|
By Lady Olga Maitland
2nd CISO 360 ASIA & OCEANIA Conference
THE FULLERTON HOTEL, SINGAPORE, on 13th SEPTEMBER 2022
This is a shifting world. No one, no
organisation, no state is immune from geo-political tensions and indeed
wars. And with it, the weaponization of cyber.
We are familiar with criminal hacking for profit and are prepared. But
now political sensitivities have unleashed a bitter harvest in massive
State sponsored cyber-attacks. They are weapons to intimidate, weaken,
and destroy government institutions. They can be foretaste of worse to
come.
The war in Ukraine overshadows. international security, even in the
world beyond Europe. It is the most intense conflict on the continent
since the end of Second World War; and regardless of how long it lasts
or how it ends, it is sure to have important consequences for the
Asia-Pacific.
Some of these are already emerging. Russia borders Asia as much as
Europe. China has been emboldened threatening Asia’s middle powers and
small states.
The outbreak of large-scale inter-state conflict or extreme tension is
a stark reminder of the dangers if diplomacy and deterrence fail. It
highlights the significant responsibility - carried by
governments - in the Asia Pacific to press for peace and
stability to be maintained.
Clearly the interaction of US and China is an important focus,
particularly in terms of Indo-Pacific Alliances and partnerships.
With this has to be an early warning system, raising the alert to Red
for corporations facing a headwind of heightened attacks.
Take Nancy Pelosi’s visit to Taiwan. The Taiwan Presidential office was
hit ahead of her arrival. The computer screens went black. Complete
DDOS, Distributed Denial of Service. The same happened at the Ministry
of Foreign Affairs. Corporations were also affected often more
drastically.
The visit triggered live fire military exercises close to Taiwan’s
defensive zone.
Taiwan has accused China of mounting attacks since the 2016 election of
President Tsai Ing-wen who declared Taiwan to be a sovereign nation.
My concern today is not traditional weaponry but cyber which is
increasing fast. Most organisations recover but the attacks are a
warning of worse to come.
Corporations need no telling that these are zero trust days.
Chinese state-sponsored hackers have targeted government as well
as private-sector organisations, including those closely involved with
Beijing on infrastructure development projects. Specific targets have
been the Thai Prime Minister’s office and the Thai army, the Indonesian
and Philippine navies, Vietnam’s National Assembly and Malaysia’s
Ministry of Defence. Myanmar, Laos, and Cambodia have also affected.
The purpose is intrusion and espionage and control.
Best friends are also vulnerable to attack. Cambodia’s Prime Minister
was first foreign leader to visit China after the pandemic. It stood
staunchly by China’s sovereignty claims in the South China Sea,
benefited from the Belt and Road investment initiatives, gave China
tacit permission to build military bases, but still warning signs went
out after China learnt that the Cambodians are not too keen to proceed
after all. It would violate their constitution. And their Foreign
Ministry has been hit.
In Australia, just six months ago, a Chinese cyber attack almost shut
down the Queensland power plant, CS Energy; for 3million Australians a
terrifying demonstration of what a belligerent regime could do in
wartime.
The crisis was within 30 minutes of complete shut down, but a brilliant
last-minute move stopped Beijing gaining access by separating the
company’s corporate and operational computer systems. Once the network
was essentially cut in half, hackers had no way of seizing control of
the generators.
This followed four years of China sanctions cutting
Australia’s exports of coal, iron ore and cereal among other items – a
heavy hit for them as China was their major export destination. All of
this arose from Australia’s hard-line stance in the South China Sea,
support for Taiwan, and objections to at China’s interference with the
Asia Pacific islands where Australia remains firmly aligned with the US
and its allies.
Today there is a new government in Canberra. It is paying close
attention to the lessons that the Chinese Communist Party is learning
from the Ukraine. A Chinese invasion of Taiwan would have unprecedented
impact on the Indo Pacific region and for the fate of the
liberal-rooted international system.
Hence, although cyber-attacks continue to increase, the Australian
government is trying to reset its trading and diplomatic relations with
Beijing - a complex dilemma.
The Chinese are keeping up the pressure
with another hit, this time on Australia’s largest Chinese – language
media platforms with 2m daily users. The date, June 4 was significant
for the Chinese diaspora marking the 1989 Tiananmen Square massacre of
pro-democracy protests.
New Zealand which has tried to keep an equilibrium with China despite
remaining a staunch supporter with its US, UK, and other allies, has
experienced state sponsored hackers working under the guise of the New
Zealand Ministry of State Security which carried out targeted
espionage, hacking, stealing data but not seeking a ransom. The object
was military, diplomatic and economic damage. Years of quiet diplomacy
by New Zealand did not work.
Also on Asia, Japan has also experienced its own attacks from China.
