Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

NEWS

SM Prime explores potential partnership with Japanese firm for waste-to-fuel solutions

September 25, 2023 12:39 p.m.

Shown here are (from left) SM Supermalls Vice President Liza Silerio, SM Prime Chairman of the Executive Committee Hans T. Sy, GUUN Chief Executive Officer Shinji Fujieda, GUUN Philippine Branch Senior Managing Director and General Manager Takeshi Konishi

Leading real estate developer in Southeast Asia, SM Prime Holdings, Inc. (SM Prime) recently signed a memorandum of understanding with Japan’s GUUN Co. Ltd. to explore a potential partnership to implement waste management solutions by recycling waste paper and plastics as an alternative source of energy called ‘fluff fuel’.

Fluff Fuels are one type of RDF (Refuse Derived Fuel) which are produced from shredded and compressed plastics, papers, and fibers. These are used as fuels in cement manufacturing, paper mill companies, or power companies in Japan.

SM Prime Chairman of the Executive Committee Hans T. Sy is positive that a partnership with GUUN will contribute to the waste reduction goals of the country. “Today, Japan’s waste management and recycling technology is among the most advanced in the world,” he said. “There is no better partner for SM because we do not just talk about being big, we make sure we do it; we do not talk about being environment friendly but we do take bold steps to save the environment. I am looking forward to growing with GUUN as among leaders in solving environmental issues in the Philippines.”

GUUN Co., Ltd., founded in March 2001 and headquartered in Yokohama City, Japan, piloted the production of fluff fuel from plastic waste in Inayawan, Cebu in 2014 and recently inaugurated its P200-million, 2,400-square meter waste recycling plant in Tayud, Consolacion, Cebu.

Since then, Japan’s Ministry of the Environment has adopted GUUN’s waste-to-fuel technology as a model for advanced low-carbon technology innovation for further deployment in developing countries.

“This will be a milestone partnership for us,” GUNN Chief Executive Officer Shinji Fujieda said after the signing ceremony. “I understand very much how important waste management is for SM and for the Philippines and we look forward to more projects we can do with the properties of SM Prime.”

SM Prime’s initiatives for waste management include waste reduction and effective waste collection and segregation. Over the years, it has implemented programs such as Trash to Cash, Plastic Waste Collection, and E-Waste Collection that have contributed to reducing the total solid waste generation across its real estate portfolio.

Through its pioneering Trash to Cash recycling market, SM Prime has collected and recycled 1.4M kg of plastics, paper, metals, and others in 2022. “We have saved 16,766 trees from the 986,222 kg of paper recycled,” SM Prime disclosed in its 2022 Integrated Report to shareholders.

Meanwhile, SM’s Plastic Waste Collection program, a partnership with the Plastic Credit Exchange that was launched in February 2021, has accumulated 42,541kg of plastic waste from 14 mall sites. Also present in all its 83 SM Supermalls is the E-Waste Collection program for the responsible disposal of WEEE (Waste from Electrical and Electronic Equipment). This drive has helped process close to 7,000 kilograms of e-waste. (ENDS)

Continue Reading

NEWS

Satisfy your cravings with these best-selling Nanyang drinks

September 15, 2023 3:30 p.m.

Nanyang isn’t only known for its Laksa Prawn, Cheesy Chicken Chop Noodles and Singapore’s best selling Hainanese Chicken Rice and Kopi.

It also has several best-selling drinks to whet your appetite and satisfy your sweet tooth, such as Iced Teh Melaka, Kopi Jelly Milk Tea, Milo Dinosaur and Kopi O.

Head over to your nearest Nanyang branches nationwide.

Continue Reading

NEWS

USA back on top; Germany takes Top 3 spot in FIBA World Ranking

September 15, 2023 1:28 p.m.

MIES (Switzerland) – The recent completion of the prestigious FIBA Basketball World Cup 2023 has produced some eye-catching positive climbs in the latest FIBA World Ranking Men, presented by Nike.

USA reclaim pole position with 786.6 points after benefiting from their consistency at major tournaments over the last three summers. Finishing in fourth place at the FIBA Basketball World Cup where they outperformed former number one nation Spain, their run to the Semi-Finals came off the back of winning an Olympic title at Tokyo in 2021 and also taking bronze at the FIBA AmeriCup 2022. 

Recently crowned FIBA Basketball World Cup 2023 champions Germany have another slice of history to enjoy as they step into the top three of the rankings for the very first time after moving up a massive eight places and onto 759.7 points. Their stunning success made all the more incredible because of the fact they made the journey to the top step of the podium without tasting defeat. 

Canada also have another reason to celebrate too, with their maiden FIBA Basketball World Cup medal fueling an even bigger rise of nine spots. They now occupy sixth position with 745.5 points. 

Serbia performed in outstanding fashion to make the title game and their second-placed finish gave their fans something to be proud of. Those supporters can also now enjoy and reflect on their country being a top five nation again as they move up a place and into fifth position on 755.6 points.

Meanwhile, when it comes to the scale and impact of climbing the rankings in the upper echelon, nobody can match Latvia. They have rocketed up a staggering 22 places and into the top 10 after their heroic underdog displays which ensured they took fifth place at the FIBA Basketball World Cup. They now sit in 8th position on 743.7 points.

There were many other teams who impressed at the flagship event, including Brazil who recorded three wins in five games and moves up a place into 12th in the rankings on 660.5 points. The Americas region can also boast a nice move upwards of five places into 16th for Puerto Rico on 611.1 points, while Dominican Republic rise six spots into 18th place on 561.9 points.

There were also notable improvements for Georgia who move up 10 positions and into 23rd on 465.9 points, Japan jump 11 spots to 26th on 432.2 points and Lebanon claim an uplift of 16 places into 28th on 423.3.

One nation that truly made everyone sit up and take notice at the FIBA Basketball World Cup 2023 were first-timers South Sudan. They made history by beating China to claim a first win at the event, then pushing on to beat the Philippines and Angola. This has resulted in a sensational climb of 32 spots in the rankings. They now find themselves in 31st place with 375.5 points.

For more information about the method used in the calculation of the FIBA World Ranking Men, please refer to the “How It Works” section.

Click here to view the full FIBA World Ranking Men, presented by Nike.

Continue Reading