The key tenets of a regional cyber security framework

At the recent Fortinet Partner Conference 2016 in Chengdu, China, representatives from Cyber Security Malaysia (CSM), Korea Internet and Security Agency (KISA), Philippine National Police Anti-Cybercrime Group (PNP ACG), Frost & Sullivan and the host vendor shared ideas and possibilities for an Asia Pacific Security Framework.

Inspired by the tenets of the US National Institute of Standards and Technology cyber security framework, the panelists discussed incident response, culture and education, risk and resiliency, collaboration and enforcement.

Incident response

KISA, for example, has established systems and policies for incident response to mitigate distributed denial of service (DDoS) and malware attacks; and a threat intelligence-sharing program in collaboration with industry players such as Fortinet.

In the region, KISA offers complimentary incident response training to security professionals from some 20 member countries of the Asia Pacific Computer Emergency Response Team (CERT). Globally, it is forging partnerships for sharing information and collective response on cyber security issues under its Cyber Alliance of Mutual Progress (CAMP) platform.


In the Philippines, the PNP ACG was established to implement and enforce laws on cybercrimes and pursue an effective anti-cybercrime campaign in line with the PNP Patrol Plan 2030. By 2025, the PNP ACG aims to be a highly responsive and dynamic unit in enforcing laws such as the Cybercrime Prevention Act 2012 and the Data Privacy Act of 2012.

The PNP ACG’s three key capabilities include cyber response, digital forensics and cyber security. In its investigations, it seizes any electronic evidence of a cybercrime for digital forensic examinations. It also shares information obtained from vulnerability assessments and penetration testing.

Culture and Education

Meanwhile, the Cyber Security Malaysia specialist agency provides technical assistance and training services in support of the country’s cyber crisis management. Its core services include: cyber security emergency services; security quality management services; info-security professional development and outreach; and cyber security strategic engagement and research.

Apart from sharing information on cyber threat and malware attack trends, CSM plans, conducts and implements education and awareness programs to “promote a culture of positive use of ICT among society”. To build a culture of security and capacity building – one of the thrusts of Malaysia’s National Cyber Security Policy – CSM has partnered with international bodies to, for instance, develop more cyber security professionals. 

Risk and resiliency

Due to the severe cyber liabilities that an organization incurs in the event of a breach, CEOs must recognize their accountability, become more security conscious and have visibility over the security posture of their organizations.

To this end, Frost & Sullivan recommends operationalizing cyber protection for defending against known threats; cyber intelligence for uncovering unknown threats; and cyber resilience for organizational readiness and responsiveness.

This entails assessments of systemic vulnerabilities, cyber drills and simulation exercises; detecting breaches, preventing attacks, and being ready for the next attack; reducing time and knowing how to respond to an attack; and enhancing cyber security awareness and forging a constant feedback loop across the organization.


Representatives from the respective national cyber security agencies agree that, beyond just sharing information, there’s a need to collaborate on a higher scale.

The ‘bad guys’ have been collaborating in the Dark Web long enough to keep way ahead of the ‘good guys’, who tend to keep information and intelligence about cyber threats highly confidential.

To help organizations achieve the cyber security framework objectives above, the Fortinet Security Fabric enables collaborative intelligence. It allows local and global threat intelligence to be shared between security devices, centrally orchestrates and coordinates responses between devices, and dynamically adapts to new threats by leveraging actionable threat intelligence.

The Security Fabric integrates and orchestrates technologies for the endpoint, access layer, network, applications, data center, content, and cloud through a single management interface, behaving as a single collaborative entity from a policy and logging perspective. Live data, logs, and events are dynamically converted into policy.