National defence budgets now include heavy investments in cyber security for governments and organisations with the rise of cyber attacks.
One perspective emerging from the security community differentiates military spending from cyber investments.
More often than not, spending on stealth jets, tanks and other military equipment is aimed at deterrence. It showcases a country’s military might to prevent an outbreak of war.
Investments in cyber defence, however, are mostly unseen in the form of software, used for offensive purposes.
They can be used to disable power generation, banking facilities and stop factory equipment. They are also tools of modern-day espionage, surreptitiously gathering secret or confidential information digitally.
One consequence of cyber defence is that governments are building local Web fences, cutting themselves off from the Internet in the hope of combatting cyber attacks.
However, complete Internet isolation also means cyber defenders only see their own networks and not the full extent of Internet traffic, thus crippling their ability to discern normal patterns from attack behavior.
It is an interesting way of looking at cyber security by Russian security firm Kaspersky Lab, whose top researchers and executives discussed the militarisation of cyber space at a forum last week.
Called Balkanisation of the Internet, the discussion highlighted that the walling off of domestic Internet connections will lead to fragmentation of this global network.
The firm pointed out that several countries are also drawing up new laws that require global tech giants like Google to shift their data centres to local locations to curb foreign spying and overseas data intrusions.
Founded by Eugene Kaspersky, Kaspersky Lab develops and sells ICT security products for personal and business use. It has a research team that tracks the growth of malware. This knowledge helps it keep its products updated to handle the latest security threats.
Held in Siem Reap, the event last week also discussed the rise of protectionism and geopolitics which would prevent better cooperation and collaboration needed to combat cyber attacks.
The nub of the issue for Kaspersky is that it was banned by the United States government last year from selling its security tools and solutions there, following accusations of its deep connections with the Russian government and Russia-based hacking groups.
Kaspersky is not the only company accused of cyber sleuthing because of their origins. Chinese giants Huawei and ZTE are also not allowed to sell their telecom equipment to the US government and its contractors.
Citing security concerns, the Australian government also blocked them from providing 5G mobile networks Down Under.
The fear is that these companies have embedded “back doors” to allow the Russian and Chinese governments to digitally sneak into the US and Australian networks and infocomm infrastructure for nefarious purposes.
But Kaspersky’s attempts to claw back its reputation have been more visible. The company fears that other countries will follow the US order.
It moved its operations and customer data from Russia to Switzerland, which is considered a more neutral home. Its software codes for its security products have also moved to Switzerland.
A Transparency Centre is being readied where potential customers can view the software codes to judge for themselves that they are no back doors. It is also working with a major management consultancy to audit its processes.
Paralleling this move, Kaspersky researchers are also highlighting the rise of malware and the urgency needed by governments and organisations to cooperate and collaborate to thwart cyber attacks.
Vitaly Kamluk, Kaspersky’s Asia-Pacific director of GReAT (Global Research and Analysis Team), pointed out that in this region the volume of new malware detected daily had been increasing annually, in sophistication and reach.
As an example, Kaspersky’s Korea-based senior security researcher, Seongsu Park, highlighted the Lazarus group which is a sophisticated and infamous online hacker group in Asia-Pacific.
Lazarus is responsible for the Korean-speaking advanced persistent threat (APT) malware which has launched fake supply chain attacks.
First steps are already being taken by governments to cooperate and collaborate. Last week, Singapore announced a cyber security centre to coordinate training and collaborative efforts among Asean countries.
Measures are also underway in the European Union to enhance cooperation among member states and boost cyber capabilities.
Security companies like Kaspersky can only do so much. They detect new malware, identify the threats and trace the attack routes. But taking the cyber culprits down requires law enforcement agencies like the police.
However, the challenge is that cyber attacks cut across borders because of global Internet connectivity. Attackers may be based in another country but their cyber invasions may be felt elsewhere.
Interpol, the international organisation made up of member countries to facilitate police cooperation across the world, does look into cyber security but it has no enforcement responsibilities.
Besides, many cyber attacks have been allegedly caused by nation states which could be Interpol members too. This causes a conflict of interest for Interpol.
Perhaps the time is nigh for a global security agency that has teeth. Its task should be three-fold: gather threat intelligence from security companies, organisations and governments; investigate international cyber crime groups; and then be able to take action to close them down.
This agency should be a neutral party that will keep the data and information it collects secret and confidential. This will engender trust with all the parties it works with.
Such an agency will have to navigate through national and organisational sensitivities and face many challenges.
But with malware rising exponentially, such a global security agency, preferably with the backing of the United Nations, ought to be set up sooner rather than later.