Of cyberattacks & cybersecurity
Huzaima Bukhari, Dr. Ikramul Haq & Abdul Rauf Shakoori
The evolving trends and technological advancements show that corporations are expanding their digital footprints at a rapid pace, and with billions of connected people and machines, the data and information works as an élan vital between different organs of organisations and their external stakeholders. However, on the flip side, this digitisation also means that entities are now exposed to new digital vulnerabilities, which enhances the significance of countering cyberattacks and ensuring cybersecurity and data privacy.
These cyberattacks may be driven by different motives, which can be ransom, fund embezzlements, data theft, damaging company goodwill, or even political battles between rival countries. When it comes to use of cyber-attacks with reference to political battles among rival countries, United States (US) and Russia are the prime examples. The New York Times in its report of May 28, 2021 highlighted accusations levelled against Russia, a few days prior to the visit of Russian President Vladimir V.?Putin, of?hijacking the email system of United States Agency for International Development (USAID). In the past, they also alleged that the Russian government for what they called meddling in the US elections by leaking emails hacked from the Democratic National Committee (DNC) and other entities, according to a report published by Wall Street Journal on January 8, 2019.
A report of July 19, 2021 by the New York Tomes said, “The?Biden?administration for the first time accused the Chinese government of breaching Microsoft email systems used by many of the world’s largest companies, governments and military contractors, as the United States rallied a broad group of allies to condemn Beijing for cyberattacks around the worldâ€. According to this report, the US announced that it would join a group of North Atlantic Treaty Organization (NATO) allies to condemn China for cyberattacks. It is further claimed that in the past such cyberattacks caused harm to the US. For the first time, NATO issued the statement: “We call on all states, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspaceâ€.?
According to BBC: “The China's Foreign Ministry spokesman said the US had its allies to make "unreasonable criticisms" against it. China strongly denied the allegations and called these as fabrication by US. However, despite the above accusation and denials, the US, Russia and all major nations agreed to a new understanding against cybercrimes. Similarly, the 75th session of UN General Assembly unanimously adopted a resolution titled “Countering the use of information and communications technologies for criminal purposes†on May 26, 2021 [U.N Resolution GA/12328].
?While the US is signing an agreement with major countries against cybercrimes, simultaneously, the ad hoc committee under U.N Resolution GA/12328 will start its work in January 2022 by convening six sessions of ten days each and will submit a draft convention on countering cybercrime to General Assembly at its seventy-eighth session in 2023. In the light of these developments, it will be a test for the US to use the option of sanction available under the Executive Order signed by the President Obama that allows the US to block the property of certain persons (individual and entities) involved in significant malicious cyber-enabled activities. ?
?As we, all know that Cyber risks are evolving from a boardroom issue to a national issue and any failures in combatting them can have severe global impact. It may be recalled that after global challenges in financial reporting we got Sarbanes-Oxley (SOX) as an antidote. Accordingly, against challenges like data theft, cybercrime, and manipulation of information, countries around the world are working on data privacy and security regulations, and cybersecurity is now viewed as an integral part of the strategy of the entire organisation. There is a growing need to implement and maintain a security management framework, aligning people and technology, to survive in today’s competitive market more securely.
?To address these challenges, companies need to conduct ongoing cyber risk assessments of their technological systems to ensure that outsiders are not creating risk exposure. ?Businesses need to adopt a customized approach to cyber security, which should be tailor-made as standard applications can pose higher risks. The same applies to the monitoring of cyberattacks. Historically, Cyber risk management has been a reactive activity, which is about focusing on risks and cyberattack events that have taken place. However, with the rising risk and availability of sophisticated tools to counter it has made this approach more proactive and forward-looking.
?Apart from global efforts to curtail cybercrimes, Pakistan has also passed cybercrimes laws that have been criticised within and outside the country. Experts call it an effort to curtail free speech. Similar legislation has been implemented by various developing countries. By looking at Pakistan’s profile, it has till now used the controversial cybercrime law against bloggers and social media activists. At times, law enforcement agencies (LEAs) have acted merely to please the incumbent government by taking actions against those having political aspirations.?Unfortunately, our agencies are least interested in detecting sophisticated threats and modern cyberattacks normally designed to circumvent traditional controls by learning detection rules. Similarly, the Government of Pakistan has shown no interest to regularise legal framework, checks and balances that can stop arbitrary use of cybercrimes laws.?
?The most important challenge that we are going to face is wanting use of electronic voting machines. It must be remembered that the purpose of designing traditional controls is generally to address external threats and may not adequately address insider threats—generated from people with legitimate access.
