Cybersecurity leadership: Empowering organizations in a hybrid world

By Allan S Cabanlong, PECE, ASEAN Eng.

Nowadays, cybersecurity has become one of the greatest concerns of governments around the globe. We have seen cyber-attacks that affected critical information infrastructure like the power grids, transportation facilities, energy, telecommunications as well as military networks. In Ukraine, its youngest cabinet digital minister, Mykhailo Federov, has opened a new front in warfare – using twitter and other social media platforms to gain support from silicon valley’s giant companies to undermine Russia. He also setup and “IT Army of Ukraine” to launch cyber-attacks against the enemy.

Cybersecurity leadership: Empowering organizations in a hybrid world

We have also seen the rise of cybercrime plagued our nation during the pandemic. Identity theft and social engineering to access confidential networks of industries, banking sector, health sector and the government has spread just like the covid19 virus. According to the Interpol there has been an alarming rate of cyberattacks during covid19, its report has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure. Jurgen Stock, the secretary general of Interpol has said “ Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19” Interpol has also noted that in one-four month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19- were detected by one of the INTERPOL’s private sectors partners. Truly a whole of society approach in cybercrime detection and prevention.

The covid19 pandemic has dramatically changed the cyber threat landscape from which we do our day to day activities (work from home setup, eCommerce, eLearning and etc.). Thus, the need to adapt with these changes by working together, government and private sectors of the community, to solve these pressing issues of cyberthreats. Nevertheless, the use digital technologies must be kept secure and safe to use, and reporting of cyber threats and cybercrimes must be strengthened with the active support of the community.

The whirlwind development in technology, however, has its bane. It has opened a whole new platform for criminals and malevolent individuals to operate. And the more we accelerate technologically, cyberattacks also become more sophisticated and frequent, thus, the need to amplify the security around our cyber environment. Cybersecurity’s role has never been more emphasized than today. The vision of securing Philippine cyberspace to achieve cyber resiliency had been already crafted – The Philippines’ first National CyberSecurity Plan of 2022. As early as 2016, the National Cybersecurity Plan 2022 has been launched and the past years has been a busy period for the government in implementing the vision of a Cyber Resilient Philippines. From awareness campaigns, to activating the National Computer Emergency Response Team, to training government agencies, partnering with the academic and private sectors, the government is now in the operationalizing the Cybersecurity Management System—the first national cybersecurity operations center of the country - equipped with state-of-the art equipment and systems, the CMSP is expected to secure us and recover from any cyberthreats. BUT WHERE ARE WE NOW amid these plans and the cyber technological capability that was operationalized in the early half of 2019? The Filipino people deserves an answer.

Indeed, cybersecurity organization in a hybrid world needs a divergent leader whose background is a blend of two or more diverse expertise in information and communications technology (ICT), intelligence, engineering and technology, risks management, investigation and most of all who can work with partners and stakeholders in local and global arena – a networked cybersecurity governance advocate.

We cannot deny the fact that cybercriminals are always far ahead of the government in terms of their tradecrafts and skills on the realm of cyberspace; all they have to do is watch which doors are open and hack in without the fear of being caught. Cybercriminals are organized as they collaborate to achieve a common goal – destruction, disruption, economic and political gain. On the other hand, the government is still on its classical reactive and siloed approach, waiting for things to blow up on their faces before they act and realize that it’s too late. Criminals collaborate their actions but the government keeps its cyber threat information under the radar instead of sharing it to their partners and the community for fast and efficient detection of threats. Because of these current situation, the government thus failed the true essence of a networked cybersecurity governance.

With the emergence of various software and equipment, standards play an important role in cybersecurity. These software and equipment can land and be used in critical information infrastructure and supply chain. That is why, cybersecurity leaders should look into the importance of adopting a unified cybersecurity standards in its processes, equipment security among others. An evidenced-based and scientific-based in policy decision making should be practiced not by political influence that could be biased and unproven. Nonetheless, cybersecurity leaders should empower its organization to co-create and coproduce with the stakeholders the needed policy and cyber technological advancements to limit the impact or even eliminate cyberthreats. At the end of the day, cybersecurity is a whole of government and a whole of society approach.

The threat landscape is constantly changing, therefore cybersecurity administration must be designed to be adaptive of these changes and empower cyber units and organizations to cope with the ever changing threat landscape of cyberspace. If cybersecurity leaders wish to enforce cybersecurity governance, stakeholders are one of the keys in achieving cyber resiliency and protect the country from cyberthreats; thus promoting a networked governance leadership role in cybersecurity. There are many good and best global practices in cybersecurity governance that can be replicated by our government; this can uplift the morale of the public when they see that government leaders are capable of delivering a transparent and accountable cybersecurity administration.

Finally, cybersecurity leaders and organizations are expected to institutionalize information sharing activities and change the mindset that cybersecurity should not be operated under the radar but with the strong participation of the community. Able and equitable cybersecurity leader is the key to achieve a cybersafe and cyber resilient nation; coupled with the whole of government and whole of society approach – a networked cybersecurity governance in the 21st century.