From: FutureGov.Asia
Yuejin Du, Deputy CTO, National Computer Network Emergency Response Technical Team Coordination Centre of China, has a front-row seat at the global cybersecurity theatre. He shares with FutureGov his perspective on the trends in cybersecurity and cyber defence, and what actions governments should take to protect themselves from modern threats.
The rapid development of technology over the past decades has transformed and, in most cases, improved the way governments function and interact with citizens today. This technological advancement, however, is also contributing to the emergence of advanced cybersecurity threats which employ sophisticated techniques to carry out increasingly serious cyber attacks.
Governments all over the world have teams in place to face and resolve these growing cybersecurity threats. The Chinese government established the Coordination Centre (CNCERT) in 1999 to support cybersecurity related administration and services of government departments, safe operation of information network infrastructure, and support monitoring, early warning and emergency response to cybersecurity threats.
Yuejin Du gives more details about the role of CNCERT. “Domestically, we are a coordination centre,” he says. “We coordinate the internet service providers, academic organisations, security centres and vendors when they need to fight a severe or large-scale internet incident together.” The CNCERT also built centers for network security focused on national monitoring, warning, emergency response, evaluation and public opinion.
By 2003, CNCERT had branches in 31 provinces, autonomous regions and municipalities in mainland China, creating a large technical support system and coordinating all Computer Emergency Response Teams (CERTs) within the country.
This coordination role extends outside China too. “Internationally, we work as a point-of-contact for China,” continues Du. “Outside China, people may not be sure of who can do what inside the country, so everyone needs a point of contact to trust and to coordinate. For instance, if an incident happens in China but targets victims outside China, international organisations will contact us for help. Then we can find out who will handle the incident and coordinate.”
The CNCERT gets most of its budget from the government, though the Centre provides some services to the industry too. Situations must be reported to either the Ministry of Information Industry or the Ministry of Public Security, according to government requirements.
Stagnating International Cooperation
Du’s role role in CNCERT has given him a great vantage point from which to observe and identify trends in cybersecurity globally. He believes that a major trend that has emerged over the past few years is a consistent deterioration in international cooperation on cybersecurity.
“Before 2007, international cooperation, from my perspective, was very good,” states Du. “In the CERT community, we trusted each other and shared information.” The CERT community could find out about new cyber threats efficiently and respond almost immediately.
Du believes that this cooperation has been waning since 2007, especially from the China perspective. “After 2007, there was a lot of news about Chinese hackers and the China threat,” explains Du. “People said that hacking was driven by the Chinese government itself. That makes things complicated, because every year we handle hundreds of incidents for organisations outside China. After 2007, though the trust was not ruined, it was seriously affected.”
“Especially after 2010, we saw cases of cybercrime that cannot be done only by isolated cyber criminals or hackers alone. These cases were definitely done by governments,” Du continues. “Many countries are setting up their capabilities in cyberwar, or conducting research on cyberweapons.” Increasing cyber threats posed by governments impacted the traditional international cooperation framework and raised the stakes involved in cybersecurity.
Accordign to Du, government involvement and lack of trust can have serious consequences for global cybersecurity. “In the past, all our fighting was with the cybercriminals and hackers,” he says. “But today, if governments are involved, there are possibilities of cyber conflict among countries.”
Du believes its essential for the community to rebuild their relationships. “The international Cert community and teams should keep their trust,” he says. “We should not be involved in the attacking behaviour. We should not have contact with hackers and should keep information confidential.”
Four Steps for Protection
In the face of modern and more dangerous threats, governments need to enhance their cybersecurity measures and protect themselves, even if they have limited access to sophisticated resources. Du recommends four critical steps.
“The first one is to have a domestic cooperation framework,” he says. “Make the limited expert resources able to provide service to more customers. Governments must have an efficient strategy in place – if severe incidents take place, related agencies or organisations should know, and can make decisions on response.”
“The second step should be to set up technical platforms and infrastructure,” continues Du. “We cannot watch this happening with our human eyes; we need a technical platform to know what is happening in the world. Without that, you can do nothing, because you will always be too late.”
The third point Du emphasises is development of human resources. “Without a person who can understand what is happening and use the technical infrastructure efficiently, you can’t do anything,” he explains. “Governments need to train experts, increase awareness, and make government officials understand basic security concepts and how to avoid simple attacks.”
The fourth step governments should take is to ensure that all members — especially upper management of all agencies — understand cyber threats. “Many people have the misunderstanding that cybersecurity is an issue only faced by computer guys or the Chief Security Officer (CSO),” says Du. “But one person’s fault might break down the whole protection.” Du also believes that the organisation should make the CSO a high-level manager so he knows what is really crucial for the organisation.
What does the future look like?
“The most important issue today is APT (Advanced Persistent Threat),” declares Du. “APTs are challenging all the techniques, frameworks, policies and standards we have today. It costs too much time to understand what is happening, so we cannot respond in time. Some APTs use ‘zero-day vulnerabilities’ which is very dangerous. In the future, for several years, this will be the biggest challenge for the world.”
Leave a Reply