We spoke recently to Cheri McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation, and she told us all about the state of cybersecurity policymaking in Asia and the rest of the world. Below is the transcript of the interview.
What do you see as the major trends towards cyber security policy-making in the public sector, particularly in Asia—how responsive are Asia administrations to the ever-increasing cyber-security challenge?
In the latest release of the Symantec Internet Security Threat Report Volume XVI (ISTR XVI), 2010 had been book-ended by two significant targeted attacks, including Hydraq (a.k.a. Aurora) and Stuxnet. While there were some large differences observed in these attacks such as scale, motivations and backgrounds of alleged attackers, they have one thing in common—their victims were specifically targeted and compromised, even though many had implemented fairly robust security measures.
Stuxnet was an interesting example of how sophisticated and targeted threats are becoming. The Stuxnet worm targeted energy companies around the world. It is an example of a threat designed to spy on and reprogram industrial control systems which makes it dangerous.
The threat of such attacks is real and organisations will continue to be at risk of being targeted by specific attacks. In fact, according to the recent Symantec 2010 Critical Information Infrastructure Protection (CIP) Survey, over half of all firms said that they suspected or were pretty sure that they had experienced an attack waged with a specific goal in mind. Not only that, 48 percent of respondents suspected or were pretty sure they would be attacked in the future with 80 percent believing that the frequency of such attacks will increase. These findings indicate that governments should continue to invest resources in establishing critical infrastructure programmes and improve their readiness to withstand cyber attacks.
On top of this, governments can look at partnering with industry associations and private enterprise organisations to disseminate information to educate and raise awareness of critical infrastructure programmes, with specifics about how a response would work in the face of a national cyber emergency, what the role of government would be, who the specific contacts are for various industries at a regional and national level, and how government and private business would share information in the event of an emergency. An excellent example is the formation of the Cyber Security Awareness Alliance which Symantec is a member of, designed to raise awareness and adoption of essential infocomm security practices for the private and public sectors.
Sign up for Computerworld eNewsletters.