CERT-In Inks Pact with Three Asian NationsWill Partnership Do Enough to Improve Cybersecurity Across Region?
India's Computer Emergency Response Team has signed a cybersecurity accord with Malaysia, Singapore and Japan to promote cooperation for exchange of knowledge and experience in detection, resolution and prevention of security-related incidents.
In response to this action, security leaders debate the deal's nuances and question if CERTs of all nations are actually clued into the challenges of executing such an agreement, given the diverse cultures and expertise in establishing a better incident response mechanism across the region.
"The nations' challenge would be to simulate the common problem and respective priorities to build an incident response mechanism to stay ahead of the hackers," says Dr. Ashwini Sharma, managing director, NIELT, DeitY. "Just information sharing may not help, but expertise and knowledge sharing and a strategy to align with the country's cybersecurity policy is crucial to combat new threats."
Ingredients of the Pact
The Cabinet, chaired by PM Narendra Modi, has been apprised of the three MoUs, which were signed last November and December. CERT-In intends to execute these agreements; details were not divulged to the Cabinet.
An agreement between CERT-In and CyberSecurity, Malaysia, was signed on November 23, 2015, in Kuala Lumpur during Modi's visit to Malaysia.
In an email to ISMG, Dr. Amiruddin Wahab, CEO, CyberSecurity Malaysia says, "We intend to work closely with CERT-In in protecting cyberspace."
Some initiatives would include:
- Developing a framework for incident response management to facilitate cross-border cooperation and collaboration between the CERTs and collaboration in malware analysis and computer security threats through a Malware Research Centre, so that threat research information can be shared;
- Capacity building to enhance knowledge in cybersecurity, which can be conducted through information security competency, capability training courses, certification, and knowledge-sharing platform;
- Development of a framework for international cooperation, dialogue and research initiatives in policy research pertaining to cyber-laws, emerging technologies, content, and new policies.
The MoU with Singapore CERT, Cyber Security Agency of Singapore, was signed on November 24, during Modi's visit there. According to David Koh, Chief Executive of Singapore CSA, the agreement focuses on:
- Establishment of a formal framework for professional dialogue;
- CERT-to-CERT related cooperation for operational readiness and response;
- Collaboration on cybersecurity technology and research-related to smart technologies;
- Exchange of best practices;
- Professional exchanges of HRD.
According to CERT-In, the partnership underlines its shared commitment to deal with security challenges in an open, welcoming environment.
The agreement between CERT-In and Japan CERT Coordination Center (JPCERT/CC) was signed on December 7, through diplomatic exchange to establish similar goals of building an effective incident response mechanism through information sharing.
"The government is making efforts to identify the core services to be protected from e-attacks; it is the ideal time to go for such partnerships," Sharma says.
Says Ken Soh, CIO and director of e-strategies at BH Global, "in my opinion, the cooperation would be useful to share updated intelligence, best practices, tools, and incident responses, and pre-empt specific attacks beyond intelligence."
The CERTs' Challenges
Security leaders believe the challenges will be numerous for the three CERTs to collaborate and strike an equal chord in building an incident-response mechanism, given the diverse culture, skills and expertise across the nations.
Neeraj Aarora, cyber expert and attorney says, "The countries' challenge would be to identify the critical infrastructures with the country that has been listed under the category of being protected from cyber-attacks. Each sector has different priorities - each nation takes its own approach and strategy to protect the sector and the steps would be region-centric. Thus, information sharing on best practices is a critical issue."
Soh agrees, "The challenges would lie in what and which piece of intelligence is or isn't shareable without implications to national securities."
Sharma says, "If you look at Indian scenario from a cybersecurity perspective, the policy is made by the government, execution on the cybercrimes is undertaken by the law enforcement groups, technology design is made by the technocrats, and there are huge discrepancies in executing a single project as the ownership is divided. Such international collaboration will face immense execution challenges unless the modus operandi is clear."
How to Approach?
As a priority, the nations could agree on the priority areas or sectors that need attention and are prone to cyber threats. While intelligence sharing is important, understanding the criticality of the sector and the challenges to defend them from threats is key to intelligence-sharing and best practices.
Koh, who sees supervisory control and data acquisition and critical infrastructure protection as pressing issues the governments across need to focus on, says, "A joint committee comprising government agencies and SCADA security experts needs to be formed to address this critical sector which is the target for hackers."
Aarora says, "A nodal agency needs to be formed to study each nation's issues and understand its cyber-security policy, cyber-law, and sections of the IT Act to frame an intelligence gathering strategy in real-time."
Sharma says it is important to evolve a governance structure in executing the agreements if these countries need to make an impact. His advice includes:
- Create a team of technocrats, bureaucrats, CERT, policy makers, law enforcement group, and legal consultants to study the cybersecurity issues of each nation;
- Establish an effective communication flow to seek information in real-time about the challenges and retain the confidentiality;
- Empower the team to take corrective security measures to meet the required goals of the agreement.
Soh says, "The sharing of deep web intelligence in a bid to pre-empt ill intents and planned attacks is imperative."