Action plan to block cyberattacks in Vietnam

By Allan M. Cytryn, principal at Risk Masters International, and John E. Savage, An Wang Professor of Computer Science at Brown University. Both are members of The Boston Global Forum.

We recommend a series of short- and long-term actions to block cyberattacks in Vietnam. The ultimate goals of these actions are to 1) ensure that the appropriate international agencies are fully engaged in addressing this issue and its longer-term implications; 2) operationally address the issue immediately and restore reliable, safe operations for air travel, and 3) more broadly enhance Vietnam’s cyber-resilience so that it is less vulnerable to such incidents.

Ensure that the appropriate international agencies are engaged: 

  • This is an airline-security issue. We recommend reporting it to the International Civil Aviation Organization (ICAO) and requesting its assistance. While that agency may not have cybersecurity expertise, its leaders are very concerned about security and thus may be able to help address the problem.
  • We recommend reporting the late July incident affecting Vietnamese airports to FIRST, the global Forum for Incident Response and Security Teams. FIRST describes itself as the “premier organization and recognized global leader in (computer-security) incident response.” As you can see from its Web site, it can provide much help with long- and short-term solutions.
  • This serious incident should also be reported to other international bodies, including ASEAN, the G7, the G20 and UNGA.

Address the issue immediately and restore reliable, safe operations:

  • Consultants should be hired to do a forensic analysis of the affected systems. Friendly nations, such as the United States, can advise on companies that are highly qualified to do this analysis and that can be trusted as well.
  • Companies that we would recommend include Crowdstrike and Fidelis.

Longer-term, more broadly enhance the cyber-resilience of Vietnam:

  • Implement broad-based cybereducation at multiple levels.
  • Train local specialists in computer security.
    • The Vietnam Education Foundation (VEF) can help to develop university-level cybersecurity-education programs.
    • The Boston Global Forum can also help with this effort.
    • Vietnam could also emulate the U.S. Computer Science for All program, which encourages young Americans to acquire computer-science skills.

Educate policymakers and academics about Internet-governance issues.

  • The DiPLO Foundation has cybersecurity programs to help diplomats acquire the knowledge necessary to participate in international policy development.
  • The Boston Global Forum can also help with this matter.
  • Develop programs in cyberhygiene for the general population and develop policies and practices to ensure that the general population is appropriately educated in this area:
    • Begin classroom training in early education and continue through all levels of schooling.
    • Provide online courses to let all persons, including those not in school, to be properly educated.
    • Consider policies and incentives to encourage people to take the cyberhygiene courses.
    • Develop a cyber-resilient infrastructure.
  • Broadly adopt the principle of cyber-resilience across all the IT and communications infrastructure in Vietnam.
  • Jumpstart the process by targeting key industries, individual businesses and other organizations that have the highest level of exposure and risk.
    • Consider “pooling” or sharing resources and teams across multiple organizations where appropriate and practical to maximize the speed and effectiveness of the initial programs.
    • Identify and address reasonable impediments to success, including funding, product availability, staff availability and training.
  • Align these efforts with training goals, using these implementation activities to further the nation’s plan to train individuals who can then apply their learning to other enterprises.

Cybersecurity is in G7 Summit’s closing declaration

(June 6th, 2016) We at The Boston Global Forum were very pleased that the G7 leaders at their May 26-27 summit in Japan included in their final declaration an important statement on cybersecurity. BGF experts had submitted to the leaders the BGF’s Ise-Shima Norms for cyberbehavior (named after the region where the summit was held).

Cover

The BGF’s recommendations were part of the BGF-G7 Summit Initiative.

Among the leaders’ comments on cybersecurity:

“We strongly support an accessible, open, interoperable, reliable and secure cyberspace as one essential foundation for economic growth and prosperity.’’

The leaders also announced initiatives on improving the global economy through coordinated fiscal and monetary policies; on migration and refugees; on trade; on infrastructure; on health; on improving the condition and status of women; on battling political and other corruption; on climate change, and on energy, including decarbonization.

 

Cyber-expert Schneier discusses need for ‘norms’ at second Online Dialogue to build the BGF-G7 Summit Initiative

(Feb. 12th, 2016) – On Feb. 11 at Harvard Kennedy School, The Boston Global Forum (BGF) held the second in series of online dialogues to build the BGF-G7 Summit Initiative. This session was with Bruce Schneier, fellow at the Berkman Center for Internet and Society at Harvard Law School, and the Chief Technology Officer at Resilient Systems. Schneier was honored as the Business leader in the Cybersecurity “for dedicating his career to the betterment of technology, security, privacy and Internet” in the Boston Global Forum’s Global Cybersecurity Day event which was held on December 12 at Harvard Faculty Club in Cambridge.

 Watch the live-streamed talk here:

Bruce Schneier, a celebrated international cyber-security and cryptology expert, writer and consultant, took part in a wide-ranging discussion on Feb. 11 on cyber-threats and the techniques and policies needed to prevent, or at least reduce, them in what he called the current “cyber arms race.’’ His talk was the second of 12 online dialogues as part of the BGF-G7 Summit Initiative to address cyber-security.

He compared the cyber arms race with the confusing early days of nuclear energy (about whose benefits many people were too optimistic), including the nuclear-arms race between the Soviet Union and the United States. The fact is, Mr. Schneier said, that the world still lacks legal and other “norms,’’ and real treaties, with which to limit cyber-aggression by nations and individual “bad actors.’’ Things are chaotic.

Thus, he emphasized the need to focus on cyber-defense, such as through “patching’’ security holes, to “disarm’’ a foe, rather than offense. The trouble with emphasizing offense, he said, is that, because everyone operates in basically the same “cyber-infrastructure,’’ attackers can expose their own information, making the attackers – be they individuals, businesses or governments — themselves vulnerable. He also noted that “the difference between attack and espionage is one command.’’

Gov Dukakis Feb 11

Photo: Governor Michael Dukakis, Chairman of Boston Global Forum moderated the talk.

Mr. Schneier spent considerable time discussing the China’s massive hacking of massive quantities of employee information from the U.S. Office of Personnel Management and the vulnerabilities we all have regarding our personal information being stolen and used for such things as blackmail. Once people steal, for example, your fingerprints from the Internet, they can have power over you for the rest of your life.

And, of course, he noted, Western companies such as Google and wireless firms, are, like governments, relentlessly collecting personal data on us and generally cooperating with governments in doing so. “There’s not a lot of regulation’’ of this, he said.

“Large businesses want to spy on you’’ to obtain the maximum amount of marketing information.

Mr. Schneier expressed considerable alarm about the dangers posed by the “Internet of Things,’’ in which the Internet, acting like the “hands, eyes, ears and feet’’ of a giant robot, can be used to attack public physical infrastructure, such as electric grids, and even individuals, such as through disabling car brakes and manipulating pacemakers.

Mr Nguyen Anh Tuan and Mr Schneier

Mr. Nguyen Anh Tuan, CEO of Boston Global Forum and Mr. Bruce Schneier in the talk.

Interestingly, Mr. Schneier, though primarily a technical person, said the best ways to improve cyber-security are for nations to have dialogues to set globally governmentally recognized norms on cyber-behavior and to establish new “social mechanisms’’ to keep us safe.

The answer to cyber-aggression is “political, not technical solutions,’’ he asserted.

The BGF’s continuing online dialogues on cyber-security will discuss possible social and political answers to these burgeoning threats in coming weeks.