Wednesday, December 11, 2024

DIGITAL INFLUENCER | Are we ready for AI-aided cyberattacks?

Sometimes, I can’t help but wonder how ready our government agencies are to roll out e-government services which they were mandated under the Philippine E-Commerce Law (Republic Act 8792), which served as the basis for the creation of the E-Government Fund where more than a billion pesos is allotted yearly.

Since its annual allotment in 2003, how many of those investments through the years are still in use and updated today? Or have they mostly gone to waste? Have they been properly appropriated to also ensure that e-government projects are secured?

It was chaotic back then when I was wearing my hat as executive director or consultant for the Congressional Oversight Committee for the E-Commerce Law. But with an E-Government Masterplan in place, I remain to be very hopeful despite the challenges we are experiencing today.

Last August, I organized a Digital Growth Day face-to-face event in Manila to gauge the readiness of my community to go out and network with like-minded peers. A topic that caught everyone’s attention was the talk of Wilson Chua, founder of FutureGen International based in Singapore, which focused on cybersecurity now and in the future.

He believes that the future of e-government cybersecurity will likely involve more advanced AI-driven threat detection, increased reliance on blockchain for data integrity, and a growing emphasis on user-centric security.

“Hackers will likely move to more social engineering attacks aided by AI (deep fakes etc.) as vulnerable systems are hardened. Engaging the community to be invested partners in security would be a cost-effective strategy. The integration of 5G and Internet of Things (IoT) in government services will introduce new security challenges, requiring innovative solutions and regulations to address them,” Chua said.

According to him, the average number of days for a hacker to breach a system is about 13.5 days.

“The malevolent duration (the amount of time for the cyberattack to persist before resolution) should be lower than that. However, hackers using artificial intelligence (AI) could cut the average success time to less than a day. Almost any vulnerable machine can be breached. We need to be proactive and think about countermeasures today,” he said.

Safeguard against cybersecurity threats

The most pressing cybersecurity threats facing e-government platforms today center around confidentiality, integrity, and availability of service.

Chua explained, “These include DDoS attacks, ransomware, and data exfiltration. These threats are constantly evolving, as hackers adopt new technologies — becoming more sophisticated and harder to detect.”

For example, in 2021, the SolarWinds cyberattack compromised numerous US government agencies, highlighting the evolving nature of supply chain attacks in the e-government sector.

In that incident, instead of attacking the government’s network system, they aimed at SolarWinds’ product Orion (network infrastructure monitoring system) used in numerous government agencies. It delivered a backdoor malware as an update to its software. This cyberattack compromised more than 30,000 companies.

Chua suggests that risk management and threat assessment for government digital services should be comprehensive, involving continuous monitoring, vulnerability assessments, and scenario planning.

“Adopting a framework like those from Amazon Web Services (Governance, Risk Management, and Compliance) helps agencies plan for this. This helps identify and mitigate potential risks before they become major issues,” he said.

Review procurement policies

Chua believes government agencies should review their procurement policies for security-related investments.

“Governments should prioritize and allocate resources for cybersecurity based on risk assessment and the value of the services they offer. Critical infrastructure and sensitive data should receive the highest allocation. The United Kingdom’s National Cyber Security Centre (NCSC) offers guidance on risk management and resource allocation.

“Sometimes, the procurement practices are hindering the effective deployment of countermeasures. The government should implement a multi-faceted approach to safeguard against cyberattacks. This includes regular software updates, employee training on recognizing phishing attempts, and robust access controls,” he said.

The Australian Cyber Security Centre provides detailed guidelines and toolkits to help government agencies improve their cybersecurity posture. For the Philippines, we have the Cybercrime Investigation and Coordinating Center (CICC) that disseminates cybersecurity updates and provides a venue where Filipino Internet users can submit a report.

Chua also urges government agencies to take a look at “bug bounty” programs or have a clear pathway for concerned citizens to report vulnerabilities or breaches.

