Category: Tech

Know Thy Enemy, Know Thy Self: Realities and Limitations of Critical Infrastructure Cyber Security

Critical national infrastructure (CNI) is an umbrella term representing various service industries essential to national function (Telecommunication), survival (Energy/Power), and social wellbeing (Medical). Responding to increasing national demands, more CNIs are joining the digital revolution to streamline operations and enhance productivity. However, despite the adoption of intelligent automation, we are still seeing a growing rate of malicious breaches amongst these enterprises. In a rapidly evolving cyber threat landscape, our business-driven culture only serves to degrade the broader security wellbeing. It is thus imperative for corporate CNI decision makers to understand the realities and limitations facing their facilities.

The Digitised Dragon: China’s Cyber Intelligence, Security and Future Monitors

In July 2016, Finnish cyber-security firm F-Secure published a White Paper entitled ‘NanHaiShu: RATing the South China Sea’. The article discussed the identification of a Remote Access Trojan, a malware which targeted organisations associated to the international territorial dispute in the South China Sea since 2015. Based on technical and motivational characteristics, the malware was attributed to threat actors from the People’s Republic of China (PRC). The identification of NanHaiShu validates findings detailed an earlier study about China’s evolving intelligence strategies in cyberspace, and its move away from outdated mosaic techniques. Armed with a firm foothold in the technological research, development and manufacturing sector, there could be little doubt about the continued sophistication of China’s operational cyber-security capabilities being used in its plans for global market expansion. The recognition of cyberspace as an operation domain has revealed a clear indication of cyber-security’s intimate relationship with global geopolitics, and the subsequent effects on how state coordinated cyber-espionage will be conducted.