The 5th theatre of war

I was quoted by Prakash in an article published on Free Malaysia Today on 14 April 2013.


The 5th theatre of war
April 14, 2013

The key to preventing such massive debilitating attacks is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

By Prakash

Cyber attacks, similar to the recent attack on South Korea’s military and financial industries, is where the next frontier of war will be.

If and when nations resort to cyber attacks on a worldwide scale, the destruction of vital military, banking and other commercial data will be similar yet not altogether identical to the horrendous banality that nuclear weapons promise.

“It is the fifth theatre of war,” declared Simon Whitburn to FMT on the dangers posed by cyber warfare.
The key to preventing such massive debilitating attacks, according to Lars Voedisch, principal consultant and managing director of Precious Communications, is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

Combining a mix of network forensics, host forensics, malware analysis and large-scale data auditing, CIRT technology gives critical information on malfunctioning software thus crucially preventing and pre-empting any whole scale meltdown of computer systems in a country.

Even as the world knows of Malaysia’s Cyberjaya special zone that opened to deliberate fanfare in 1998, it is unclear if the nation has the kind of technology to deter potential attacks.

“If you don’t have the most sophisticated and up to date preventive technology, like CIRT, you are vulnerable and open to cyber attacks, both on a small and destructive scale’, Voedisch warned.

An even larger problem, according to him, is that it would take a single well coordinated attack to inflict untold damage.

“Even in the corporate world and financial industries, a lack of protection risks the whole industry coming to a halt, destroying the industry’s reputation for starters, and resulting in years of backlash from the public, and in terms of internal rebuilding,” Voedisch explained.

CIRT dovetails data protection

Yet what is highly recommended but alas not quite readily available is the free availability of the technology because the United States – where the technology is believed to have originated from – regulates the flow of the expertise on ideological grounds.

That restriction may prove a ‘tipping point’ in the battle against cyber criminals because technologically savvy criminals always think on their feet and conceive “new and more elusive means of targeting” stressed Voedisch.

CIRT technology will prove particularly instructive when Malaysia’s long-awaited data protection law takes effect.

The Act which has been hampered by a string of legal legerdemain and other technicalities is designed to protect and prevent the kind of callous damage hackers and cyber criminals are wont to do.

Despite the protracted lead up, many Malaysian companies are still not prepared for the eventual implementation of the law, according to the Star newspaper that quoted Malaysian lawyer Foong Cheng Leong. Foong pointed out during his many talks on the Personal Data Protection Act (PDPA), he noticed many companies have not even started their compliance exercise.

Data protection and the right to privacy have been exercising both the Singaporean and Malaysian governments. Though Malaysia initially had thought about data protection in 2001, Malaysian companies are still not prepared for the full implementation of the Act, according to sources.

That leaves Kuala Lumpur especially vulnerable to attacks of any kind which when coupled with the carefree adoption of computers by ordinary folks and the lack of education programmes in the country makes the entire episode of a delayed implementation of the act, doubly worrisome.

Under Malaysian law data collection parties are required to give their subjects a written notification in the national language whereas no such stipulation applies in Singapore.

Singapore’s law, moreover, requires the data collection party to state the purpose of the collection, use or disclosure of the personal data. And the collecting party is then required to provide a contact address for queries by individuals.

Multiple vantage points

Yet in the larger scheme of things is a compelling, overriding need for the kind of cyber security that Malaysia’s PDPA is requesting.

With technologies like Forensics Toolkit and malware available in Malaysia, the edge with CIRT is an ability to analyse what is happening across the entire entreprise from multiple vantage points.

CIRT enables cyber security personnel to proactively and reactively detect, analyse, and security threats in the most efficient manner by correlating network and host data within a single interface.

It also enables large-scale auditing and the correlation of network and host data, allowing organisations to quickly chase down and re-orientate any spillage of data and files with embedded malware.

Prakash is a free lance commentator and author of Inciting Injury-An Expose to Workplace Bullying in Singapore. He runs Nash School of Journalism and can be reached at jaya@nashschoolofjournalism.com

PDF Printer    Send article as PDF   

Leave a Reply

Your email address will not be published. Please enter your name, email and a comment.