Era of continued convergence Robotics, Geo-Politics & CyberSecurity Editor's Desk, APSM

Chris Cubbage,
Director, MySecurity Media Pvt Ltd.

“We don’t drown our partners in a sea of debt. We don’t coerce or compromise your independence. The United States deals openly, fairly.” Vice President Pence at the 2018 APEC CEO Summit.

In this final edition for 2018, Singapore Correspondent, Jane Lo has provided a number of impressive articles, including reviews on SingTech, Cyber Security Forum, CISO Elite Asia 2018, Risk Innovation Forum and the Singapore International Robo Expo 2018, noting the global robotics market is expected to reach USD 50 billion in total revenues in 2018, inclusive of hardware, software and services. By 2021 the market will nearly double reaching USD 90 billion. (ABI Research).

With this forecast in mind, the security domain in the Asia Pacific remains fascinating and challenging to keep abreast. Be it the degrading geo-politics playing out between the US and China, along with the absence of outcome statements from the APEC Summit in Papua New Guinea. To the current news of the day in the Marriott Starwood breach, where the company discovered there had been unauthorised access since 2014, and believes up to approximately 500 million guests who made a reservation at a Starwood property have been compromised.

With an Australian perspective, Danielle Cave, deputy head of the International Cyber Policy Centre at Australian Strategic Policy Institute (ASPI), has released an opinion piece, stating, “There is a lot at stake in the China–Australia relationship and, as we attempt to balance these economic and security interests, there is an element of schizophrenia to our attempts to ‘get the China relationship right’. It’s a deeply important relationship but it’s also incredibly complicated and it’s only going to get more so. There is no right path forward that will please everyone. But there is a wrong path, and we are in danger of taking it…The real issue is that in trying to protect the relationship with Beijing, the [Australian] government is not being open with the Australian public, who have the right to be informed about new and emerging risks to their businesses, intellectual property and online safety.”

Directly related to geo-politics is cybersecurity. We have been at a cyber war for some years and the US is clearly starting to call it out, predominately lead by US Vice President Mike Pence. At APEC on November 17, Pence said, “China has ‘tremendous barriers’; they have ‘tremendous tariffs’; and, as we all know, their country engages in quotas, forced technology transfer, intellectual property theft, industrial subsidies on an unprecedented scale. Such actions have actually contributed to a $375 billion good trades deficit with the United States last year alone. But as the President said today, ‘that’s all changed now’…. We’ve taken decisive action to address our trade imbalance with China. We’ve put tariffs on $250 billion in Chinese goods and we could more than double that number. But we hope for better. The United States though will not change course until China changes its ways.”

For Australia and relating to its relationship with China, cyber security revenues will soar from A$2 billion in 2016 to A$6 billion by 2026. This comes as part of an upward trend in cyber security spending around the world. US$131 billion was spent on cyber security globally in 2017, with an 88 per cent increase expected by 2026. With the second-highest ‘cyber maturity’ in the Indo-Pacific and strengths in core skill areas such as quantum computation, wireless technology and high-value hardware, Australia, according to the 2018 update to Australia’s Cyber Security Sector Competitiveness Plan is the ideal growth environment for cyber security businesses. The statistics are included along with the first ever Australian Cyber Security Industry Roadmap; launched by the Australian Minister for Industry, Science and Technology, the Hon Karen Andrews MP.

McAfee has also released its annual Threat Predictions Report, which outlines predictions for the cybersecurity landscape in 2019. One major prediction is that data exfiltration attempts from the cloud are expected to significantly increase in 2019, both globally and at a local level. Across the regions, protecting the cloud will become a non-negotiable safety measure to ensuring cyber-resilience, as 89% of organisations in the Asia Pacific store sensitive data in the cloud, and the amount of files shared with sensitive data has increased 53% YoY. Other predictions include:

• The cybercriminal underworld will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together.

• Attackers will be employing AI to help them avoid detection by security software, particularly to automate target selection, or to check infected environments before deploying later stages and avoiding detection.

• 2019 will see the use of multifaceted, synergistic threats – in other words, where several different kinds of cyber threats (phishing, ransomware, cryptojacking) are used in tandem. These attacks are hard to classify, and even harder to mitigate, and is yet another manifestation of cybercriminals becoming even more sophisticated and collaborative.

• Identity platforms and IoT edge devices will be under siege as criminals leverage them to mount attacks on industrial control systems.

Another paper worth a look was released in Singapore, the Adversarial Attack Simulation Exercises (AASE), often referred to as Red Team (RT) exercises. These exercises are sanctioned, planned, risk-managed and objective-driven cyber security assessments that simulate highly sophisticated targeted attacks against an organisation. Aimed at guiding Financial Institutions (FI), the guidelines encourage creative scenarios for their attack simulation by identifying the most likely adversaries and the attack vectors through threat modelling. The goal of these exercises is to assess the capability of a FI to prevent, detect and respond to cyberattacks that may impact Critical Functions or business continuity. Exercises simulate a full end-to-end cycle of a cyber security attack, replicating actions and procedures utilised by real world adversaries with a high level of intent, sophistication and capability. It seems however, that all industry sectors should have such guidelines and preparing for an ever increasing rise in sophistication in attacks.

And on that note, as always, we provide plenty of thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Enjoy a safe and happy festive season and see again in 2019!