I had the privilege to participate in Singapore International Cyber Week 2017 (SICW) at the Suntec Singapore International Convention and Exhibition Centre between September 18 and 21. The event also included big conferences such as the 26th GovernmentWare, or GovWare, the region’s premier conference and exhibition on cybersecurity, and the ASEAN Ministerial Conference on Cybersecurity.
This year’s theme was “Building a Secure and Resilient Digital Future through Partnership” to reflect the Singapore government’s strong commitment to deepen regional and global collaboration. The event attracted more than 6,000 international and regional thought leaders from governments, academia and industry, which showcases growing interests in cybersecurity and international cooperation.
The distinguished speakers for GovWare were diverse, including representatives from Australia, China, France, Indonesia, Israel, Japan, Malaysia, the United Kingdom and the United States. I was pleased to see they all emphasized the importance of partnerships to tackle complex cybersecurity issues, and that all the countries are taking action.
Partnerships also require the appreciation and inclusion of diversified cultures and views from different countries, sectors and organizations. One of the distinguished speakers, Izumi Nakamitsu, under-secretary-general and high representative for disarmament affairs, United Nations, recognized that diversity is crucial in cybersecurity and that the community needs more women. She encouraged the audience to keep an open dialogue on the topic and seek thought diversity.
Palo Alto Networks had two speakers at GovWare this year. Rick Howard, chief security officer, and Sean Duca, chief security officer for Asia-Pacific. In his GovWare keynote, “The Next Government Evolution: Automatic Enterprise Security Orchestration — A Radical Change in Direction,” Rick shed light on how resilience can be achieved through automation and a cybersecurity platform. He explained why defense in depth is no longer effective to defend our networks. Security practitioners have tried to transition to the attack lifecycle model as a replacement, but their efforts have not borne fruit – there are too many tools to defend, it’s too complex, too much time is wasted, and the model is inefficient in crossing the last mile with threat intelligence.
Rick offered two new perspectives with automatic orchestration and the Application Framework. First, automatic orchestration allows organizations to replace two old best practices, vendor in depth and best in breed, with the new best practice of a cybersecurity platform to gain complete visibility, reduce the attack surface, prevent known threats and discover unknown threats. Second, the Application Framework, announced five months ago, will help third-party vendors to deliver their applications to new customers and enable them to easily consume the latest technologies.
Sean drilled down on utilizing cyberthreat intelligence to improve cybersecurity in his GovWare session, “The Power of the Crowd, in the Cloud,” on GovWare’s Cyber Threat Landscape & Intelligence track. He stressed that, in today’s complex cyberthreat environment, no organization can win alone against adversaries’ rapidly changing playbooks. Stovepipe efforts are costly and inefficient. We must leverage the force of a community to share cyberthreat intelligence across the industry in near-real time, via cloud, to allow organizations work with the growing volume of threats, look at similar known threats and uncover unknown threats.
Of course, sharing cyberthreat intelligence is easier said than done. We first have to build trust and talk about the capability and value this brings. Conversations around cyberthreat intelligence cloud sharing easily start with a flat “no,” rather than analyzing what prohibits an organization from sharing what and why. With such trust established, organizations can start addressing cyberthreats based on shared intelligence, not in isolation.
To address privacy concerns, Sean explained, Palo Alto Networks launched the APAC WildFire cloud, located in Singapore. This allows customers in the Asia-Pacific region to benefit from Palo Alto Networks WildFire cloud-based threat analysis and prevention capabilities via an APAC-based cloud.
As a company, Palo Alto Networks believes the private sector has the technical ability and responsibility, as security innovation leaders, to collaborate with governments and thought leaders. We look forward to continuing to contribute to stronger and wider cybersecurity partnerships, and to coming back to SICW and GovWare next year.