'We were just lucky': Cybersecurity chief on attacks in Singapore in 2017

'We were just lucky': Cybersecurity chief on attacks in Singapore in 2017

Channel NewsAsia·2017-12-17 13:10

A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken Mar 1, 2017. (File Photo: Reuters/Kacper Pempel/Illustration)

SINGAPORE: While companies and agencies in Singapore - including the defence ministry - suffered network security breaches this year, the country escaped the brunt of global malware attacks like the Wannacry ransomware attack.

But it was by sheer chance that the nation escaped largely unscathed, said David Koh, chief executive of the Cyber Security Agency (CSA) of Singapore in an interview with Channel NewsAsia.

“It is not that Singapore is particularly good or that Singaporeans are very alert with respect to malware, we were just lucky,” said Mr Koh. He added that there were two reasons Singapore “ducked the bullet” when it came to the WannaCry attacks. First, the ransomware affected older versions of the Windows operating system, which are not as widely used in Singapore. Also, the attackers meant to target “a particular country and a particular region of the world”.

“If it had been targeted at Singapore, the results might have been quite different,” said Mr Koh.

Citing the Global Cybersecurity Index released by the United Nations International Telecommunication Union, Mr Koh said while Singapore is “top of the world” when it comes to cybersecurity strategy, rankings like this are “not that relevant”.

“We may be better than other countries, but really the issue is how our cyberdefences are against the attacker. Here, I must say that the attackers are nimble, they are well-resourced and world-class … So the idea going forward is that realistically we can't prevent a cyberattack, but what we must do instead is that we harden our defences and make sure that our systems are robust. This means that even if we are under attack, we are still able to operate, (even if) at a degraded mode,” said Mr Koh.

To boost the nation's defences, the Cybersecurity Bill is set to be tabled in Parliament in 2018. If passed, it will require those that operate services in 11 critical sectors ­­­– namely, Government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency and media – to secure their infrastructure and report incidents.

Mr Koh noted that each of these industries faces different challenges in beefing up cybersecurity. Take for example those that use operational technology – computing systems that are used to manage industrial operations like those in power stations and water treatment plants. 

These systems cannot be upgraded as quickly because there’s a need to ensure continuity in operations. But Mr Koh said that does not necessarily mean they will be more vulnerable.

“It is true that the cybersecurity solutions and awareness for the OT or industrial control systems is actually less developed than in the IT world … But some of these industries actually operate in an isolated mode, (where) there's no connection to the Internet. Therefore the threat vectors, the avenues for attackers to come in are significantly reduced.”

Mr Koh added that the CSA is working with the relevant sectors to secure such systems.


But hackers are also expected to launch deadlier attacks using advanced technology like artificial intelligence. Cybersecurity firm Fortinet gave the example of hivenets, which evolved from a traditional botnet of compromised devices. Compromised devices in a hivenet are able to “talk” to one another to more effectively target vulnerable systems.

“Hivenets will be smart enough to know if (an organisation has cybersecurity) defences in place. Instead of constantly doing a brute force attack against an organisation that has defences in place, another bot can identify if there's an easier way into the organisation. Then, all the attacks can be channelled and tunnelled back to the weaker entry point,” said Fortinet’s Asia Pacific director for systems engineering and consulting Eric Chan.

Mr Chan added that cybercriminals are also becoming more organised, with some banding together on the dark web and offering services to analyse the effectiveness of malware or attack codes.

“That means that whenever cybercriminals launch an attack, the chances of being successful are very, very high. They are able to do quality control on their malware, and for example, they can test this malware, whether it can evade all the traditional defences that a typical organisation will have,” said Mr Chan.

Going forward, Mr Chan said it is essential that organisations and governments share intelligence to combat cyber threats.


Read full article on Channel NewsAsia

Singapore Cybersecurity Technology