Egypt stresses cooperation in combating threats to computer networks
DR. SHERIF HASHEM VICE PRESIDENT FOR CYBER SECURITY, EGYPTIAN NATIONAL TELECOM REGULATORY AUTHORITY
A good way to summarize the challenge confronting nations regarding cyber security is this: Whereas nations are hesitant to cooperate with one another in sharing information and technology, criminals are masters of collaboration. We’ve even heard reports of cyber criminals who take vacations together to share tricks of their trade.
But it’s not just cyber criminals who pose potential threats to a nation’s computer networks. Fifteen to 20 countries have declared that they possess cyber offense capabilities. And that number will certainly continue to grow.
In light of these potential threats, nations cannot afford to wait until there is an international crisis to start collaborating on cyber security. Such a cooperative spirit is central to Egypt’s cyber security strategy.
Interagency cooperation
The events in Estonia in 2007 were eye opening for us in Egypt. Estonia’s entire banking system was targeted by denial-of-service attacks emanating from abroad. We’ve also witnessed what happened to the nation of Georgia, which suffered a cyber attack in concert with a physical attack in 2008. Such well-publicized international incidents emphasize how vulnerable computer systems have become to external threats.
Protecting society from such attacks isn’t just a task for civilian agencies such as my own. It’s also become a vital matter for law enforcement and departments of defense. Government agencies should become better at sharing information with fellow agencies. Although many people would prefer there be no overlap, agency responsibilities do overlap whether we like it or not. Thus, measures should be taken to maximize cooperation and coordination, and to minimize friction and redundancy.
I’m not suggesting a complete merger of efforts, but our tendency to use separate approaches, ones in which agencies perform their duties without regard to what other agencies are doing, will no longer work.
Computer Emergency Response Team
Here in Egypt we’ve tried to solve that interagency problem through the creation of a Computer Emergency Response (Readiness) Team, or CERT, with about 20 professionals. The CERT is one of my main responsibilities as vice president for cyber security at Egypt’s National Telecom Regulatory Authority (NTRA). Most of our focus has been on adopting best practices to preserve and protect civilian usage of the Internet.
In 2009-2010, NTRA launched a national cyber-security training program that cost about $1.2 million to train 179 professionals in 38 organizations in key sectors, including the telecom sector, the financial sector, and the governmental sector. We offered 10 courses and five international cyber security certificates. We have begun by selling the idea of the training program to decision-makers in the government in the hope that we can expand to other public agencies and even into the private sector.
Training is necessary because of the particular threats we’ve uncovered in Egypt. Young people in Egypt are eager to engage, and sometimes that engagement is not positive. We try to highlight the risks accruing to people participating in illegal activities on the Internet. For example, there was the famous case of Operation Phish Phry in 2009, which uncovered a large phishing ring where the targets were banks in the United States. The hackers in question included dozens of Egyptians and Americans.
In this first joint U.S.-Egyptian cyber investigation, nearly 100 people were charged with crimes through Phish Phry. Cyber criminals “phish” using phony websites and emails to trick bank account holders into disclosing sensitive information such as passwords. The defendants in Operation Phish Phry were charged with such offenses as computer fraud, conspiracy to commit bank fraud, money laundering and aggravated identity theft.
In Egypt, we have tried to explore and further investigate the malware problem by implanting “honey pots” throughout networks to identify malicious activities and the spread of computer viruses. Egypt’s pilot project called “Honeynet” collects samples of malware for analysis. Once we’ve categorized the viruses, our operatives are in a better position to deal with these threats in a meaningful way.
A threat without borders
All of these measures transcend single nations. In fact, cooperation in cyberspace should be easier than cooperation in a lot of domains. The threats are far easier to handle with a cooperative spirit. A less tense atmosphere exists among computer experts than in other theaters, such as drug trafficking and trafficking in small arms. In cyberspace, we don’t have borders, and all the means for sharing experiences are easier. For example, we usually don’t need a court order to get generic information that can be pulled from public sites on the Internet.
Countries should realize we can cooperate in good faith and build capacity together. In many instances, it doesn’t require a lot of financial resources either. It can be done with limited budgets.
Egypt has sent representatives to cyber security summits all over the world, most recently to the ITU Arab Regional Cyber Security Summit in Oman in March 2015. Our CERT has agreements with those in the U.S., Uganda, Malaysia and other countries. Egypt has placed faith in such bilateral agreements.
We in the Egyptian Ministry of Communications and Information Technology are also finalizing a National Information and Communication Technology Strategy for 2014-2018. We intend to hold more conferences in Egypt to promote the partnerships we believe are critical to global cyber security.
One particularly sensitive subject is the issue of export control and the inability, in some instances, of Egypt to access the latest and greatest in information technology. For Egypt to combat cyber criminals effectively, the country needs the best in computer technology, and nations with high-tech assets could help that process by loosening export controls.
Conclusion
When it comes to cyber crimes and cyber attacks, defenders must respond swiftly and efficiently to limit losses. These are not normal criminal cases. When you seize a criminal armed with a gun, the crisis is over. But when you deal with bank records that have been compromised, criminals can continue to wreak havoc unless hundreds, or even thousands, of victims are alerted.
One of the best ways to thwart such crimes is through greater interagency cooperation within nations. But if our goal is to stop computer-based attacks that know no boundaries, we also need closer cooperation among countries. Egypt would like to be a leader in such cooperation.