International Affairs Forum:
Even among top experts in the cyber-security field, there is some disagreement over the exact definition of the term “cyber-terrorism.” How do you and IMPACT define cyber-terrorism, and how does it differ from other forms of cyber-crime?
Mohd Noor Amin:
While there is no universally accepted definition of cyber-terrorism, it’s generally understood that cyber-terrorism lies at the upper-end of cyber-threats, whereas cyber-crime may be considered a catch-phrase to describe more common forms of cyber-threats. Cyber-crime is said to occur when the computer is used as part of criminal activities like fraud, identity theft, spam, phishing or forgery. More often than not, commercial gain is the focus of cyber-crimes. Cyber-terrorism, on the other hand, is starkly different from these more common forms internet crimes. Cyber-terrorism involves the use of technology to divert or destroy systems and critical infrastructures, perhaps causing injury or death and even undermining economies and institutions – for example cyber disruptions that cause nationwide blackouts or the collapse of financial trading systems.
Tell us about the tactics employed by today’s cyber-terrorists. What methods do they use to achieve their goals?
Mohd Noor Amin:
Tactics used to conduct cyber terrorism can range from hacking into a computer and destroying it to spreading viruses in order to obtain information. Cyber terrorists can infect many computers with viruses that can destroy a computer or just damage certain components. They can also plant Trojan horses, which when executed allow a remote user to control the computer, collect personal information and passwords, or destroy a hard drive. Another common method is placing worms, programs which can spread themselves, on a machine or a network. Often these tactics are accomplished through email or other network vulnerabilities. The trick is to know where the vulnerabilities in a system are that can cause the most damage.
Indeed, one of the worst aspects of cyber terrorism - and hence its great attraction - is its low cost, especially in proportion to the potential damages inflicted against its target. Even a single virus can cause widespread injury and huge financial losses. To put it in perspective, the Love Bug Virus was estimated to have caused losses of between US$3-15 billion. In comparison, hurricane Andrew, the most expensive natural disaster in history, cost around US$11 billion.
Compared to conventional terrorist threats, it seems that cyber-threats receive relatively little attention from the mainstream media. Do cyber-threats deserve more media coverage? Should they be at the forefront of international security concerns?
Mohd Noor Amin:
I feel the general media has been good at highlighting the more sensational aspects of cyber-threats, for example when there are cyber attacks against countries, when hackers bring down critical infrastructures and so on. While this is a good start, I believe the media should do more to promote awareness and educate the general public on how to protect themselves on cyber-space. For example, social networking sites, which are fast becoming a part of popular culture, are now being targeted by cyber criminals who use them to extract personal information from unsuspecting victims and go on to commit all sorts of cyber crimes. People should be made more aware of the dangers in such everyday actions and I think the media can play a very important role in this.
Similarly, governments around the world must also prepare to deal with threats in cyber-space. The more developed countries recognize this fact and are putting the necessary safeguards in place. Some countries like the U.S., which are engaged in active wars, are all too aware of the risks and are placing cyber security at the forefront of their national defence and security priorities. The challenge is to get other developing countries to understand the risks and to put in place the necessary defences— technological and legal— and even streamline administrative processes so that effective responses to cyber-threats can be developed. Moreover, getting developing countries to have enforceable cyber laws in place is also a critical first step towards stopping cyber criminals from using these countries to launch their attacks on targets in other countries.
One of the most highly publicized cases of cyber-terrorism occurred in 2007, when Estonia was crippled by large-scale denial-of-service attacks. Recently, Konstantin Goloskokov, a pro-Kremlin activist from Russia, revealed that he helped orchestrate the attacks. Goloskokov claims that what he did was “absolutely legal” and that Estonia’s websites should have been better equipped to deal with a large number of requests. What is your stance on these assertions?
Mohd Noor Amin:
Even with all the proper defenses in place, it is still a tall order for any country or organization to be able to defend its cyber infrastructure from a large-scale, focused distributed denial of service attack. This is because the capacity for launching the DOS attacks can be easily increased so as to cripple the target.
