While it takes just one unwitting act to allow malware into a network, it calls for much coordinated effort within an organisation to control damage and corral invaders. Security professionals dealing with an influx of threat alerts might not be aware of the operational context which makes some risks more critical than others. Thus, they will need to work with departments to identify anomalies, assess the severity of outcomes, prioritise action and protect organisational assets.
On a larger plane, it will call for central coordination to ensure a city's crown jewels are safeguarded - vital assets like energy infrastructure, financial networks, telecommunications, transport links and healthcare systems. Financial institutions, for example, being interconnected and reliant upon third-party service providers to an extent, face systemic risks that must be tackled collectively. This requires them to share important information expeditiously - indications of threats, raids launched, attack strategies being adopted, vulnerabilities uncovered and defensive moves adopted. If they hold cards close to their chests, owners of critical assets will give a needless advantage to hackers who routinely exchange among themselves information on weak links, prime targets and stolen identities.
Ensuring information on cyber raids is gathered and disseminated in a timely way is one of the objectives of the proposed Cyber Security Bill, to be introduced in Parliament later in the year. Organisations will be made responsible for alerting the Commissioner of Cyber Security about security breaches. In the event of an investigation, relevant information must be shared with the Cyber Security Agency.
Like a terror attack, it's only a matter of time before a determined cyber onslaught is launched on Singapore. Well before that, a security framework must be in place which would help to ensure the first signs of a large-scale attack on critical infrastructure are reported promptly.
The WannaCry and NotPetya ransomware attacks across the globe this year are an indication of the extent to which organised criminal groups are prepared to go to loot banks, airlines and utility companies. It makes sense, therefore, for the commissioner to ensure regular risk assessments and system audits (by an approved party) are performed by asset owners. Certain service providers are to be regulated via licensing provisions. This is appropriate as it's important to maintain the integrity of investigative work involving white-hat hacking and forensic examination, as well as non-investigative work like managed security operations.
Malicious attacks are on the rise, some of them sponsored by rogue states. These necessitate a collective response so that severe threats are mitigated and critical vulnerabilities remediated.