International law-enforcement and cyber-security groups call lack of coordination a ‘ticking time-bomb’ affecting globalised supply chains
Security experts have called for international-level coordination to help combat complex cyber-attacks that are having an increasingly disruptive effect on countries’ critical infrastructure.
The absence of a coordinated response is a “ticking time-bomb” that threatens organisations’ supply chains in particular, said computer security firm Kaspersky.
The Moscow-based company, which organised a panel on the issue at RSA Conference 2021 last week, said government and public services face the same supply-chain risks as companies, and cited the Sunburst attack on SolarWinds as an example.
The attack, in which hackers compromised SolarWinds’ widely used network management tools, affected a number of US government departments as well as companies worldwide.
Kaspersky also cited the NotPetya global malware attack in June 2017, the 2014 hack of Sony Pictures and the ransomware attack that temporarily shut down Colonial Pipeline earlier this month as other examples of incidents that require an international response.
The company said that the absence of a global policy for coordinating attack response has hampered information sharing and trust between authorities in different countries.
Craig Jones, director of cybercrime at Interpol, told the virtual event that organisations don’t tend to immediately turn to law enforcement when cyber-attacks occur.
“When the attack happens, people don’t dial 911 or call the police; we’re normally a second or third call after their IT security, but we should be among the first to investigate it,” Jones said.
He said it was in “everyone’s interest” to “get and share as much information as possible”.
‘Divide and conquer’
Serge Droz, chair of the Forum for Incident Response and Security Teams (FIRST), formed in 1990 initially to coordinate response to attacks including those affecting the Domain Name System, said international coordination is “much bigger than a technical challenge”.
“Cybercriminals love ‘divide and conquer’ – if we’re divided, criminals flourish,” he said.
Jon Fanzun, special envoy for Cyber Foreign and Security Policy of the Swiss Federal Department of Foreign Affairs (FDFA), said the international community lacks a consensus on issues such as how international law applies in cyberspace, how human rights should be protected online, how norms of responsible state behaviour should be implemented and what the role of other stakeholders is.
The Geneva Dialogue on Responsible Behaviour in Cyberspace, led by the FDFA and implemented by DiploFoundation, is an example of an organisation trying to build a joint vision around digital security, he said.
“We also need to implement what we agreed on and to hold those who violate agreements accountable for their actions,” said Fanzun.
Anastasiya Kazakova, senior public affairs manager at Kaspersky, said the company favours a global incident response mechanism to address large-scale and significant cyber-security incidents.
Such a mechanism could serve a key role in providing technical and operational points of contact in the event of an attack and exchanging technical information with national CERTs, law enforcement and cybersecurity professionals, she said.
“Such a mechanism would not only ensure the means for a timely and coordinated global response and incident mitigation but would also help to enhance technical and operational capacities of the global community, thus contributing to greater cyber-stability,” Kazakova said.