In some cases, stopping the attacks can be made harder as it involves many different countries, jurisdictions and laws. It takes a concerted effort by all countries involved — from the source country where the attacks are emanating from to countries that are being used as transit points to stop the attacks. In fact, IMPACT hopes to contribute towards this effort by providing the tools and mechanisms for countries to be able to prevent, respond and address these issues.
On Goloskokov’s claims that the attacks were absolutely legal, we do not agree completely, since in a number of countries, there are legislations against this type of activity. The challenge going forward is to get all countries to have the proper cyber crime legislations in place. This is also an issue that IMPACT is working on with the ITU.
Russia is among several nations, including China and Korea, where cyber-terrorist activity runs rampant. How can organizations like IMPACT help make sure these countries clean up their act? Do any international enforcement mechanisms exist to prosecute cyber-terrorists?
Mohd Noor Amin:
IMPACT’s fundamental mission is to bring together governments of the world to prevent, defend and respond effectively to combat this menace. As cyber-terrorism is often a cross-border, cross-disciplinary and cross-sectoral problem, cooperation among the different countries, sectors and disciplines is the key.
At IMPACT, we hope to encourage and enable greater international cooperation among all our member countries so that this menace can be effectively stopped. When we talk about international cooperation, we are talking about such things as developing a common international policy and legal framework to address cyber-threats. We are also talking about improving the enforcement of cyber-laws. Currently, enforcement can only be done within a specific country or between countries that have agreements with each other or are signatories of a common international agreement or convention on cyber-crime. Among other things, IMPACT hopes to play a key role in encouraging all countries to seriously look into this issue and to facilitate this process, if necessary.
Tell us more about IMPACT and its strategy to combat cyber-threats. How is your organization different from other cyber-security initiatives?
Mohd Noor Amin:
Most cyber-security organizations are either formed at the national or sub-national level and they address the security needs of specific countries. While there are several international organizations and NGOs that address aspects of cyber-security, most are defined (and limited) by their regional membership and/or specific focus-area within the larger rubric of cyber-security.
Since the internet knows no boundaries, no country acting alone can adequately protect itself from cyber-threats. Effectively overcoming this global threat requires collaboration, determination and the strength of unity between the different stakeholders at risk, be they governments or businesses. You could say that IMPACT is the direct result of this need for a diverse range of stakeholders to come together to take on this challenge. We are proud to say that IMPACT is the first truly global public-private initiative against cyber-threats. Through its collaboration with the ITU, all 191 Member States of the ITU, which encompass practically all countries of the world, have become automatic member countries of IMPACT.
At IMPACT, we aim to be more than a mere policy talk-shop; we hope to offer concrete solutions for our member-countries through our key programmes and offerings. Indeed, a key attraction for our members is IMPACT’s “Global Response Centre” (GRC) which is modelled after the Centre for Disease Control in Atlanta and is designed to be the foremost cyber-threat resource centre for the global community. The GRC’s “Network Early Warning System” (NEWS) which provides member countries with the latest cyber-threat analysis and provides guidance on remedial steps. As IMPACT’s GRC receives cyber-threat feeds from its many private sector partners, it has arguably the richest source of threat feeds among cyber-security organizations in the world.
Meanwhile, the “Electronically Secure Collaborative Application Platform for Experts” (ESCAPE) is IMPACT’s unique platform that enables authorized cyber experts across different regions to collaborate with each other in a secure and trusted environment, This enables the GRC to act as a “one-stop” coordination and response centre for countries in times of emergencies, allowing for swift identification and sharing of available resources across borders.
Besides the GRC, IMPACT also offers specialized training programs and offers threat research and security assurance programs to member countries. Indeed, IMPACT’s wide and varied reach, which is made possible through its collaboration with governments, the private sector and academia, allows IMPACT to conduct important research that may not be commercially viable, but is nevertheless vital to the security of cyber-space.
