APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Managed Services
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Managed Services

    Procurement

    Smart City

    Workflow

Menu
    • IMS
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Plea for a Resilient Infrastructure

    Pierre Noel,

    Inverting the IT Iceberg

    Chris Miller, CIO, Avanade

    IT Moves to the C-Suite

    Jim Deren,

    Simplified Deployment and Management of Data Center and Network Operations

    Ari Bose, VP & CIO, Brocade

    Evolving Challenges in Information Security Management

    Prashanta Ghoshal, Global Head, ITES, Geometric Ltd

    Revamp Hospitality Business with Technology Alignment

    Vijay Choudhary, GM-IT, HRH Group of Hotels

    Supercomputers and their Changing Landscape

    Dr Pradeep K Sinha, Sr. Director (Corporate Strategy and R&D), Centre for Development of Advanced Computing (C-DAC)

    Hospitality upgradation with Technology

    Khushru Siganporia,

    right

    Critical Infra-structure Protection

    Ken Soh, and CIO and Director,

    Tweet
    content-image

    Ken Soh,

    BH Global Corporation Ltd is today an established group providing a comprehensive suite of solutions that includes supply chain management, design and manufacturing solutions and engineering services to the Marine & Offshore and Oil & Gas industries.

    Cyber Attack - Are we even ready?

    Recently, an ethical hacking group was invited to perform vulnerability tests for a national water dam infra-structure. To the authority’s horror, the group managed to gain access to the dam gate management and control system via the internet within seven hours of intensive “hacking”.

    "The multi-faceted nature of attacks, coupled with freely available malware construction tools has created a highly unpredictable state of affairs even at nation-wide level"

    This means that all the water dam gates could be opened simply by the press of a few buttons if so desired by the hacking group. Today’s cyber security landscapes are unprecedentedly dynamic and complex. The impact of malicious intents has escalated from just enterprise-wide damages to catastrophic possibilities when such acts are targeting at critical infra-structures. The multi-faceted nature of attacks, coupled with freely available malware construction tools has created a highly unpredictable state of affairs even at nation-wide level.

    “Malware” and “Advanced Threat”

    In the past, malwares usually exhibited noticeable symptoms such as slowing down of PCs or crashing of hard-disks. In the cyber security industry, this is termed “noisy threat” because any infection is easily felt and noticeable.Today, more advanced approach, named “Advance Threats” entails malware that sits silently in the infected PC and acting as an agent for a remote “Command and Control” station to steal or manipulate information in the infected PC remotely, even from another end of the globe. Typically, historically discovered “malware” are computed with identifiers named “signatures” that are used for future identification. This is similar to the DNAs of biological viruses. Unfortunately, since “Advance Threats” are typically yet to be discovered, they do not have known “signatures” (or DNAs) and therefore are harder to be discovered and be filtered out by

    main-stream anti-virus tools and measures. Unfortunately, such threats are silent yet lethal. It is akin to the killing risk of carbon-monoxide as it is odorless, and by the time it is discovered, the killing might have been affected and it is too late for any rescue/remedial actions.

    Why is “Advanced Threat” so Dangerous?

    “Advanced Threats” today are not just silent information stealers, they may initiate serious and catastrophic threats that target critical infra-structures such as energy, water and even nuclear plants. A quick Google search on “stuxnet” would explain that. The reality today is, large infra-structures, be it in sea, land or air, are subject to such kind of “soft but potentially fatal” threats unknowingly.

    For example, there were reported cases that a floating oil rig was tilted; and another was stalled for 19 days, both due to infected systems. Separately, Somali pirates today are eavesdropping on vessel navigation information as a means to identify their “fatter” targets. This forces many ships sailing in the piracy-prone zone to turn off their navigation systems, or to use devices to “illegally” report false location information to the global navigation networks. Unfortunately, such “counter-measures” are risky by it for apparent reasons.

    In the past, you download or copy a bad file, and your PC is infected. Today, a PC could be infected silently merely through visiting a malicious web site. The user does not even need to click on anything in the web site to be infected.

    Education is Key

    The community therefore could not stay ignorant of such threats anymore. To re-iterate, there are few elements that business owners should be educated in and aware of:

    Firstly, today’s malwares typically do not perform straightforward attacks like crashing your hard-disk. It stays silent and resident in your system, acting as the agent, responding to a “Command and Control” (C&C) system that may reside in remote PCs in even another country, to easily browse your PC and siphon out files and information of interests. Secondly, the infection process is much more advanced today. You may just be browsing a website, or might open a document file in an email, and because these malware do not get detected easily, they do not bear signatures so they may stay undetected in your PC for a long time. Thirdly, and most seriously, these malwares today may target infra-structural operations.

    The Counter-Measures – A Holistic Approach

    Alongside education, it is important that appropriate processes and tools are put in place, whether it is in the land offices, on-board vessels or off-shore sites. There is no one-size-fit-all solution. The site concerned needs to be accessed by the security specialists so that a fitting solution could be recommended. Over or under sizing of security measures would result in unnecessary spending or inadequate measures respectively.

    While the traditional perspective of people, process, technologymay sound like another outdated and dry reference model, it remains a useful baseline for a holistic and effective cyber security management framework. With the rapid emergence of new and sophisticated malwares, CIOs/CISOs may start to feel the criticality of technology factors over people factors going forward.

    In summary, today, it is essential for organizations to incorporate end-to-end actionable items into their BCM framework. Some of these items include: cyber-attack vulnerability assessment, prevention, detection and incident response framework.

    tag

    cyber attack

    Supply Chain Management

    Weekly Brief

    loading
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?

    The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?

    Andreas Kurz, Global Head of Digital Transformation, ALFAGOMMA Group
    The Role Of Digitalization In Transforming Airport Customer Experiences

    The Role Of Digitalization In Transforming Airport Customer Experiences

    Kebebew Bulto, Director Addis Ababa Bole International Airport, Ethiopian Airlines
    From Chemical Solutions to Data Center Innovations

    From Chemical Solutions to Data Center Innovations

    Akmal Zharif Bin Abdullah, Datacenter Manager, Aeon Credit Service (M) Berhad [KLSE: AEONCR]
    Ethics & Compliance in a Digital World: Navigating HCP Engagement in APAC

    Ethics & Compliance in a Digital World: Navigating HCP Engagement in APAC

    Sherene Cham, Regional Director, Ethics & Compliance – APAC, Menarini Group
    How AI is Driving Innovation and Customer-Centricity in Insurance

    How AI is Driving Innovation and Customer-Centricity in Insurance

    Xinfa Cai, Chief Innovation Officer, AIA Group
    The Impact of Smart Infrastructure on Growing Cities

    The Impact of Smart Infrastructure on Growing Cities

    Scott Edward Sidhom, Manager Infrastructure Planning, Liverpool City Council
    Transforming Engineering through Data Science

    Transforming Engineering through Data Science

    Agus Jamaludin, Data Scientist Lead, Petrosea
    Redefining Risk Management: Strategies for a Safer Future

    Redefining Risk Management: Strategies for a Safer Future

    Nhu Nguyen, Risk Data Analysis Manager, Pnj Group
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://ims.apacciooutlook.com/cxoinsights/critical-infrastructure-protection-nwid-1070.html