“These steps may prove to be more cost-effective than more traditional approaches,” he said.

Protecting citizen data

With the recent wave of hackings on Philippine government websites, e-government services should ensure the protection of sensitive citizen data against breaches and unauthorized access. Chua emphasized an important principle in data privacy.

“Collect only the data you need. Then protect what you collect. To protect sensitive citizen data, e-government services should employ encryption (in use, in transit, and at rest), strong access controls, and regular security audits.  They can also study what other countries have already done,” he said.

Estonia is a good example of a country with a comprehensive e-government system that utilizes blockchain to secure sensitive data, ensuring that only authorized individuals have access.

Another aspect of data privacy and network security is accountability. Although there are a lot of things beyond our control, taking serious action has to be demonstrated.

Chua added, “How many government agencies have implemented an Acceptable Use Policy? How many top government officials have been made accountable for data breaches?

High-profile breaches can erode trust, but transparency, quick response to incidents, and public awareness campaigns can help regain confidence. In the aftermath of a data breach, Singapore’s government engaged in open communication and offered free identity protection services to affected citizens to restore trust.

Balancing privacy concerns with heightened security measures requires transparent policies, strong encryption, and data minimization practices. For example, the European Data Protection Supervisor (EDPS) ensures that EU institutions maintain a balance between data protection and security.

Sometimes all that we need to do is to communicate the countermeasures and the impact that these could have on our users’ privacy. A “No expectation of Privacy” clause in the Acceptable User Policy will help towards this.”

Incident response plan for cyberattack in e-gov’t systems

Chua believes government agencies need to simulate a cyberattack incident and do a ‘tabletop’ exercise.

“This exercise focuses attention on what else is needed, what are the gaps, and how one can quickly restore services. A robust incident response plan for e-government differs from the private sector due to the scale and sensitivity of government operations. It should involve swift coordination between multiple agencies, clear lines of authority, and compliance with government-specific regulations. The US National Institute of Standards and Technology (NIST) provides guidelines for incident response in the public sector,” he said.

Cybersecurity awareness and training are vital among government employees. Effective implementation involves mandatory training programs, simulated phishing exercises, and a culture of security awareness.

The US Department of Homeland Security offers a comprehensive training program for government employees to enhance cybersecurity awareness. In addition, a study by Tripwire shows that the cost of breaches is lower in organizations that have a high level of employee training.

Inter-agency collaboration is crucial in strengthening cybersecurity. Best practices include sharing threat intelligence, coordinating security efforts, and using standardized security protocols. Frequently, attacks come from other countries. Collaboration at the country level can do a lot to neutralize such cross-border attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) exemplifies such collaboration by providing resources and information-sharing platforms for government agencies. Another good example is the PH-CERT (Philippine Computer Emergency Response Team) that coordinates the communication among other country-level CERT organizations.

AI and blockchain in cybersecurity

Emerging technologies like AI and blockchain can enhance cybersecurity in e-government by automating threat detection and securing data. Blockchain can also be used to reduce the risk of unauthorized changes and preserve data integrity.

Chua shared, “At BNSHosting.net, we use artificial intelligence and machine learning to quickly analyze vast amounts of data to identify abnormal activities. Python can also be used to automate a lot of security-related tasks. This enables us to do more with less,” Chua explained.

International cooperation in cybersecurity

International cooperation is essential in combating cyber threats against government infrastructure, as threats often transcend national borders.

Chua shared, “At our Managed Security Operations Center (watchdogcyberdefense.com), we typically send out over 50,000 abuse emails in a day. We use these emails to warn network owners of potentially compromised servers in their network. More often than not, this collaboration results in reduced bases for hackers, and reduced attacks on our clients. So, it is a good win-win that could not have been possible without such international, cross-border collaboration.”

Subscribe

- Advertisement -spot_img

RELEVANT STORIES

spot_img

LATEST

- Advertisement -spot_img