IMPACT's Centre for Security Assurance & Research aims to create a "global benchmark" for cyber-security policies and practices. How will IMPACT promulgate these standards and ensure that members abide by them?
Mohd Noor Amin:
Governments of the world need to recognize the importance or criticality of having a good security governance program in order to protect sensitive data within their systems and infrastructure. The foundation of a good security governance program builds upon having security policies in place, monitoring these policies and ensuring compliance. More often than not, enforcement has been a daunting challenge. Today, most governments perform resource intensive, error prone, non-extensible, highly manual compliance monitoring.
To address this, IMPACT has embarked on the development of the IMPACT Government Security Scorecard (IGSS), a tool that provides automated analysis of Government’s critical systems to determine the level of security compliance based on available standards like ISO 27001, FISMA etc. Through its reporting capability, this tool provides a snapshot of their current security posture across the entire government, right down to the region or office level of which governments can then build upon to improve the level of security compliance.
With this IGSS on offer, we hope that IMPACT member countries will embrace and implement this security governance tool to better effect and thus increase the level of security compliance while maintaining their sovereignty.
IMPACT has established a close relationship with the International Telecommunications Union and its Secretary-General, Dr. Hamadoun Touré. In what ways is IMPACT collaborating with the ITU? What other partnerships has IMPACT established with existing cyber-security initiatives?
Mohd Noor Amin: IMPACT’s relationship with the ITU is special and rather unique. IMPACT and the ITU formally entered into a Memorandum of Understanding (MoU) in which IMPACT’s new state-of-the-art global headquarters in Cyberjaya, Malaysia, effectively becomes the physical home of the ITU’s Global Cybersecurity Agenda (GCA). The GCA is the ITU’s framework for international cooperation aimed at proposing strategies for solutions to enhance confidence and security in the information society. Through this partnership, the ITU’s 191 Member States are able to access IMPACT’s network of expertise, facilities and resources to effectively address the world’s most serious cyber-threats. IMPACT is also working towards establishing a formal collaboration with INTERPOL to address cyber crime issues.
IMPACT’s private sector partners have also been instrumental in the development of many of our key programmes and initiatives that will eventually benefit our member countries. For example, Symantec Corporation is assisting IMPACT in establishing a Security Scorecard Centre of Excellence- the first ever outside the US, while F-Secure is committing its expertise to help IMPACT establish its Security Operations Centre (SOC). Kaspersky Labs have provided their technical expertise to help IMPACT set up our Network Early Warning System (NEWS). Additionally, the SANS Institute has committed US$1 million to IMPACT to provide for cyber security training for developing countries.
Cyber-terrorism is a sophisticated, constantly evolving threat. How do you envision IMPACT developing to meet this challenge?
Mohd Noor Amin:
Positioning IMPACT as the foremost organization bringing together governments, private sector and the academia to combat cyber-terrorism, will allow us to continuously evolve and better equip ourselves and to meet our member countries’ needs to address the latest evolving threats. We would then be able to have the best-brains from security professionals, legislators, and academicians working together.
Is there anything you would like to add?
Mohd Noor Amin:
I would just like to thank all our stakeholders —our member countries, the ITU, our numerous industry and academic partners that have lent their support to IMPACT. As a public-private, multilateral organization, IMPACT’s ability to deliver value to its members depends on the level of support we get from our stakeholders and partners. I am pleased to say that with the support and assistance of our private sector and academic partners, IMPACT is now able to offer a suite of value-added services for the benefit of member countries and cyber security-related organizations. Along those lines, I would also like to take this opportunity to invite other cyber security organizations and interested parties to join our coalition. Even though we are a new organization, being less than 2 years old, I am confident that by working together, we can achieve our objective of a safer, more secure cyberspace for all.
Mohd Noor Amin is chairman of the Management Board of IMPACT, the International Multilateral Partnership Against Cyber Threats.
|Comments in Chronological order (0 total comments)