Four Critical Measures In Combating Cyber Threats, say Experts
22nd September 2003 (Jaring Internet Magazine)

PUTRAJAYA, 22 September - Formalising threat levels to reflect urgency, creating policies to address security issues, effective coordination amongst internet service providers and quick public information have been identified as four critical measures in combating cyber threats.

This is the outcome of a Panel of Experts (PoE) meeting in Putrajaya recently to combat the recent spate of cyber attacks, which brought down the computer systems of several organisations in Malaysia.

The Panel of Experts was established on November 7, 2001 by the National ICT Security Emergency Response Centre (NISER) (www.niser.org.my) to act as an independent and interactive think-tank group in ICT security issues.

The panel is expected to make recommendations on the National Information Infrastructure Protection Agenda (NIIPA), which aims to provide a comprehensive ICT security road map and action plan for Malaysians.

The PoE membership is by invitation only and panel members are selected based on qualification and experience in their realm of expertise, profession and recognition bestowed to them by ICT security communities.

Currently the number of members total 33, and they represent relevant government agencies, private sectors and communities.

Dr Mohamed bin Awang Lah, chairman of the PoE said, "The outbreak had seriously affected Malaysians nationwide and cost the country a high price just to remove them. These incidents have taught us a valuable and expensive lesson."

Dr Mohamed who is also chief executive of Internet Service Provider JARING, recommended that 'threat levels' should be formalised to indicate the level of urgency of attacks and it is a good way to inform users and organisations of the current situation, how dangerous it is and the level of urgency that is required from everyone.

"Threat criticality can also be conveyed by providing alerts or advisories to the public using a simple, non-technical approach."

He said that such alerts should not only be put in newspapers but also the broadcast media for wider coverage.

"Relevant agencies such as the Malaysian Communication and Multimedia Commission (MCMC) and the NISER together with the mass media must play a major role in getting this message across," he said.

The panel concluded that effective policies and mechanisms should be created to address security issues in a proactive manner.

In this particular thing, Dr. Mohamed said, "Management should realise the importance of these issues and to allocate adequate resources such as finances and skilled personnel to ensure that these intentions turn into reality."

"It is also imperative for all organisations to have effective coordination among service providers such as vendors and ISP, coordinating agencies such as CERTs and users. No single entity should be made responsible for all risks and attacks on the net," he explained.

He also said that the government and corporations must take ownership of their security systems and ensure that adequate measures are in place. "Everyone here has a role to play in preventing, alerting and cooperating to eradicate worms within a shorter period of time."

The panel called on service providers and software manufacturers to take steps to inform the public of critical vulnerabilities of their software and also should make available emergency response services in order to assist the public during outbreaks relevant to their software.

"In light of this, efforts must be geared to find out the critical missing factors that should be put in place well in advance of any outbreaks, in order to minimise the impact of such episodes," he said.

The first major factor is that most organisations do not have a reliable assessment system to detect and assess the intensity of cyber attacks.

"Most Malaysian companies do not understand the importance of having an efficient system that can detect cyber attacks that more often than not come in the form of worms or viruses. This slows down the eradication process, which costs a lot of money to the country," commented Dr Mohamed.

A second factor is the absence of a dedicated incident response team in many organisations that subsequently prolongs the spread of worms in infected organisations.

According to PoE, the fear of losing reputation is another factor, which ultimately prohibits most organisations from sharing and reporting security incidents they suffered to trusted local agencies such as the Malaysian Computer Emergency Response Team (MyCERT) (www.mycert.org.my).

"Many organisations are very scared that their corporate image would be tarnished if they were to report to the local agencies of their predicament. With the lack of a dedicated team to detect and remove the worms in their establishments, it is even more important to inform the right agencies of their problem so that it can be solved immediately," Dr. Mohamed added.