pinkeyes - stock.adobe.com
Given the growing militarisation of cyber space, one of Southeast Asia’s most renowned “white hats”, or ethical hackers, has called on countries in the region to sign the Paris Call for Trust and Security in Cyberspace.
Fong Choong Fook, who owns Malaysia-based cyber security company LGMS, told Computer Weekly in an interview that the Paris Call is an important initiative to bring various countries together to counter the threat of cyber warfare.
As it stands, the underground hacking community – some of whom are believed to be state-sponsored – seem to be sharing intelligence among themselves, Fong said, calling for countries to come together as a single community to counter cyber warfare.
“What’s more, cyber attacks are not confined to any locale,” added Fong. “The same cyber attack affecting one country can affect other countries in different geographies.”
“Therefore, national leaders of the world should realise that cyber attackers today do not need any compelling reasons to launch their attacks against any specific country. Any country that is unprepared and isolated from the rest will be the next easy target.”
The Paris Call in Southeast Asia
The Paris Call was launched late last year by French president Emmanuel Macron with the intention of bringing together countries and supporters from across the world on a consensus statement relating to growing concerns about cyber threats.
According to the Nuclear Threat Initiative based in Washington DC, the signatories agreed on the importance of a peaceful cyber space, the relevance of international law and responsible behaviour by governments, and the threat posed by malicious cyber activities.
The signatories include 67 states, 139 international and civil society organisations, and 358 private-sector companies, including Huawei which joined the Paris Call earlier this month. In Southeast Asia, only Singapore and the Philippines have signed the Paris Call.
Countering the next frontier of warfare
To Fong, the Paris Call represents an international cyber security agreement-in-principle to counter the next frontier of warfare.
“State-sponsored cyber attacks are already an integral part of military strategy for many countries,” said Fong, adding that cyber warfare presents a multitude of threats towards nations which are not adequately prepared for such attacks.
“At the most basic level, cyber attacks could be used to support traditional warfare. For example, tampering with the operation of air defences via cyber means could be intended to facilitate air attacks, conducting espionage or even spreading propaganda,” he said.
He also cited the Stuxnet worm of a decade ago as “a good textbook study of how state-sponsored cyber attacks could infiltrate deep into enemy territory”.
“Stuxnet was extremely sophisticated and based on its complexity and heavy financial resources needed for its development, we believe that the worm was developed and orchestrated at the state level,” Fong said.
When asked to cite first-hand examples of foreign attacks, Fong said over the past decade, he had personally witnessed several severe cyber attacks against clients mostly in the banking and financial services industry.
“We have observed highly coordinated cyber attacks against top financial services targets which would not had been possible without proper planning and attack strategies coupled with their manner of deployment.
“Given the sophistication of such attacks encountered, we can only conclude that they were possible only because of strong financial support in the background to fund research and development before the execution.”
To Fong, cyber threats will always loom in the background. “In our daily lives, they could be in the form of ransomware attacks or criminals stealing credit card numbers or personal information,” he said.
“Potentially even more disruptive, however, would be attacks on critical infrastructure such as the electric grid, or even militarily significant attacks that could spark or amplify international conflicts,” Fong added. “Hence, the world should come together as one to address such issues.”
Read more about cyber security in APAC
- A Singapore-based cyber security firm has found two databases likely to be related to the Sephora data breach that affected online customers in Southeast Asia, Australia and New Zealand.
- The onslaught of cyber attacks being reported each day has been a wake-up call, but APAC experts say businesses need to be mindful of the limitations of certain security measures.
- Even as Southeast Asia works towards coordinating cyber security strategies, more needs to be done to establish cyber norms.
- Healthcare organisations in the Asia-Pacific region could lose an average of $23.3m to cyber attacks, including losses from productivity and customer churn, a study finds.