{"id":43495,"date":"2022-01-31T09:08:03","date_gmt":"2022-01-31T14:08:03","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=43495"},"modified":"2022-07-27T07:09:13","modified_gmt":"2022-07-27T11:09:13","slug":"critical-infrastructure-attack-cooperation","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/critical-infrastructure-attack-cooperation\/43495\/","title":{"rendered":"One click to attack critical infrastructure: What can we do?"},"content":{"rendered":"

Growing digitalization in the industrial sector makes attacking critical infrastructure (CI) easy for cybercriminals. For example, ransomware attacks on critical sectors<\/a> hit headlines in 2021. But what can we do about it? Can the international community cooperate across borders to respond fast and effectively?<\/p>\n

I\u2019ve written before on how the world could improve its cross-border firefighting<\/a>. Now there\u2019s a new UN cyber dialog<\/a> with diplomats from 193 countries getting together to discuss using information and communication technologies (ICTs) for cyber stability, security and peace.<\/p>\n

And we may now be a step closer to a solution. Kaspersky organized the workshop, One click to attack critical infrastructure: What can we do?<\/a> at the 2021 UN Internet Governance Forum (IGF) with experts from cyber diplomacy, cybersecurity research and incident response worldwide.<\/p>\n\t\t\t

\n\t\t\t\t\t\t\t\n\t\t\t\t\t\"\"\t\t\t\t<\/a>\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t

Improving cross-border cyber firefighting<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t

Critical infrastructure attacks<\/span><\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

In the event of an attack, those affected look around for the right person to call. What can we do?<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t

\n\t\t\t\t\tRead article<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\n

Many national perspectives<\/h2>\n

We looked at national approaches and existing good practice in critical infrastructure protection and heard how states implement the UN cyber agreements and critical infrastructure protection norms.<\/p>\n

Germany: Cyber protection is a whole-of-society issue<\/h3>\n

Ambassador Regine Grienberger (@GERonCyber<\/a>) of Germany\u2019s Federal Foreign Office said Germany\u2019s approach to critical infrastructure protection is whole-of-government and whole-of-society. Close public-private cooperation with sharing information and lessons learned are essential parts of it.<\/p>\n

Ambassador Grienberger says, \u201cIn Germany, we\u2019ve built a national framework for critical infrastructure protection, which is embedded in the legal framework at European Union level and complemented by our cooperation with our international partners. Lack of human resources remains a serious challenge. We need greater investments in cyber capacity building.\u201d<\/p>\n

Switzerland: Sharing responsibility<\/h3>\n

Daniel Klingele, Senior Advisor at Switzerland\u2019s International Security Division<\/a> of the Federal Department of Foreign Affairs, said cost of regulatory action versus incentives, decentralized structure of responsibilities and building an inventory of critical functions all guide their regulatory approach.<\/p>\n

Mr. Klingele also thinks it\u2019s important to focus on public-private partnerships to ensure a shared responsibility, but critical infrastructure operators must also understand their responsibilities to manage cyber risks.<\/p>\n

Singapore: Three areas for international cooperation<\/h3>\n

Dan Yock Hau is Assistant Chief Executive for National Cyber Resilience at Singapore\u2019s Cyber Security Agency<\/a>.<\/p>\n

Mr. Dan highlights three areas for international cooperation: Consensus<\/em> (states agreeing on \u2018rules of the road\u2019,) collaboration<\/em> (keeping digital domain safe and secure through effective collaboration and partnerships) and capabilities<\/em> (investing in capacity building to spearhead a systemic response to cybersecurity.)<\/p>\n

Mr. Dan believes governments should lead in strengthening cooperation because the weakest link can provide an entry point to a system but also risk to other countries.<\/p>\n

He says, \u201cCyber threats are not confined within geographical boundaries. Bilateral, multilateral cooperation are key to share timely information and respond to incidents swiftly.\u201d<\/p>\n

Australia: Mandatory reporting requirements for operators<\/h3>\n

Johanna Weaver (@_johannaweaver<\/a>) Director of Tech Policy Design Centre, Australian National University, highlighted Australia\u2019s new legislation outlines mandatory reporting requirements for critical infrastructure operators and extends government powers to take control of infrastructure if there\u2019s a serious cyberattack.<\/p>\n

Ms. Weaver says governments and the private sector must have regularly tested plans for effective incident response. \u201cAll states have now agreed they should protect critical infrastructure and they are not going to intentionally damage other states\u2019 critical infrastructure using ICTs. But not enough countries are being transparent about the use and development of offensive cyber capabilities. Australia is among the few countries that publicly commit that we are not going to use these to damage other states\u2019 critical infrastructure.\u201d<\/p>\n

A UN cyber emergency phonebook?<\/h2>\n

We also explored the idea of a UN \u2018cyber emergency phonebook\u2019 in our workshop. If an attacked state can\u2019t respond and protect itself, who should it ask for help? And where a cyberattack affects critical infrastructure in several jurisdictions, how should cross-border cooperation happen?<\/p>\n

Serge Droz, Board of Directors at Forum of Incident Response and Security Teams (FIRST,) said most incident response teams run into limits handling incidents and don\u2019t have access to infrastructure operated by third parties.<\/p>\n

Mr. Droz says the international community should invest in developing trusted relationships, but trust is hard to institutionalize. Regular collaboration helps, and trust between individuals spreads further into teams.<\/p>\n

Mr. Droz also highlighted the importance of neutrality in Computer Emergency Response Teams (CERTs.) \u201cCERTs\u2019 key role is to respond to incidents. They shouldn\u2019t be party to other activity like attribution or using offensive capabilities. Focusing on their role is key to ensuring their neutrality during a cyber emergency.\u201d<\/p>\n

Carmen Corbin, Head of Counter Cybercrime Programming for West and Central Africa, UN Global Programme on Cybercrime (UNODC,) agreed with Mr. Droz and added the need to keep an ongoing focus on capacity building and training in helping states be more effective in protecting critical infrastructure. \u201cExperiencing cyber emergencies together helps experts and communities build closer and trusted relationships.\u201d<\/p>\n

Pierre Delcher, Senior Security Researcher at Kaspersky, said multiple factors trigger cooperation \u2013 like common values, shared commitments and compatible capabilities \u2013 but trust underpins it all. He believes continuous collaboration and experiencing common events develops trust.<\/p>\n

\u201cCybersecurity incidents are usually global, but the response, almost never. Cross-border cooperation should bring better results,\u201d says Mr. Delcher. \u201cAn emergency phonebook may be a good start. It could be done through existing cooperation mechanics.\u201d<\/p>\n

What should happen next?<\/h2>\n

We\u2019re not alone in the wilderness when dealing with critical infrastructure incidents. Since 1998, states have talked about working with ICTs in the interests of peace and security. The new five-year long round of the UN cyber dialog continues soon. Hopefully the international community will have new practical achievements even sooner.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cross-border cooperation on critical infrastructure attacks is improving all the time. But there\u2019s still much to be done.<\/p>\n","protected":false},"author":2659,"featured_media":43499,"template":"","coauthors":[4140],"class_list":{"0":"post-43495","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-infrastructure","7":"emagazine-tag-global","8":"emagazine-tag-infrastructure","9":"emagazine-tag-law"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/critical-infrastructure-attack-cooperation\/43495\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/43495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2659"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43499"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43495"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=43495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}