SECURITY SOLUTIONS TODAY23 Feb 2015
An Interview With Dr. Madan Oberoi, Director Of Cyber Innovation & Outreach Directorate At INTERPOL Global Complex For Innovation, Singapore
Views: 638

The INTERPOL Global Complex for Innovation will be launched in April 2015. What does INTERPOL hope to achieve by starting this Complex and how will this Complex help INTERPOL tackle security threats of the 21st Century?

The INTERPOL Global Complex for Innovation (IGCI) is a cutting edge research and development facility for the identification of crimes and criminals, innovative capacity training, operational support and partnerships. It will develop initiatives and outreach programmes to aid the global law enforcement community to better target and investigate cybercrime and improve cybersecurity.

The IGCI will house Digital Crime Centre and Cyber Innovation and Outreach directorate that will enable international law enforcement agencies to exchange information, understand emerging trends, research and provide innovative solutions to combat cybercrime at a global scale, through strong partnerships.

Located in Singapore, the IGCI will tackle new and emerging crimes in Asia Pacific and around the world, whilst working alongside INTERPOL’s General Secretariat headquarters in Lyon.

But more importantly, in order to tackle modern security threats, a larger multi-stakeholder collaboration and partnership between law enforcement agencies, governments and industry is needed. It is to this end that we launched INTERPOL World, a unique platform to connect all the stakeholders involved, to identify security challenges and co-create innovative solutions.

Could you tell us a little about your role as Director of Cyber Innovation and Outreach at the INTERPOL Global Complex for Innovation?

In my role as director of Cyber Innovation and Outreach at the INTERPOL Global Complex for Innovation, I currently supervise two sub-directorates including ‘Strategy & Outreach’ and ‘Research & Innovation’ sub-directorates. The directorate focuses on providing, besides innovative research based solutions for the needs of law enforcement agencies, the strategic foresight in the continuously changing environment. The directorate also aims to strengthen the capacity of law enforcement agencies in member countries to combat cybercrime.

As one of the spokespeople for INTERPOL World 2015, please highlight some of the key issues you will be speaking about at this show?

INTERPOL World 2015 is a platform to bring together private sector, global policy makers and law enforcement agencies. As part of the cyber security panel, we will be focusing on building capacity of Law Enforcement Agencies to combat cybercrime through training, research based innovative solutions and multi-stakeholder approach.

Can you describe the evolving cyber threat landscape in the 21st Century? Are cyber attackers getting more sophisticated or are our defenses getting worse?

The Internet has created borderless societies, providing unprecedented opportunities to generate wealth and stimulate economics, but the increased connectivity and reliance on the Internet has also created unexpected vulnerabilities.

Cyber-attacks have definitely become more sophisticated over the years. Often, these advanced hackers target higher levels of victim, mainly from financial sector, critical infrastructure providers, and Fortune 500 businesses.

The very nature of the threats facing the digital landscape means that it transcends national boundaries and the growing interconnectedness between countries means that everyone is just as susceptible to crimes committed in the cyberspace. Hence, security platforms such as INTERPOL World that have governments sharing knowledge and experience of each other are very valuable in the global fight against cybercrime, particularly since some countries are more advanced than others in this area.

INTERPOL World will address the vulnerabilities in the cyberspace and what governments and private organizations can do to protect themselves and secure their communications and transactions.

Is cybercrime an issue that only affects larger companies or should smaller companies be more concerned and pro-active as well? What measures can these companies put in place to alleviate such threats?

It is often difficult to estimate the global impact of cybercrime in organizations, due to its scale and incidents often being publicly unreported. Given that crimes in cyberspace are truly a global threat, a global response is required. This calls for larger multi-stakeholder collaboration and partnership between law enforcement agencies, governments and especially with industry.

Threats to cybersecurity are also changing rapidly. However, government effort alone is insufficient to keep up with and deal with the pace at which these threats evolve.

INTERPOL believes firmly in the need to use technology to fight crime in the cyberspace as they take place in a matter of seconds. It is equally important to engage the private sector in co-creating innovative solutions to address cybersecurity issues, and for governments to share best practices and learn from one another.