?Timely detection depends on an organization’s technological ability to track patterns and behavior that deviate from the normal trend. Given the fact that businesses are constantly changing, and human behavior is unpredictable, it is important to figure out what is meant by normal. By applying Artificial Intelligence (AI) and analytics to internal and external data, we can generate predictive, valuable insights that help in making better decisions and protecting the organization from threats. This requires chipping cybersecurity experts (internal or third party) into the arena. It can help organisations gain the much needed insights. Third parties that specialise in threat intelligence monitor a wide range of sources. A successful cybersecurity at the national level requires the following:
- An independent national cybersecurity agency
- Making comprehensive laws about cybercrimes
- ?Threat Hunting & Information sharing mechanism
- Continuous management and monitoring
The state must make laws that should define minimum security standards, mandatory breach reporting, training initiatives to strengthen cybersecurity, and should establish policies and regulations for identifying and prioritizing critical cyberspaces and safeguard them from any potential threats. To achieve better outcomes, laws, and regulations should be reflective of the threats, vulnerabilities, and potential consequences faced by the country and at the same time, it should also protect fundamental principles like privacy and civil liberties, encourage innovation and progress.
?These regulations will identify responsibility for coordinating cybersecurity efforts and a special autonomous body should be designated to lead the nation’s development, coordination, alignment, and integration of cybersecurity policies, strategies, and plans for this activity. Experts within the designated agency should have in-depth knowledge of information and operational security processes. This unit should be responsible for overseeing compliance with cybersecurity regulations including but not limited to developing guidance and interacting with other regulators who can enforce compliance, establishing a reporting framework, etc. For information sharing and coordination, a separate unit may operate under this agency which should coordinate regulatory and non-regulatory communications, including publications, and statements to all stakeholders on behalf of the national agency. The unit should serve as a point of contact for enforcement organizations around the world pursuing legal recourse against cybercrimes.
?The Governments must continually invest in the expertise, systems, and governing frameworks required to keep pace with these evolving threats as for each new technology or step to enhance our cybersecurity, another is in the process to circumvent it. To succeed in handling this challenge, it is paramount that governments, private corporations work in cohesion to create apposite environment.
originally published by @TheNewsonSunday at:
https://thenews.com.pk/tns/detail/878248-of-cyber-attacks-and-cyber-security
_________________________________________________________
Ms. Huzaima Bukhari, MA, LLB, Advocate High Court, Visiting Faculty at Lahore University of Management Sciences (LUMS), member Advisory Board and Visiting Senior Fellow of Pakistan Institute of Development Economics (PIDE), is author of numerous books and articles on Pakistani tax laws. She is editor of Taxation and partner of Huzaima & Ikram and Huzaima Ikram & Ijaz, leading law firms of Pakistan. From 1984 to 2003, she was associated with Civil Services of Pakistan. Since 1989, she has been teaching tax laws at various institutions including government-run training institutes in Lahore. She specialises in the areas of international tax laws, ML/CFT related laws, corporate and commercial laws. She is review editor for many publications of Amsterdam-based International Bureau of Fiscal Documentation (IBFD) and contributes regularly to their journals.
?She has coauthored with Dr. Ikramul Haq many books that include ?Tax Reforms in Pakistan: Historic & Critical Review, Towards Flat, Low-rate, Broad and Predictable Taxes (revised/enlarged edition of December 2020), Pakistan: Enigma of Taxation, Towards Flat, Low-rate, Broad and Predictable Taxes, Law & Practice of Income Tax, Law , Practice of Sales Tax, Law and Practice of Corporate Law, Law & Practice of Federal Excise, Law & Practice of Sales Tax on Services, Federal Tax Laws of Pakistan, Provincial Tax Laws, Practical Handbook of Income Tax, Tax Laws of Pakistan, Principles of Income Tax with Glossary and Master Tax Guide, Income Tax Digest 1886-2011 (with judicial analysis).
?The recent publication, coauthored with Abdul Rauf Shakoori and Dr. Ikramul Haq, is Pakistan Tackling FATF: Challenges & Solutions
available at:?https://www.amazon.com/dp/B08RXH8W46
?She regularly writes columns/articles/papers for Pakistani newspapers and international journals. She has contributed over 1500 articles and research papers on issues of public finance, taxation, economy and on various social issues in various journals, magazines and newspapers at home and abroad.
