Proactive defense and its implications for the country’s cybersecurity strategy
The recent hacking incidents affecting the country’s law enforcement agencies and one of its online payment providers should serve as a reminder that in today’s digital world, nothing is sacred.
In fact, we will be remiss not to acknowledge that these highprofile attacks occurred during the Balikatan military exercises and the growing tensions in the West Philippine Sea. Can we expect more sophisticated attacks given the current geopolitical situation? Unfortunately, my answer to this question is in the affirmative. Thus, it will be a costly mistake for us if we are not able to “connect the dots.”
At this point, I believe that the country must now recognize that adopting a proactive cyber defense posture is vital in securing its digital ecosystem. A proactive stance means that the country’s strategy should veer away from its fragmented, uncoordinated, and standalone nature. It should go beyond the usual legal-criminal domain and adopt a “defendforward” philosophy by investing in preparation, innovation, resilience, and deterrence. Here are some ideas that can add more context to the concept of proactive cyber defense.
Understanding our adversaries and ourselves is crucial.
Today’s geopolitical tensions show that cyber weapons, combined with information warfare techniques, are used extensively due to its “lower conflict threshold” and the difficulty of attribution. For instance, Taiwan reports a staggering 35 million cyber-attacks per day. Allegedly perpetrated by China, these attacks are often combined with disinformation strategies intended to weaken the island’s resolve. In addition, terrorist organizations are using the internet for propaganda and recruitment. It is not difficult to imagine that in time, these entities will have the ability to inflict severe damage due to the low cost of cyber weapons, ambiguous red lines, and pervasive system vulnerabilities.
Another aspect of a proactive defense stance is understanding the current state of cyber readiness of the country. For this purpose, our strategy should identify its critical sectors and infrastructure. A cyber risk assessment should be conducted on these sectors to determine actual vulnerabilities and gaps. Aside from its technical facet, the assessment should also look at the organizational and human resource dimensions.
In cyberspace, defending alone is synonymous with losing.
The traditional view of cybersecurity is organization-centric and technology oriented. Simply put, if your business or office has the latest anti-virus software and adheres to the basics of cyber hygiene, then you’re good to go. We often have this nonchalant attitude of viewing cybersecurity as a technical matter — an area where tech geeks rule.
However, the continuous weaponization of cyberspace shows that the impact is becoming societal rather than organizational. Malicious actors, whether they are state or non-state, are continuously innovating and exploiting system vulnerabilities. Sophisticated attacks are aimed at disrupting services and infrastructure, and undermining institutions. Moreover, the use of artificial intelligence and social engineering is now allowing for “hacking the human to hack the network” and for the spread of disinformation.
These developments underscore the need to go beyond the “castle principle” of simply building sophisticated firewalls to guarantee cybersecurity. In short, techies cannot do it alone.
Aside from its technical aspect, our cyber strategy should foster cooperation and encourage innovation. Furthermore, roles and lines of accountability must be clearly defined. For instance, a proactive stance calls for the government to adopt a collective defense paradigm. This entails the creation of standards and incentives as well as collaboration spaces for the country’s critical sectors. These activities are aimed at fostering resilience through information exchange, joint threat assessment, and resource sharing. The idea of forward defense also gives the government the responsibility of coordinating national cyber defense efforts with our regional partners and defense allies.
For its part, the private sector plays a crucial role in achieving a proactive cyber defense stance. Note that significant investments have been made with regard to cybersecurity. However, most of these investments are focused on protecting its data, systems, and intellectual property. A collective defense paradigm will entail the identification of critical sectors (i.e., banking, telecoms, health, etc.) and creating a common space for sharing information and best practices, as well as developing threat assessments among others.
Finally, innovation is another important component of a proactive cyber strategy. The government’s collective defense strategy should elicit the participation of the academe for its research and development aspect. New educational programs can be developed to provide the needed brain power. The inclusion of civil society organizations can foster awareness and ensure that privacy rights are preserved.
In summary, understanding the current threat landscape and our ability to learn from best practices is crucial in developing a national cyber strategy that is proactive and forward oriented. We must also realize that a fragmented and standalone approach will lead to more problems and will undermine our overall national security. By adopting a defend forward concept, we can truly attain a whole-of-society approach in securing our digital ecosystem.