June 20, 2017
In a recent exclusive interview [see - Malaysia at risk: CyberSecurity Malaysia chief covers espionage and state level attacks] and later as keynote speaker at this year's Computerworld Malaysia Security Summit, Dr Amirudin had warned of impending state level and critical infrastructure dangers.
"Critical National Information Infrastructure (CNII) is a national asset in which ICS is the vital component that monitors and controls the physical operation of our industrial systems," said Dr Amirudin. "As such, any vulnerabilities in ICS pose a major nation security threat."
"Through CyberSecurity Malaysia, the government has conducted several researches to strengthen our capabilities and implement new solutions," he said. "This has been achieved through strategic partnerships with the industry, professionals and academia."
"We now have a comprehensive approach to deal with cyber threats that includes facing crashoverride or industroyer malware," added Dr Amirudin. "Malaysia is continuously enhancing the state-readiness of ICS, which is reflected in Malaysia's National Cyber Security planning."
He emphasised that ensuring the state of readiness in Malaysia "is an on-going and continuous process. In this regard, several proactive and responsive security measures have been put in place to ensure its continuous functions and operations."
While Dr Amirudin did not want to reveal more details, he did add: "Malaysia places great emphasis on cyber security fundamentals to prevent any cyber attacks on ICS by addressing the triad of people, process, and technology."
"One important aspect is to realise that ICS belongs to both the public and private sectors," he said. "Malaysia must continue to enhance the Public-Private-Partnership approach."
Speaking specifically on the current malware threat reports, Dr Amirudin said: "Malaysia also anticipates the need to respond and withstand cyber attacks such as CrashOverride/Industroyer malware. We need to prepare to ensure that our industries continue to function with minimal disruption to protect the various interest of stakeholders and public. We will enhance our readiness and incident response capabilities both at national and regional levels through Malaysia's CERT (MyCERT), APCERT and OIC-CERT."
Regarding the current status, he confirmed: "As of today, CyberSecurity Malaysia has not received any incident reports from Malaysia's Industrial Control Systems organisations of any Crash OverRide malware. However, we are monitoring the situation on the Crash OverRide malware threat in Malaysia and will take necessary steps such as producing Alert/Advisory to address the issue in Malaysia and assist organisations that need our assistance.
What steps should be in place?
Dr Amirudin said that in addition to the government's preparations, industry partners have a vital part to play.
"Most of the Malaysia's ICS are CNII sectors, of course," he said. "As CNII sector organisations, they are required to implement Information Security Management System (ISMS) procedures as per a Cabinet directive. They are also recommended to conduct periodic security assessments to identify possible vulnerabilities and risks to their environments."
Kaspersky Lab's Ng earlier said: "This is a timely reminder to any organisation with an industrial control system to review and, where necessary, upgrade its security as a matter of urgency."
Ng said that to better protect the ICS environment from possible cyber attacks, Kaspersky Lab recommends the following:
- Conduct a security assessment to identify and remove security loopholes.
- Request external intelligence: intelligence from reputable vendors helps organizations to predict future attacks on the company's industrial infrastructure.
- Train your personnel
- Provide protection inside and outside the perimeter. A proper security strategy has to devote significant resources to attack detection and response, to block an attack before it reaches critically important objects.
- Evaluate advanced methods of protection. A Default Deny scenario for SCADA systems, regular integrity checks for controllers, and specialized network monitoring to increase the overall security of a company will reduce the chances of a successful breach, even if some inherently vulnerable nodes cannot be patched or removed.