In February of this year, the central bank of Bangladesh lost $81 million due to a cybersecurity attack. Skilled cybercriminals issued 35 instructions using the SWIFT messaging system used by banks that amounted to $951 million in transfers to casinos in the Philippines, Sri Lanka and other countries. Fortunately, most of the transfers were blocked before they could be made. However, Bangladesh, a lower middle income country with a poverty headcount of 31.5% and a per capita GNI of $1080, suffered a loss of $81 million that will likely need to be covered from its central bank reserves. The funds were transferred to casinos and casino agents in the Philippines and remain missing.
Such a cyberattack is not an isolated case. In May of this year, Tien Phong Bank in Vietnam announced that it had managed to thwart an attack on its banking system in the fourth quarter of 2015 that used a similar technique. In fact, cyber threats against government systems worldwide are growing in number. Sophisticated attacks have targeted critical infrastructure systems such as electricity grids and central government databases. In the Ukraine in December 2015, hackers struck three electric distribution centers, leaving 230,000 people in the dark and cold, and flooded call centers with bogus calls that hampered detection and recovery efforts. Going forward, it could be possible to hack smart car computer systems, putting the lives of drivers and their passengers at risk.
Developing countries are increasingly targeted and they are often ill equipped to deal with such threats.
Because groups of organized cyber attackers can use the same techniques against multiple countries and an attack on one government can be repeated in another country, it is important for governments to share best practice in tackling those attacks.
In an effort to encourage knowledge sharing with client governments in Cyber Security, the World Bank organized with the Ministry of Economy of Israel and the Israel National Cyber Bureau a capacity building workshop in Tel Aviv in May 2016. Client countries were invited to nominate persons in charge of Cyber Security policy and implementation and the training hosted delegations from Argentina, Mexico, Colombia, India, Zambia, Kenya, Côte d’Ivoire and Montenegro.
“We offer our assistance to countries in building cybersecurity and structuring their projects. We should collaborate between states: no one will be able to do it alone. The more countries are enabled, the safer humanity is in this new space,” said Dr. Eviatar Matania, Head of the Israel National Cyber Bureau.
The objective of the workshop was to share expertise from a best practice country – Israel -- with clients, focusing on Cyber Security policies, strategies, technologies and project implementation. Over the last thirty years, Israeli policy has incentivized and enabled innovation in IT; today Israel is leading in startups and venture capital financing per capita and has over 300 multinational corporations’ R&D centers resident in the country, 25 of which are active specifically in Cyber Security. According to the Israel National Cyber Bureau, about 250 Israeli Cyber Security companies reached annual revenues of US$ 3.5 - 4 billion or 5% of the global market, raised more than 10% of global investments and invested US$300 to 400M invested in R&D.
Client participants learned about the setting up of a national cyber agency, budgeting for it, the identification of critical infrastructures and risk tolerance levels, Cybercrime law enforcement and the protection of critical infrastructure. The delegation met with the Israeli National Cyber Bureau, the Computer Emergency Response Team, academia, officials securing the electricity grid, incubators, startups as well as established companies to learn about recent technologies.
“To start with, you must identity the kinds of threats you are facing,” said Dr. Tal Steinherz, Chief Technology Officer, Israel National Cyber Bureau, in his introduction. He elaborated that common threats include: ransom and extortion where cybercriminals disable access to computer systems and extort payment for releasing them; hacktivists who break into computer systems for politically or socially motivated purposes; cyberterrorists who attack computer systems to harm civilian targets for political purposes.
Participants took away several key points:
- The importance of capacity building in cybersecurity. The delegation visited a CyberGym that functions like a training ground, imitating different computing environments and allowing cybersecurity professionals to be trained in responding to attacks in practical ways. Most participants noted that in their countries, capacity building needs to be strengthened, including for non-technical government officials such as parliamentarians and ministers.
- The need for an intense collaboration built on trust between government, private sector and academia, to ensure cross-pollination between policies and incentive structures, product development and research and development. Participants visited a cyber-park in Beer Sheva in the south of Israel where representatives from these three groups are co-located and advance together on cybersecurity issues.
- The importance of mainstreaming cyber security in the education system. In Israel, this starts in high school as part of formal education in cyber security, computer programming, and Internet ethics. In academia, five Cyber Security research centers with about 100 researchers and 200 graduate students wield research grants from the government of US$75-100 million.
“We cannot solve cybersecurity in isolation. The whole universe is one family. If something happens in one country, it is not just their problem. We have to build a coalition,” said J.A. Chowdary, IT Advisor to the Chief Minister of Andhra Pradesh, India.
“This workshop was particularly timely for us, as we are currently implementing our National Cybersecurity Masterplan. We are clearly all facing similar threats and are grateful to the government of Israel for sharing its experience with us,” said Evans Kahuthu, Project Manager, Kenya ICT Authority.
Creating a secure and trusted ICT environment is crucial to achieving the World Bank Group twin goals. To this end, we offer policy advice, technical support and investment lending in the area of cybersecurity. This includes integrated solutions to address cybersecurity gaps in country clients, and a global network of experts.