Black Hat Asia 2020, one of the region’s biggest information security conferences, has gone live. This year, the event takes place in a completely virtual platform that includes around 40 briefing sessions, keynote presentations from industry leaders and experts from around the world, community programs, and a virtual exhibition hall complete with demos and networking opportunities.
In his keynote speech Gaurav Keerthi, Deputy Chief Executive (Development), Cyber Security Agency of Singapore, discussed how the country is moving its cybersecurity posture forward, learning valuable lessons from a few unlikely sources – cars and sanitation.
For Gaurav, Singapore is not content to just be on the internet. It aspires to become a leading smart nation that uses digital technologies to make citizens’ lives better by digitalising everything, from lamp posts to traffic lights.
“When you digitalise everything at that scale, cybersecurity professionals step back and think of the attack vectors possible. So, the Cyber Security Agency of Singapore has a pretty expensive mission. We keep our cyberspace safe and secure to underpin our national security, power our digital economy and protect our digital way of life”, added Gaurav.
Gaurav has a non-traditional background in cybersecurity, which he leverages to help give a different perspective in keeping the nation secure. He worked as a Brigadier General in the Republic of Singapore Air Force, responsible for the cyber defence of their network, missiles radars and control systems.
During his speech, Gaurav asked, “Should cybersecurity be a public good or private good? Should users or vendors be responsible for cybersecurity? Should cybersecurity be a policy problem or an engineering problem? Should cybersecurity be a cost or benefit to manufacturers?” on defending the cybersecurity of the nation.
Comparing cybersecurity to public sanitation (water and sewage), Gaurav mentioned that up until the 1800s, nations treated drinking water the way we currently treat cybersecurity. Governments would warn their people not to drink dirty water, just how people consume data today and believed that the users were the weakest link.
“So where are we for cybersecurity? I think you can recognise from my not-so-subtle analogy that we're still around the 1800s. Generally, our view is that we are warning people not to drink dirty water. It's no longer the private company’s problem now that there are more users connecting to the Internet. We need to be worried about our data being attacked by cybercriminals”, added Gaurav.
Also, once the water filtration system is contaminated, it will affect the water being supplied. In cybersecurity, this will translate to one user’s lack of “cyber hygiene” causing a contagion, which can affect other users, especially in an organisation’s digital ecosystem.
In comparison with cars, Gaurav explained that car manufacturers are aware that there will always be bad drivers on the road and instead of creating cars that prevent such, safety measures are taken, such as airbags, safety sensors and better seatbelts.
“We need to take these lessons and engineer more secure products that basically protect the users instead of designing more and more complex auditing procedures or post-hoc measures to slap on security. That’s not an effective approach since cybersecurity has evolved to become a complex monster that even the initiated professionals find challenging to understand”, explained Gaurav.
Gaurav concludes that good cybersecurity is for the benefit of everyone, so the government will be taking a more proactive approach. Also, Gaurav implores that digital tools have to be secure by design so that users are left with safer and more secure options. Cybersecurity should also be complemented with strong policies and clever engineering solutions, resulting in better and safer products for the users.