?Twitter:?@Huzaimabukhari
__________________________________________________________________________
Dr. Ikramul Haq, Advocate Supreme Court, specialises in constitutional, corporate, media, ML/CFT related laws, IT, intellectual property, arbitration and international tax laws. He established Huzaima & Ikram in 1996 and is presently its chief partner as well as partner in Huzaima Ikram & Ijaz. He studied journalism, English literature and law. He is Chief Editor of Taxation.?He is country editor and correspondent of International Bureau of Fiscal Documentation (IBFD) and member of International Fiscal Association (IFA). He is Visiting Faculty at Lahore University of Management Sciences (LUMS) and member Advisory Board and Visiting Senior Fellow of Pakistan Institute of Development Economics (PIDE).
?He has coauthored with Huzaima Bukhari many books that include Tax Reforms in Pakistan: Historic & Critical Review, Towards Flat, Low-rate, Broad and Predictable Taxes (revised & Expanded Edition, ?Pakistan: Enigma of Taxation, Towards Flat, Low-rate, Broad and Predictable Taxes (revised/enlarged edition of December 2020), Law & Practice of Income Tax, Law , Practice of Sales Tax, Law and Practice of Corporate Law, Law & Practice of Federal Excise, Law & Practice of Sales Tax on Services, Federal Tax Laws of Pakistan, Provincial Tax Laws, Practical Handbook of Income Tax, Tax Laws of Pakistan, Principles of Income Tax with Glossary and Master Tax Guide, Income Tax Digest 1886-2011 (with judicial analysis).
?The recent publication, coauthored with Abdul Rauf Shakoori and Huzaima Bukhari is Pakistan Tackling FATF: Challenges & Solutions
available at:?https://www.amazon.com/dp/B08RXH8W46
?He is author of Commentary on Avoidance of Double Taxation Agreements signed by Pakistan, Pakistan: From Hash to Heroin, its sequel Pakistan: Drug-trap to Debt-trap and Practical Handbook of Income Tax.
?He regularly writes columns/article/papers for many Pakistani newspapers and international journals and has contributed over 3000 articles on a variety of issues of public interest, printed in various journals, magazines and newspapers at home and abroad.
?Twitter: DrIkramulHaq
_______________________________________________________________
Abdul Rauf Shakoori, Advocate High Court, is a subject-matter expert on AML-CFT, Compliance, Cyber Crime and Risk Management. He has been providing AML-CFT advisory and training services to financial institutions (banks, DNFBPs, Investment companies, Money Service Businesses, insurance companies and securities), government institutions including law enforcement agencies located in North America (USA & CANADA), Middle East and Pakistan. His areas of expertise include legal, strategic planning, cross border transactions including but not limited to joint ventures (JVs), mergers & acquisitions (M&A), takeovers, privatizations, overseas expansions, USA Patriot Act, Banking Secrecy Act, Office of Foreign Assets Control (OFAC).
?Over his career he has demonstrated excellent leadership, communication, analytical, and problem-solving skills and have also developed and delivered training courses in the areas of AML/CFT, Compliance, Fraud & Financial Crime Risk Management, Bank Secrecy, Cyber Crimes & Internet Threats against Banks, E–Channels Fraud Prevention, Security and Investigation of Financial Crimes. The courses have been delivered as practical workshops with case study driven scenarios and exams to insure knowledge transfer.
?His notable publications are; Rauf’s Compilation of Corporate Laws of Pakistan, Rauf’s Company Law and Practice of Pakistan, Rauf’s Research on Labour Laws and Income Tax and others.
?His articles include: Revenue collection: Contemporary targets vs. orthodox approach, It is time to say goodbye to our past, US double standards. Was Due Process Flouted While Convicting Nawaz Sharif?, FATF and unjustly grey listed Pakistan, Corruption is no excuse for Incompetence, Next step for Pakistan, Pakistan’s compliance with FATF mandates, a work in progress, Pakistan’s strategy to address FATF Mandates was Inadequate, Pakistan’s Evolving FATF Compliance, Transparency Curtails Corruption, Pakistan’s Long Road towards FATF Compliance, Pakistan’s Archaic Approach to Addressing FATF Mandates, FATF: Challenges for June deadline, Pakistan: Combating the illicit flow of money, Regulating Crypto: An uphill task for Pakistan. Pakistan’s economy – Chicanery of numbers. Pakistan: Reclaiming its space on FATF whitelist. Sacred Games: Kulbhushan Jadhav Case. National FATF secretariat and Financial Monitoring Unit. The FATF challenge. Pakistan: Crucial FATF hearing. Pakistan: Dissecting FATF Failure, Environmental crimes: An emerging challenge, Countering corrupt practices .
?The recent book, coauthored with Huzaima Bukhari & Dr. Ikramul Haq is Pakistan Tackling FATF: Challenges & Solutions
available at:?https://www.amazon.com/dp/B08RXH8W46
?Twitter: Adbul Rauf Shakoori
?