October 18, 2023
SINGAPORE – United States cyber security chief Jen Easterly on Tuesday called for more international efforts to address vulnerabilities in technology, which help online scams and cybercrimes to flourish.
“At the end of the day, it comes down to this: We are all relying on tech that is full of vulnerabilities, and scammers take advantage of that,” she said at a media roundtable held on the sidelines of the Singapore International Cyber Week.
She had been asked to comment on the problem of online scams in the region.
Ms Easterly, director of the US’ Cybersecurity and Infrastructure Security Agency, added: “Technology safety, I think, is something that all of our partners in the region really would want to embrace.”
The most important thing that countries can do to enhance the safety and security of their populations and businesses is to have technology with significantly fewer vulnerabilities that can be exploited by cyber criminals or other nations, she said.
The United Nations said in August that hundreds of thousands of people in South-east Asia are being coerced by criminal gangs into carrying out online scams, which generate billions of dollars in revenue a year and affect victims from across the Asean region and beyond.
Research firm Cybersecurity Ventures estimates that cybercrime will cost the world US$8 trillion (S$11 trillion) in 2023, and reach US$10.5 trillion annually by 2025.
Noting the ongoing efforts in the region to combat transborder online crime networks, Ms Easterly said that the US cyber-security agency’s role lies in “building resilience”. This includes “if necessary, responding to intrusions that happen, and then sharing that information about threat actors – their trade craft, their tactics – so that we can help proactively prevent others from being hacked”.
Her comments followed the release on Monday of an updated joint cyber-security guide by the US, Singapore and partners from 12 other countries and regional entities.
The guide, titled Shifting The Balance Of Cybersecurity Risk: Principles And Approaches For Secure By Design Software, urges software manufacturers to ensure that their products are “secure by design” and “secure by default” against malicious cyber actors.
Updates to the guide, which was first published in April, include new international co-authors – among them the cyber-security agencies of Singapore, Japan, South Korea and Israel – which join the original contributors from North America, Europe and Oceania.
Ms Easterly said that the guide, which was updated after soliciting feedback from a range of stakeholders, has now doubled in length.
It contains more “granular detail”, including on the principles and approaches by which manufacturers can build security into the process of software design, and signal that they are doing so.
It also gives customers the tools to demand more from their vendors in terms of security, incentivising manufacturers to do more on this front.
The Cyber Security Agency of Singapore “strongly encourages” the guide’s adoption, said Mr David Koh, the agency’s chief executive.
“Technology manufacturers should be intentional about ensuring that cyber security is a key aspect of product development from the start, such that their products are inherently safe and secure for all users,” he said.