China’s military instructed a hacker group to conduct cyber attacks on
nearly 200 companies and research institutes, including the Japan
Aerospace Exploration Agency.
Again, Japan has a fine balancing act. Officially they have marked
cordial relations while commemorating the 50th anniversary of
normalisation of relations between the two countries. The two nations
have long been in strife and conflict being at logger heads over the
sovereignty of a group of islands in the East China Sea.
It is no surprise to that North Korea is also making mischief. Reports
suggest that one third of their missile programme is funded by
cyber-attacks, much of it by recent theft of more than $400m in crypto
currency in the last year.
However, they don’t always get away with it.
The US Dept of Justice announced only in July that they successfully
seized about $500,000 in bitcoin from North Korean threat actors who
were using Maui ransomware to attack health organisations in Kansas and
Colorado. Despite that the attacks did cause massive disruption.
So cyber attacks are a weapon with awesome potential for ransom,
compromising military and public services capability and impairment.
Russia needs funds for its Ukrainian war. Costa Rica is still reeling
from a massive attack by Russian hackers Conti, demanding in April $20m
after crippling 27 essential government services and international
trade. The effect was medical staff have had to resort to pen and paper
to get things done.
Another hit happened in May and then June. Costa Rica’s President
Rodrigo Chavez declared an ‘institutional national emergency’ and
refused to pay the ransom demanded while calling in tech savvy help
from the US and Spain.
Beware the Russian bear when annoyed. Russian hacker Killnet hit
Estonia after their government opted to remove Soviet monuments in a
region with an ethnic Russian minority.
Relations were not improved with Estonia’s decision decided to bar
Russian citizens as visitors.
Lithuania did not escape either. Killnet acted after a replica World
War 11 Soviet TU-34 was removed from public display and taken to the
Estonian War Museum.
Finland was hit in April when their government’s website was taken down
by hackers while streaming a speech by Ukraine’s President Zelensky.
This was in retaliation for applying for membership of NATO.
Sweden, likewise, a formerly neutral country, has experienced attacks
on its government agencies and military following their announcement to
join NATO.
The reality is that coinciding with unrelenting cyber attacks against
Ukraine, state backed Russia hackers have been engaged in ‘strategic
espionage against governments, think tanks, businesses, and aid groups
in 42 countries which are supporting Kiev.
Ukraine itself, has been reeling from Russian cyber-attacks since the
invasion hitting public energy, media, financial,
businesses and non-profit agencies appallingly affected their ability
to distribute medicines, food, and relief supplies.
Ukraine, as you would expect, are fighting back with help from America
and allies such as the UK National Cyber Centre, flowing to10,000 cyber
activists working at home. Many are being sent to the US for high level
training. They are already well versed in handling the attacks which
began in 2014 when Russia took over the Donbas region.
However, the good news is that cyber warfare has not always worked.
Microsoft President Brad Smith wrote in June, that ‘since the start of
the war, the Russian targeting has been successful 29% of the time,
with data stolen in only one quarter of the successful network
intrusions.’
Nearly two thirds of the cyber espionage targets involved NATO
countries, the US being prime target, and Poland, the main conduit for
military assistance flowing to Ukraine was No.2.
In the UK, a major Russian cyber-attack on
the National Health Service occurred when Prime Minister Boris Johnson
flew to Kiev for a meeting with President Zelensky.
Microsoft which has played a key role in supporting Ukraine has noted
that Ukraine has ‘proven stronger’ overall than Russia’s capability in
‘waves of destructive attacks against 48 distinct Ukrainian agencies
and hacks have been cautious not to unleash destructive data-destroying
worms which could spread outside Ukraine and back-lash on them.
I have not made a comprehensive global overview, but here you have a
taste of how political tensions have repercussions.
Just one small example, even small neighbouring countries use cyber to
deliver a threatening message to one another.
Take Morocco and Algeria. Long-time disputes, and currently with very
tense relations, hacking between the countries has intensified. Morocco
sent a hacked message to state TV that Algeria was anti the Ukraine
War. No. Not true. Algeria is Nonaligned. This followed using Pegasus
information on Algerian politicians. Algeria did a spoof on King
Mohammed in a paper. Retaliation all round.
CONCLUSION:
While those attending conference have all the capabilities and
expertise it needs to protect their clients; one element needs to be
bolted on. Keeping a close eye on international developments wherever
you are, especially in moments of heightened tension. Where you can,
keep in touch with your National Cyber Security Centre. Most countries
have one, and some are very effective and helpful with Government
insights.
You will need to be super sharp in anticipating your responses. This
may also affect your insurance cover as moves are being taken to
exclude state sponsored cyber-attacks.
|
Download
the Annual Subscription Form to join the
DSF.
To
open Acrobat PDF documents, you need to download Adobe Acrobat Reader
from here.
|
|
