Information Sharing: Unique ChallengesAsia-Pac Governments, Law Enforcement Encourage Partnerships
Information sharing has become the latest cybersecurity fad, lauded in the U.S., for instance, because of the success banking institutions have had banding together to fight distributed-denial-of-service attacks.
Well, the term is picking up steam in Asia, too. Information sharing was a dominant theme of conversations I had with thought-leaders at the RSA Asia Pacific event in Singapore. And, yet, while everyone is talking about it, information sharing really is not a practice that's been widely embraced.
There is no 'one' Asia.
Face it, collaboration among public and private entities is a tough sell in any marketplace. But in Asia, the challenges to information sharing are unique.
Start with the varied countries, which embrace a broad spectrum of economic development. Because of those developmental differences, technology infrastructure in Asia-Pac is diverse, and so are cybersecurity practices.
And yet, because of the market's sheer diversity, information sharing has to be a priority. Differing legal requirements and standards for cybersecurity are the main reasons, but so are the varied cultural perspectives about what actually constitutes cybercrime.
So, what's being done to encourage information sharing? Here are a couple of examples:
There is the multinational ASEAN [Association of Southeast Asian Nations] Senior Officials Roundtable on Cybercrime - a new initiative launched in Singapore to open dialogue between industry and government agencies. Just prior to the RSA event, this group held its first meeting, including representation from 10 countries: Indonesia, Malaysia, the Philippines, Singapore, Thailand, Brunei, Burma, Cambodia, Laos and Vietnam.
Just seeing that lineup of nations, you can see the roundtable has some hurdles to clear. As RSA's Hugh Thompson points out: "There is no 'one' Asia."
The roundtable's mission: facilitate open cybercrime discussions between Asia's industry and regional governments. The group is just getting off the ground, so it's too early to gauge the depth of the dialogue it will encourage.
But as Masagos Zulkifli Bin Masagos Mohamed, the Singapore minister of state for home and foreign affairs, points out, collaboration among these groups is becoming increasingly critical, "as we address security challenges in our increasingly globalized and cyber-connected world."
Law Enforcement's Role
The key to success, however, for any information sharing initiative is public-private collaboration - getting government agencies and commercial agencies to open the lines of communication. Can law enforcement take the first step to bridge that gap? INTERPOL believes so. And during the RSA event, INTERPOL shared its solution for narrowing the chasm between Asia's differing political and technological perspectives.
INTERPOL is an international organization that brings the world's police forces together.
In 2014, INTERPOL plans to open the Global Complex for Innovation in Singapore. James Pang, who works in INTERPOL's digital crimes division, says this complex will facilitate international police collaboration and more private sector involvement to fight cybercrime.
The Complex has three primary goals:
- Build networks connecting cybercrime investigators and public and private sectors;
- Fill skills gaps by facilitating the sharing with less developed parts of Asia the technical expertise that exists in developed parts of the region;
- Encourage regional governments to harmonize legislation aimed at combating cybercrime.
Echoing common themes, Pang says governments must have cooperation from the private sector to successfully forge stronger intracontinental and global information sharing partnerships.
"The content or service providers may have a global presence, but due to their company policies and domestic laws and regulations, they may not be able to share certain information requested by law enforcement from another country," he said during a presentation at RSA Asia Pacific. "Some countries do not even have any cybercrime laws to empower the law enforcement agency to launch an investigation, not to mention prosecuting the criminals."
To enhance information sharing and cybercrime fighting, Asia's less-developed countries and regions - the "have nots" - need help from the "haves," Pang says.
ASEAN governments seem to be embracing the idea, as evidenced by the establishment of their roundtable.
But what does this mean for the U.S. and other global economic leaders? It means an acknowledgement that what happens in Asia affects the rest of the world. Western governments and security vendors have a vested interest in what happens in Asia Pac.
Role of the U.S.
Back to my opening point, the U.S. can offer significant assistance on the information sharing front. Just look at how the banking industry and government agencies have set a new standard for peer-to-peer information sharing about cyberthreats.
But Asia's unique market variances won't be easy to overcome. Vendors operating in this part of the world must navigate through the market variances one at a time. The solution can't be a cookie-cutter approach. Again, there is no one Asia.
So, what needs to happen? Governmental agencies must get the ball rolling. Like ASEAN, they need to encourage and sponsor more collaboration among individual nations.
But the real thread that will sew these markets together is the private sector. Technology and security providers must improve their efforts, and willingness, to share threat information among emerging markets - specifically in Asia.
Each of these parties - government, business, technology vendors and law enforcement - has a role to play. Without buy-in from each of them, the reliance on information sharing to enhance cyberdefenses will fail.
What happens in 2013 will dictate how well Asia Pac is able to mitigate its risks. The threat landscape will continue to evolve. How governments, businesses and vendors respond will determine the success, or failure, of information sharing as a cybersecurity defense.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.