We’ve been hacked – so will the data be weaponised to influence election 2019? Here’s what to look for


Michael Jensen, University of Canberra

Prime Minister Scott Morrison recently said both the Australian Parliament and its major political parties were hacked by a “sophisticated state actor.”

This raises concerns that a foreign adversary may be intending to weaponise, or strategically release documents, with an eye towards altering the 2019 election outcome.




Read more:
A state actor has targeted Australian political parties – but that shouldn’t surprise us


While the hacking of party and parliamentary systems is normally a covert activity, influence operations are necessarily noisy and public in order to reach citizens – even if efforts are made to obscure their origins.

If a state actor has designs to weaponise materials recently hacked, we will likely see them seek to inflame religious and ethnic differences, as well as embarrass the major parties in an effort to drive votes to minor parties.

If this comes to pass, there are four things Australians should look for.

1. Strategic interest for a foreign government to intervene

If the major parties have roughly the same policy position in relation to a foreign country, a foreign state would have little incentive to intervene, for example, in favour of Labor against the Coalition.

They may, however, attempt to amplify social divisions between the parties as a way of reducing the ability of Australians to work together after the election.

They may also try to drive down the already low levels of support for democracy and politicians in Australia to further undermine Australian democracy.

Finally, they may also try to drive the vote away from the major parties to minor parties which might be more favourable to their agenda.

This could be achieved by strategically releasing hacked materials which embarrass the major parties or their candidates, moving voters away from those parties and towards minor parties. These stories will likely be distributed first on social media platforms and later amplified by foreign and domestic broadcast media.

It is no secret that Russia and China seek a weakening of the Five Eyes security relationship between Australia, New Zealand, Canada, the United States, and the United Kingdom. If weakened, that would undermine the alliance structure which has helped prevent major wars for the last 70 years.

2. Disproportionate attention by foreign media to a local campaign

In the US, although Tulsi Gabbard’s polling numbers rank her near the bottom of declared and anticipated candidates for the Democratic nomination, she has received significant attention from Russia’s overt or “white” propaganda outlets, Sputnik and RT (formerly Russia Today).

The suspected reason for this attention is that some of her foreign policy positions on the Middle East are consistent with Russian interests in the region.

In Australia, we might find greater attention than normal directed at One Nation or Fraser Anning – as well as the strategic promotion of Green candidates in certain places to push political discussion further right and further left at the same time.

3. Promoted posts on Facebook and other social media platforms

Research into the 2016 US election found widespread violations of election law. The vast majority of promoted ads on Facebook during the election campaign were from groups which failed to file with the Federal Election Commission and some of this unregistered content came from Russia.

Ads placed by Russia’s Internet Research Agency, which is under indictment by the Mueller investigation, ended up disproportionately in the newsfeeds of Facebook users in Wisconsin and Pennsylvania – two of the three states that looked like a lock for Clinton until the very end of the campaign.

What makes Facebook and many other social media platforms particularly of concern is the ability to use data to target ads using geographic and interest categories. One can imagine that if a foreign government were armed with voting data hacked from the parties, this process would be all the more effective.




Read more:
New guidelines for responding to cyber attacks don’t go far enough


Seats in Australia which might be targeted include seats like Swan (considered a marginal seat with competition against the Liberals on both the left and the right) and the seats of conservative politicians on GetUp’s “hitlist” – such as Tony Abbott’s and Peter Dutton’s seats of Warringah and Dickson.

4. Focus on identity manipulation, rather than fake news

The term “fake news” suffers from conceptual ambiguities – it means different things to different people. “Fake news” has been used not just as a form of classification to describe material which “mimics news media content in form but not in organisational process or intent” but also used to describe satire and even as an epithet used to dismiss disagreeable claims of a factual nature.

Studies of propaganda show that information need not be factually false to effectively manipulate target audiences.

The best propaganda uses claims which are factually true, placing them into a different context which can be used to manipulate audiences or by amplifying negative aspects of a group, policy or politician, without placing that information in a wider context.

For example, to amplify concerns about immigrants, one might highlight the immigrant background of someone convicted of a crime, irrespective of the overall propensity for immigrants to commit crimes compared to native born Australians.

This creates what communication scholars call a “representative anecdote” through which people come to understand and think about a topic with which they are otherwise unfamiliar. While immigrants may or may not be more likely to commit crimes than other Australians, the reporting creates that association.

Among the ways foreign influence operations function is through the politicisation of identities. Previous research has found evidence of efforts to heighten ethnic and racial differences through Chinese language WeChat official accounts operating in Australia as well as through Russian trolling efforts which have targeted Australia. This is the same pattern followed by Russia during the 2016 US election.

Liberal democracies are designed to handle conflicts over interests through negotiation and compromise. Identities, however, are less amenable to compromise. These efforts may not be “fake news” but they are effective in undermining the capacity of a democratic nation to mobilise its people in pursuit of common goals.




