Cyber threats have become more and more of a global phenomenon. Kicking off the keynote session at the Asia-Pacific Cyber Security Salons 2021, Atsuko Okuda, Regional Director, International Telecommunication Union (ITU), Regional Office for Asia and the Pacific, spoke about the importance of coordination and cooperation, and APAC’s readiness toward cybersecurity.
Starting off her session, she highlighted how the ITU research team has observed the impact that the COVID-19 pandemic has had on communication networks - the demand for broadband communication services has soared. There is a significant increase in network coverage and subscribers between 2019 and 2020. Some operators have also seen a rise in internet traffic compared to before the crisis as more users are connected to digital connectivity and platforms.
“However, it doesn’t mean that everyone can afford these services and use the applications and services as seamlessly as we hope. There are still persistent disparities between men and women, people living in rural areas, as well as access to computers and devices at home, school and other places. So, we believe that this digital divide continues to be a major challenge for Asia Pacific,” she said.
Hence, ITU has been working with various partners such as GSMA and World Bank to address the COVID-related negative consequences with its initiatives:
Establishing reliable and trustworthy digital services for all to continue working, studying, caring for others, and keeping in touch with loved ones.
Leverage ICTs to help address COVID-19 and make us safer, stronger and more connected.
Universal, reliable and affordable connectivity.
APAC Region’s Readiness Towards Cybersecurity
Atsuko also highlighted that ITU has a program called the “ITU Global Cybersecurity Index”, measuring the readiness of nations in response to cybersecurity. And among the Asia Pacific region (APAC), 11 countries (Australia, China, India, Indonesia, Japan, the Republic of Korea, Malaysia, New Zealand, Singapore and Vietnam) fall under the category of ‘High Commitment’ – in terms of its commitment toward cybersecurity.
In order to tackle an increasing volume of cyber threats and fulfil the need for enhanced cybersecurity measures, ITU has developed various programs to help these nations improve their cybersecurity readiness in five important areas:
Incident Response Capabilities:
CIRT products and services.
CIRT assessment, design, implementation and enhancement.
Cyberdrills national, regional and international.
Cybersecurity Engagement and Awareness:
Awareness and info-sharing workshops.
Facilitate support and cooperation between ITU membership.
Cybersecurity Capacity Development:
Cybersecurity technical hands-on training.
Technical, process and technological training and information sharing workshops.
Publications and study groups.
National Cybersecurity Posture:
Cybersecurity strategy, policy and planning: Transfer of knowledge, tools and direct assistance.
Advisory and consultancy role.
Development of NCS.
Online Safety for Children and Youth:
COP guidelines: Transfer of knowledge, tools and direct assistance.
Women in Cyber.
Youth for Cyber.
Preparing for 5G-Enhanced Cyber Threats
Mohamed Anwer Mohamed Yusoff, Head of Industry Engagement & Collaboration, CyberSecurity Malaysia, who was one of the guest speakers during the event, highlighted the need for industry players to collaborate on raising fundamental awareness of digital risks.
For Anwer, organisations need to look after their people to be cyber resilient. As Malaysia is looking to further accelerate digital transformation, organisations would need to have a cybersecurity or cyber resilient mindset.
Adding to that, he said, “The industry is complex and cybersecurity is complicated. Everybody needs to work together. Vulnerabilities are always going to be there. There is no way we’re going to build a 100% secure system. I would like to quote a statement by Robert Morris; the only secure system is when you don’t buy a computer. Even if you buy a computer, don’t power it on and don’t use it.”
Although the quote from Robert was said 40 years ago, Anwer thinks it remains prevalent if we were talking about staying cyber resilient in today’s world meaning that whatever system is being built, it is not going to be fully secured unless we take proactive steps to ensure its security.
5G is one important area that promises plenty of benefits but will also open up new threats and vulnerabilities for individual users, businesses and government entities. With 5G set to roll out in the country, Anwer said all eyes will be on the Network Equipment Security Assurance Scheme (NESAS), jointly developed by 3GPP and GSMA. NESAS provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry.
Furthermore, Anwer also talked about how the government agencies of Malaysia are collaborating with similar agencies in other countries in ASEAN to combat emerging threats – namely through something called the 5G Security Test Lab.
“We are proud to be one of the few government agencies in the world to have a 5G cybersecurity test lab with Huawei and this was a collaboration with Celcom Axiata as well. Our 5G cybersecurity test lab will be a comprehensive model to check end-to-end cybersecurity on the scenarios, applications and hardware evaluation. So, it’s going to be a comprehensive system where we can look into the Radio Access Network, cloud applications as well as the edge network,” he explained.
The 5G security test lab will not only execute test cases pertaining to IoT and telecommunications security but will also function to enhance Malaysia’s preparedness in responding to cyber attacks related to 5G.
Apart from the collaboration between the three parties, Malaysia is also a part of the ASEAN Committee of Science and Technology and the ASEAN Telecommunication and Information Technology Ministers Meeting (TELMIN), in implementing the measures of promoting telecommunications and IT requirements. As well as the Master Plan on ASEAN Connectivity 2025 and ASEAN Declaration to Prevent and Combat Cybercrime – the regional and multilateral collaborations with United Nations APAC as well as the Organisation of Islamic Cooperation (OIC).