybersecurity education and capacity-building would help Indonesian government agencies to address concerns about data leaks and data-sharing practices. Data leaks continue to occur often in Indonesia, most recently with its state health insurer, and government agencies are taking steps to ramp up prevention and mitigation measures.
Meanwhile, data-sharing initiatives may also create beneficial spillover effects, where data can be reused by government agencies safely to open up significant growth opportunities or to generate benefits across society in ways that could not currently be seen.
IDENTIFYING GAPS
In any case, it is important that each country's strategy is cohesive enough to enable it to understand where to bridge internal gaps. Regional and international organisations provide additional platforms that countries can use.
Now that cybercriminals are upping their game like never before, cyber infections are not going away. The threat landscape is as diverse as it is rapidly evolving. Against the backdrop of the pandemic and geopolitics, government organisations will continue to be natural targets for a whole array of cyberattacks, be it espionage or politically motivated attacks.
To remain ahead of the game, a multifaceted approach is required. From Kaspersky's experience, the most effective formula is to have constant improvement of security awareness. This includes engagement with the wider cybersecurity community and stakeholders, including cybersecurity providers to validate and verify the trustworthiness of products, internal processes and business operations.
To help improve incident response capabilities and ensure the safety and wellbeing of their citizens, countries should also continually promote skills training and enhanced collaboration.
Genie Sugene Gan is head of Public Affairs and Government Relations for Asia Pacific at Kaspersky.