Geographically, which places are the hacking “hotspots”?

It is difficult to place a “hotspot” on a map because each attack is highly subjective and aimed at multiple actors who are not necessarily within one state. The attacks can be aimed at a particular geographic region, but often they are positioned target specific businesses, governmental agencies, consumers on a mass scale, and even prominent individuals.

It has to be also understood that the cybercrime does not respect any territorial boundaries, and due to interconnected nature of cyber space, all spots are connected and almost equally vulnerable.

What are some of the security risks ahead in 2015 as cyber criminals become more sophisticated?

As we become increasingly integrated with the Internet in a phenomenon referred to as the ‘Internet of Things’ – with over 10 billion of our devices holding sensitive information on our daily activities, from bank and credit card transactions to social and government interactions – there is a multitude of opportunities for cyber criminals to exploit. Some of the security risks expected in 2015 come from botnets, DoS attacks, hacking, keystroke loggings, phishing, and through malware.

In this respect malware today represents a considerable security risk. Malware is a generic term covering a range of software programs designed to attack, degrade, or prevent the intended use of information communications technology (ICT) systems or computers. It also extends to mobile devices, including smartphones and tablets. This translates into a massive increase in the number of potential breaches of personal information.

The advances in the technology, besides increasing the ease of using the Internet and providing new and innovative services, is also providing new attack vectors, waiting to be exploited by cyber criminals.

The theft of financial information is nothing new, with stolen credit or debit card data on the black market a well-established and lucrative business for cyber criminals. As new ways for paying for goods, such as contactless and mobile payments become the norm for consumers around the world, how can retailers protect themselves and their customers from hackers?

Cyber security threats are accelerating in terms of quantity and severity, and no cyber defense is fail proof. The most important thing that companies can do is to not exclusively focus on only ‘protecting’ their networks, but also to enhance their capabilities to ‘detect’ and ‘respond’ to threats which have made it past their defenses. Only then will any organization be able to develop an integrated strategy to combat cyber threats.

Under the traditional approach of ‘Protect’, the method to combat cybercrime was using antivirus programs, which were developed to detect and screen malicious code from infecting devices. However, as mentioned earlier, the increasing sophistication of cyber-attacks have started to break down this approach. It is estimated that antivirus programs only detect approximately 45 per cent of all cyber-attacks.

Instead, the new approach acknowledges that completely protecting against the exponentially growing threats is almost impossible, and focuses on ‘Detect and Respond’. This involves responding to attacks by tracking data breaches, hacking attacks, and putting in place measures to mitigate the effects of the attacks.

Retailers have to be proactive in identifying potential threats and thinking about preventive measures to safeguard their organization and their customers against cyber-crime. The other important aspect to protect various e-services is related to the effective and successful prosecution of cyber criminals. This is the most effective deterrence in the long term. There is need to work on technologies and policies, which promote better attribution in the cyber space.

Where does Interpol see itself in five years in terms of tackling cyber security around the world?

It is difficult to be certain of the developments that will take place in digital space in five years, in terms of what threats will still exist, and what form and intent they will take on. But it is certain that it will become even easier for criminals to operate as the world becomes more globalized and interconnected, and as borders and geographic space become increasing irrelevant.

Crime committed within the cyberspace is not contained by national or geographical boundaries. For example, a crime may have been committed in a first jurisdiction or country while the victims are in a different jurisdiction. In this case, law enforcement regulations may differ. And given that crimes committed over cyberspace, across borders, within cities and via supply chains are truly global threats, a global response is required. This calls for larger multi-stakeholder collaboration and partnerships between law enforcement agencies, governments and especially within the industry.

INTERPOL believes firmly in the need to use technology to fight crime in cyberspace, to also engage with the other stakeholders like private sector, academia and research organizations in co-creating innovative solutions to address existing and emerging security issues, and for governments to share best practices and learn from one another.

To that end, the launch of INTERPOL World this year is very timely. It will serve as a unique platform to connect governments and national law enforcement agencies with the private sector to identify security challenges, co-create innovative solutions and improve the detection and prevention of digital crimes around the world.

For more information, please visit: www.interpol-world.com.