EVALUATE THE READINESS OF OUR CURRENT NATIONAL POLICIES AND INFRASTRUCTURE IN PREPARING FOR ANY CYBER-ATTACKS, AND HOW IT CAN BE IMPROVED FOR THE FUTURE?
Today we are living in the era of advance digital age or cyber technology which involves computer and Internet network that now almost depends entirely on this technology to do everyday business and work. Because of this advancement every country started to adopt Electronic Governance or E-Governance. By doing so it gives a better service like providing communication much faster, cost reduction and transparency. The word cyber can be defined as anything that relates to computers; especially the Internet. This combination of computers and Internet network make users, companies or government to do business just at the tip of the finger. It is one of the factors contributing in ease of doing business.
Most of the country especially on the developed country, cyber has affected their life everyday, and without they knowing it they are being entirely interconnected through this cyber technology from banking transaction to even allowing voting for national elections over the Internet like in the case of country like Estonia. However, this can also leads to the misuse of technology through cyber attack, cyber crime, cyber sabotage and so on, where the perpetrator use it for their own personal benefit or even to test the capability of nations’ cyber security. As mentioned by the Former President of Estonia during his interviewed session, “…in today’s world the more modern and the more digitalized you are, the more vulnerable you are.” Pertaining to this, country like China for example have guarded their cyber space with the Great Firewall which functioned to block access to tens of thousand of websites.
Brunei Darussalam also being up to date of this technology where on 1 April 2008, by the consent of His Majesty the Sultan and Yang Di-Pertuan of Brunei Darussalam E-Government National Centre (EGNC) was formed under the Prime Ministers’ Office. The formation of EGNC was part of the continuous effort by Brunei Government in achieving the E-Government initiatives.
His Majesty Sultan Haji Hassanal Bolkiah Mu’izzaddin Waddaulah ibni Al-Marhum Sultan Haji Omar ‘Ali Saifuddien Sa’adul Khairi Waddien, Sultan and Yang Di-Pertuan of Brunei Darussalam had urged to be wary of threats against peace and harmony as well as threats coming from the cyberworld. Part of his Titah as stated below;
“Efforts should also be undertaken to face cyber-threats, especially the danger posed by social media, by strengthening strategic partnership with international cyber organisations”
CYBER ATTACK ON BRUNEI DARUSSALAM
“In this digital age, the Internet plays an important role in fulfilling our needs, including those at the Ministry of Defence (MinDef) and the RBAF; as a result, the risks associated with cybersecurity are very high indeed, which are liable to be exploited by irresponsible parties.”
His Majesty titah which was delivered during the grand parade to celebrate the Royal Brunei Armed Forces 56th anniversary at the Royal Brunei Navy base at Muara, His Majesty stressed on the pervasive threats in the cyberage such as radicalization and extremism and described it as the national security threat.
Previous years Brunei Government agencies had been experienced from numbers of cyber attacks. From the year of 2012 to 2017 Government agencies were hacked and compromised which can give the impression to the public that the security protection was very vulnerable to cyber attack. To name a few of government agencies that was targeted by cyber attack were Attorney General’s Chambers, the Department of Electrical Services, the Ministry of Home Affairs, the Information Department and the Prime Minister’s Office, Ministry of Industry and Primary Resources and even the Ministry of Defence.
In 2017 last year recent incident that struck the whole world was about the ‘WannaCry Ransomware’ that has infected thousand of computers globally. This is one of the examples of malware virus that forced users to obey the demand of ransom. Brunei was no exception to this new cyber threat. At stated by official from local IT company, a few private business was infected from this malware virus. How this cyber attack worked was by blocking computer software or data from being accessed until users are willing to pay a certain amount of money.
One of example of cyber attack which struck in Brazil in 2016 was the hacking of on if its national bank where the perpetrators managed to change the Domain Name System registration so that they could redirected data from ATM transcations to their own servers.
NATIONAL CYBER SECURITY
According to the statistics produced by Authority for Info-communications Technology Industry of Brunei Darussalam (AITI) there are an increased of Internet penetration rate on both fixed and mobile broadband connections from 95% in 2012 to 127% in 2017 and 5% in 2012 to 9% in 2017 respectively. This statistics showed that a fast rapidly increase in mobile usage compare to fixed line. In 2017, Brunei was the third highest social media penetration in the world with the figure of 370,000 users, which is equivalent to 86% of the total population.
According to the statistics above, it reflects almost populations of Brunei are connected to cyber technology. Due to the fact that large numbers of population are now having access to the Internet connection it is no doubt that the number of cyber attack in the form of cyber crime are also increased. Cyber crime, which involves the spread of news through social networking such as Whatsapp, is now a common trend happening that can easily influence the mind of population.
Whenever cyber attack is happening, Information Technology Protective Security Services Sdn Bhd (ITPSS) will be responsible in handling the issue. ITPSS was formed to provide and secure information and physical security services, which include Penetration Testing, Digital and Mobile, Forensics including Data Recovery, Managed Security Services, Cyber and Info-sec awareness trainings, Physical and Electronics Security including Secure Event Management.
ITPSS has conducted and organized series of workshop and awareness programs which are very beneficial for the users especially the government agencies, law enforcement agencies and even private companies. They even invited world recognized cyber tech, which are expert in the area of cyber threat and security. Awareness among the users is very important in battling any such threat. A survey found that many companies are at risk of cyber attacks because they are not prepared to deal with them or lack of an overall information security strategy. In order to keep up-to-date on the issue of cyber threat for the population of Brunei especially among the youth (majority of the users in Brunei), ITPSS even visited to primary school to give an awareness talk and educate the young generation on the dangers committed through cyber attack. Another initiatives was giving awareness roadshow on specific topics entitled The Anatomy of Phishing which reveals on how this phishing can easily bring down an organization if an employee click a malicious link. Imagine just by ‘one click’ can destroyed everything. These are some of the few initiatives being conducted by ITPSS in tackling the latest cyber threat.
COLLABORATION AMONG AGENCIES
Countering cyber threat is not an easy job. It is not meant to be handle by just one organization. This threat require a collaboration between government agencies and others stakeholders which is at least a cooperation among each others can lead to winning the cyber threat. Most of the time organization only takes action when they are aware they are being targeted by cyber threat. This can be called a reactive manner. Such action is less effective and easily leads to security breach. To be more effective and more resilient one organization have to make changes to being proactive in addressing cyber security threats.
A transparency between organizations is one of the keys in battling cyber threat. This initiative is crucial. One organization may find a way to handle and mitigate threat from happening in the future and the procedure they produced can be shared and practiced. This means that both parties will need to work together in handling cyber threat effectively.
This essay explains a brief about the occurrence of cyber attacks that happened in the world globally and the experience faced by the Brunei Government in particular, especially the ministries. Cyber attacks on the ministries are not as serious as compared to what is happening in the world for example like what had happened in Brazil (2016) and Estonia. Most of the cyber attacks were in the form of Disruptive Attack which only affect the system to be temporarily disabled. However this is a wake up call for the government to implement and to iniciate mitigation and to strengthening cyber security, through collaboration and awareness. These are just some of the fews. There are indeed some initiatives have been made by governments and non-governmental organizations in addressing this cyber attack issue. This cyber attack is not limited to public agencies which is now shifting to attack military infrastructures. Like in the case of US Army where their military bases and infrastructre draw electrical power from electrical facilities across the states which if hacked and attacked could impact the defence systems’ state wide. In another statement, NATO has declared cyber space as the fifth war domain after Land, Sea, Air, Space.