Multilateral collaboration and information exchange between nations are key in the battle against cybersecurity threats, especially as global systems today are increasingly interconnected. Citizens also need to take responsibility for their personal cyber hygiene amidst growing adoption of Internet of Things (IoT), where one compromised device can bring down an entire network.
There should be open dialogues and communication channels through which governments could share cyber threat details, urged delegates during a ministerial roundtable discussion held Wednesday at the Singapore International Cyber Week conference.
“Cyber threats pose an existential threat to life as we know it. We need to look beyond individual country and individual interests o work together for our collective good,” said Ursula Owusu-Ekuful, Ghana’s Minister for Communications and Digitalisation. “Until we realise that and learn how to engage with each other, and promote dialogue and experience sharing, we will continue to remain at risk.”
She underscored the need for greater international cooperation and capacity building, with emphasis on building core digital skills that were required to safeguard individuals and societies.
Owusu-Ekuful added that nations should look to build trust in digital systems and allow international rules of engagement to work for the global community.
Artur Lyukmanov, Acting Director of Russia’s Ministry of Foreign Affairs Department on International Information Security, also stressed the need for open communications between governments, where it was important for nations to have points of contacts and be able to call up their global counterparts in the event of a cybersecurity incident or when new threats emerged.
Lyukmanov rebuked governments such as the US for being quick to put blame on Russia for cyber attacks without due investigation, describing this as an attempt to undermine efforts of international working groups, such as those led by the United Nations (UN), of which Russia was a part.
Adding that political discussions should not be intertwined with cybersecurity dialogues, he said nations should refrain from militarising the digital sphere. He objected to countries that used ICT for military purposes, pointing instead to the need for dialogue.
He further noted that the international community would not be able to take concrete action on establishing new cyber norms of state behaviour if there was no confidence and trust between nations.
US warns of risks relying on China-built infrastructures
US Secretary of Homeland Security Alejandro N. Mayorkas, also in Singapore for the conference this week to speak at a closed-door briefing, took questions from the media on Tuesday where he said the US cooperated with this region and other countries in different forms.
Mayorkas said: “We share information with respect to the cyber threats that are known. We share information with respect to vulnerabilities in systems that are discovered. We share information with respect to how to patch those vulnerabilities. We assist in training. We have cyber emergency response teams that assist countries in responding to and remediating threats that have actually materialised. And the threats are diverse in nature, whether it’s phishing, spear phishing, [and] ransomware [which] is a threat that is growing so significantly.
“So we have seen quite a number of attacks. They have been perpetrated by cybercriminals as well as by adverse nation-states such as Russia, the PRC, North Korea, and Iran,” he said.
He also pointed to the need to work with the private sector and academia as part of a collective approach to cybersecurity. Noting that most US critical infrastructure were in the hands of the private sector, he said the US Cybersecurity and Infrastructure Security Agency (CISA) had established the Joint Cyber Defense Collaborative (JCDC) as the framework to drive public-private partnership. This ensured there was information exchange between both sectors, he said.
“The cyber threat is not specific to governments. So many private and public businesses have been attacked by ransomware [and] have suffered cyber attacks that it really requires an all-of-society effort to strengthen the entire cyber ecosystem,” he added.
Asked if the US saw risks in China’s efforts to build out subsea internet cables and global nations tapping these lines for connectivity, Mayorkas said: “I think that all of the countries participating in the Singapore International Cyber Week are well aware of the risks that are involved in doing business and relying upon the technological infrastructure provided by the PRC. We have seen the potential outcomes [and] adverse consequences of doing so.
“When countries fall behind in their loan payments to the PRC, there is a technological vulnerability in predicating one’s infrastructure on PRC assets,” the US government official said. “It is a risk that we have communicated and that I intend to communicate [here at the conference].”
No one country knows it all
During the roundtable discussion, Owusu-Ekuful also highlighted the importance of global consensus.
“We are all in this together…we sink or swim [together] in the cyber space, where there are no big or small countries. Countries cannot adopt a position where they know it all and have this ‘big brother’ attitude when dealing with the cyber space. We need to engage [in dialogue],” she said.
Multi-stakeholder efforts at an international level should look to establish legal and regulatory frameworks that provided room for all to engage as equal partners, she added.
Also emphasising the importance of information sharing, she noted that Ghana had established CERTs (Computer Emergency Response Teams) on both a national and sectoral level, with industries such as banking and financial services as well as telecommunications each with its own CERT.
Plans currently were underway to also establish CERTs for the transport and and energy industries, she said, adding that the West African nation had designated 189 critical information infrastructure (CII) owners across 13 sectors. These CERTs constantly fed cyber threat and security information to the national CERT as part of efforts to facilitate faster response to attacks and potential risks, Owusu-Ekuful said.
Because “one sneeze” in the cyber space could result in everyone else catching a cold, she said the ability to respond quickly was critical to cyber defence and safeguarding CIIs.