SINGAPORE – Nations and organisations need to assume that their systems have been breached in order not to be caught off guard when a cyber attack actually happens, panelists at a cybersecurity summit in Estonia said on Tuesday.
Russia’s sudden attack on Ukraine brought this principle to the fore, said Singapore’s Communications and Information Minister Josephine Teo at the discussion on Paradigms of Trust in Cybersecurity amidst Global Conflict at the Tallinn Digital Summit.
“The turn of events has just demonstrated to us how (real) the risks are,” said Mrs Teo, who is also Minister in-charge of Smart Nation and Cybersecurity.
“We should practise zero trust in how we defend our systems and assume we have already been breached. This is significant because it changes the way we think about our priorities. It means we will also have equal focus on recovery,” she added.
But with rapid digitalisation over the past few years, the world is still in catch-up mode when it comes to securing digital assets.
This requires action that she summed up in three Cs:
• Clarity of national roles and responsibilities for cybersecurity;
• Capacity to take legal action under a cybersecurity law; and
• Capabilities in the population to act.
Another panelist, Chilean senator Kenneth Pugh, said that while there needs to be zero trust that investments in cyber security solutions have provided enough cover, there is a need 3 to have trusted connectivity across the globe to deliver better protection against cyber risks.
Said Mr Pugh: “In cybersecurity, you do not compete. You collaborate. Everybody shares information (about) vulnerabilities, especially the zero-days vulnerabilities.”
A zero-day vulnerability is a flaw in a system that has been disclosed but not yet patched.
Cyber war does not respect boundaries, requiring international cooperation, stressed the panel.
“Cyber criminals or state actors will attack the weakest, not the strongest. So we have to be strong together,” said Mr Roberto Viola, director-general of the European Commission’s department for communication, networks, content and technology.