Cyber-attacks, critical infrastructure impact and response in Asia

Bill Nelson is the Chair of Global Resilience Federation (GRF). GRF is a non-profit association dedicated to helping ensure the resilience and continuity of critical and essential infrastructure and organizations against threats, incidents and vulnerabilities.

Previously, Nelson was the President and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC). In his 12 years, Nelson led FS-ISAC in its response to major cyber and physical threats and vulnerabilities that affected the financial services industry, including partnering with Microsoft to take down four major botnet infrastructures. He was also responsible for creating the Sector Services Division of FS-ISAC, which was established to assist other sectors and became the genesis for launching Global Resilience Federation.

Nelson was named the fifth most influential person in the field of financial-information security by the publication Bank Info Security and he also received the prestigious RSA Award for Excellence in Information Security.

Before joining FS-ISAC, Nelson was the Executive Vice President of NACHA, the electronic payments association, where he oversaw the development of the ACH Network into one of the largest electronic payment systems in the world, processing nearly 14 billion payments by the time he transitioned to FS-ISAC.

In this podcast, Bill introduces the audience to ISACs (Information Sharing and Analysis Centre), and the formation of OT-ISAC (“Operational Technology ISAC”), which was established under Pillar 2 of Singapore’s OT Cybersecurity Masterplan launched at Singapore International Cyber Week 2019.

He stresses how is trust is important in supporting effective information sharing, and how initiatives, such as the Traffic Light protocol is critical to facilitating sharing with the appropriate audience.

Bill also highlights the prevalence of wiper malware in the Russian-Ukrainian conflict in cyber space and the impacts in Asia. With the rising threat landscape, Bill advises organisations to adopt a “defence-in-depth” approach to withstand and recover from cybersecurity incidents.

To minimize service disruptions in the face of destructive attacks and events, he also points to the need for building resiliency. Referencing GRF’s “Operational Resilience Framework”, he explains how the multi-sector working group is developing rules and implementation aids that support the organisation’s recovery of immutable data.

Recorded on-site at OT-ISAC Summit 2022 held at the VOCO Hotel, Orchard Road, Singapore on 7th September 2022 4.30pm.