Countries Urged to Invest More Resources in Cyber-Security and Cyber-Defense
Early in 2022, Singapore announced the creation of the Digital and Intelligence Service to protect the Republic from growing digital threats. The DIS is tasked with the intelligence, cyber and psychological defence of Singapore, a timely addition to the Singapore Armed Forces at a time when the global cyber threat is coming from all sides, on all levels, without respect for boundaries and international borders.
Cyber warfare and cyber terrorism, like cyber-criminals can strike at any time, at anyone, even during the most turbulent and vulnerable moments. Cyber-attacks are no longer just a passing trend, but have become a complex issue that every person, every business and every county should protect against.
But how do you protect yourself when the enemy is always one step ahead of the weapons available to defend ourselves or protect us?
What does it take for countries to build up their cyber-defences to be ready at all times?
Tech360.tv’s Timothy Go recently met with Patrice Caine, Chairman and Chief Executive Officer, Thales for a wide-ranging dialogue about global cyber-security and how the French technology company is attempting to help build a future we can trust.
Timothy Go: How are the cyber defence systems evolving internationally?
Patrice Caine: They’re two different worlds, cyber security and cyber defence. There is no notion of sovereignty in cyber security. There is a notion of sovereignty in cyber defence, the word which is extremely important, defence in cyber defence, so in cyber defence, as far as we are concerned, our main duty or added value is to make sure when we deliver a defence system, radar and air defence system vehicle whatsoever, to make sure that at the early stage of the design, you have incorporated a proper, I will say cyber features to make sure that these systems will be resistant or will resist against cyber attacks. Because these cyber attacks exist, of course as well in the defence world, and can do even more damage than physical damage to the system.
Timothy Go: So let's talk about many countries now setting up their own cyber defence systems. How do you build a robust cyber defence system for a country?
Patrice Caine: Well, I see two things, one, which is the relationship with private companies, which is what I've explained, how do we cyber secure, by design, the system we deliver to the armed forces. The second aspect of your question is our armed forces develop their own Cyber Command or cyber army. It's not a secret but all major countries have set in place a fourth army, the cyber army, not only to defend and protect but as well to attack, if necessary, other states.
Timothy Go: Now you brought that up, so there's a preemptive strike possibility when it comes to cyber defence, but how do they identify who their enemies are?
Patrice Caine: There we come to the ground which is less and less ours, in terms of, again, of private companies. This is really a question that has to be dealt with by officials. What are their priorities, what do they consider as a threat or as an acceptable situation. In all these cases, these resources are scarce, as always. So then, priorities arise where they feel that the major threats are and where they will dedicate their resources to deal with these threats, be it in the physical world or in this case in the virtual world, the cyber world.
Timothy Go: You were talking about how easy it is to get ransomware on the dark net. I think the best way to make people aware of the threat out there against us is by scaring them. So how do you paint the cybersecurity, cyber threat landscape that we are living in right now?
Patrice Caine: The landscape is, honestly, a bit scary; scary when you know what an attacker can do and quite easily, in fact. So, no need to increase the level of stress for people, for the individual. No, we need to increase the level of awareness and for that, [we need] to communicate more or just to take illustrations coming from our day-to-day life, to show that yes, there is a risk, the risks exist, we need to be aware of it and to take, I would say, simple and appropriate measures to get protected properly.
Timothy Go: Let’s talk about the threats that we are facing on a daily basis. Is there going to be a time when you think your cybersecurity systems will be ahead of the hackers because now it seems we only hear about cyber attacks after the attack. But will there be a time when the system will be put in place strong enough that we will not have to worry about this?
Patrice Caine: Two things, first, you don't hear of all the attacks that have been defeated thanks to Thales or other cybersecurity companies, but let's speak about Thales. So I'm not sure that we are late. I'm not sure that attackers are ahead of us. In fact, the vast, vast majority of the attacks have stopped at a very early stage meaning no damage at all. Now, it's true that I would say, innovation stands on both sides. We innovate attackers, but criminals innovate as well. It's sad to say, but this is the reality. And it's a bit of a race. Each one, each of us tries to innovate faster than the other.
Timothy Go: So who is winning the race? I mean, how do you win this race?
Patrice Caine: This race has no end, I mean, it's an endless race. Unless we dream of a world without any criminals one day, it could happen. But it's not, I would say it is not the most likely scenario, looking how the world has been over the past centuries. So let's assume that criminals will always exist, and of course, it's our duty to advance or progress, we invest at the right rhythm, we innovate at the right rhythm, where we are always in control. When I say we, I mean our customers or individual citizens stays always in control, even if, in some cases, criminals may win.
Timothy Go: Somebody once told me that we need to look at cyber criminals the same way as we look at every other criminal out on the street. We need to look behind us, make sure nobody is taking our wallets. It's the same way, however, in all the systems that we are using, all the levels of protection for consumers, at least that we have on our devices, are an inconvenience to many of us. I mean, my mother doesn't lock her phone for example. She finds it inconvenient but she is vulnerable. So how can there be a cyber security system that is convenient for people to have on their devices, on whatever they're using without having to activate anything?
Patrice Caine: I don't think there is an ideal solution. However, there are some interesting solutions that may help ease the use of security. Security is useful but it can be seen as being, as well, painful. You need to remember many passwords. But I think that biometrics may be of great interest. In fact, you become your own password. So you don't need to remember who you are or what is your password. You, as a person, you are your own password. And in fact, you can log in to a system thanks to face recognition, fingerprint recognition and iris recognition, to take these three examples, in a smooth and nice way that allows your grandfather or grandmother to be secured even if they cannot remember a password.
Timothy Go: So as to say now we are humans trying to prove to machines that we are humans.
Patrice Caine: Indeed, absolutely.