IIC/TRPC Forum – The Challenge of Cyber Security
ICANN Singapore, 4 OCTOBER 2016
About the Event
In a world of connected devices, cyber security is an ever present concern at all levels: for individuals through a multitude of smart devices and online accounts, for commercial enterprises with stored data or making large online transactions, and for governments protecting the critical national information infrastructure. Increasingly governments are introducing security surveillance laws that go way beyond the legal right to investigate suspicious persons or transactions.
Our speakers on the day addressed each of these concerns and strategies, at the level of policy making and regulation, at the level of nature of the attacks and how they happen, and how to respond to minimize the consequences and recover quickly.
John Ure, TRPC Director, opened the forum, followed by speakers:
Andrew Haire, Chairman, US Chapter, International Institute of Communications (IIC) and Ex-Deputy Director, Infocomm Development Authority (IDA)
Clement Arul, Managing Director, Kaapagam Technologies
Lee Sult, CTO, Horangi Cyber Security
Is there still a need to talk about cyber security issues? The live hacking demonstration of a payment gateway, through a web browser, in front of the forum’s audience makes a strong point – cyber security is as important as ever. With the pervasiveness of IoTs, the ’attack surface’ of cyber crime has increased and its threats have accelerated – it takes only a few minutes to compromise a device, but days to fix the breach. While tackling the challenges of such a fast-paced environment, policymakers need to find a balance between societal and economic progress, between security and user convenience, and between maintaining trust in the system and acknowledging its dangers and risks. As a lot of cyber security issues are extraterritorial, governments need to rely on international sanctions and diplomacy, in addition to the operational and policy tools used within their jurisdiction. The recent Apple vs FBI case over hacking into the San Bernardino shooter’s iPhone shows the potential controversy and complexity surrounding the cases of privacy, data protection and access. The forum participants agreed that by giving rise to numerous voices strengthened the case for an inclusive multistakeholder engagement in cyber security.
Government oversight of cyber security suffers from a shortage of skilled people both among lawmakers and technologists. The lack of technical skills causes acute problems when less than 10% of virus infections are picked up by antivirus software, even though the entire computer industry is built on their capacity to protect computers. Legal systems together with the lack of clearly established liabilities ’help bad guys in every way’ to exploit vulnerabilites. A large scale ransomware attack on April 14, 2016 in Malaysia and the hacking of Malaysian Airlines’ website in January 2015 shows how far-reaching the consequences can be.
Attacks, in addition to passing undetected, barely get reported – only around 10% of them are revealed to the public. These attacks can have severe financial and reputational repercussions for companies. However, even in the absence of skilled experts, companies can strengthen their defenses by iron-clad contracts, cyber security insurance, security controls and investigations. On a national level, effective communication between policymakers and technical operators was deemed essential by the forum participants in order to create a safer cyber space in the future.
For more information on our events please visit out website here.