Read more:
How digital media blur the border between Australia and China


The Russian playbook

No country is immune from the risk of foreign influence operations. While historically these operations might have involved the creation of false documents and on the ground operations in target countries, today materials can be sourced, faked, and disseminated from the relative security of the perpetrating country. They may include both authentic and faked documents – making it hard for a campaign to charge that certain documents are faked without affirming the validity of others.

Most importantly, in a digitally connected world, these operations can scale up quickly and reach substantially larger populations than previously possible.

While the Russian interference in the 2016 US election has received considerable attention, Russia is not the only perpetrator and the US is not the only target.

But the Russians created a playbook which other countries can readily draw upon and adapt. The question remains as to who that might be in an Australian context.The Conversation

Michael Jensen, Senior Research Fellow, Institute for Governance and Policy Analysis, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Advertisements

‘State actor’ makes cyber attack on Australian political parties



File 20190218 56204 18qp4dj.jpg?ixlib=rb 1.1
While the government has not identified the state actor, China is.
being blamed.
Shutterstock

Michelle Grattan, University of Canberra

“A sophisticated state actor” has hacked the networks of the major
political parties, Prime Minister Scott Morrison has told Parliament.

Recently the Parliament House network was disrupted, and the intrusion
into the parties’ networks was discovered when this was being dealt
with.

While the government has not identified the “state actor”, the Chinese
are being blamed.

Morrison gave the reassurance that “there is no evidence of any
electoral interference. We have put in place a number of measures to
ensure the integrity of our electoral system”.

In his statement to the House Morrison said: “The Australian Cyber
Security Centre recently identified a malicious intrusion into the
Australian Parliament House computer network.

“During the course of this work, we also became aware that the
networks of some political parties – Liberal, Labor and the Nationals
– have also been affected.

“Our security agencies have detected this activity and acted
decisively to confront it. They are securing these systems and
protecting users”.

The Centre would provide any party or electoral body with technical help to deal with hacking, Morrison said.

“They have already briefed the Electoral Commissions and those
responsible for cyber security for all states and territories. They
have also worked with global anti-virus companies to ensure
Australia’s friends and allies have the capacity to detect this
malicious activity,” he said.

“The methods used by malicious actors are constantly evolving and this
incident reinforces yet again the importance of cyber security as a
fundamental part of everyone’s business.

“Public confidence in the integrity of our democratic processes is an
essential element of Australian sovereignty and governance,” he said.

“Our political system and our democracy remains strong, vibrant and is
protected. We stand united in the protection of our values and our
sovereignty”.

Bill Shorten said party political structures were perhaps more vulnerable than government institutions – and progressive parties particularly so.

“We have seen overseas that it is progressive parties that are more likely to be targeted by ultra-right wing organisations.

“Political parties are small organisations with only a few full-time staff, they collect, store and use large amounts of information about voters and communities. These institutions can be a soft target and our national approach to cyber security needs to pay more attention to non-government organisations,” Shorten said.

Although the authorities are pointing to a “state actor”, national cyber security adviser Alastair MacGibbon told a news conference: “We don’t know who is behind this, nor their intent.

“We, of course, will continue to work with our friends and colleagues, both here and overseas, to work out who is behind it and hopefully their intent”.

Asked what the hackers had got their hands on MacGibbon said: “We don’t know”.The Conversation

Michelle Grattan, Professorial Fellow, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

New guidelines for responding to cyber attacks don’t go far enough



File 20181217 185255 1repzj6.jpg?ixlib=rb 1.1
If Australia’s electricity grid was targeted by cyber attack the fall out could be severe.
Shutterstock

Adam Henry, UNSW and Greg Austin, UNSW

Debates about cyber security in Australia over the past few weeks have largely centred around the passing of the government’s controversial Assistance and Access bill. But while government access to encrypted messages is an important subject, protecting Australia from threat could depend more on the task of developing a solid and robust cyber security response plan.

Australia released its first Cyber Incident Management Arrangements (CIMA) for state, territory and federal governments on December 12. It’s a commendable move towards a comprehensive national civil defence strategy for cyber space.

Coming at least a decade after the need was first foreshadowed by the government, this is just the initial step on a path that demands much more development. Beyond CIMA, the government needs to better explain to the public the unique threats posed by large scale cyber incidents and, on that basis, engage the private sector and a wider community of experts on addressing those unique threats.




Read more:
What skills does a cybersecurity professional need?


Australia is poorly prepared

The aim of the new cyber incident arrangements is to reduce the scope, impact and severity of a “national cyber incident”.

A national cyber incident is defined as being of potential national importance, but less severe than a “crisis” that would trigger the government’s Australian Government Crisis Management Framework (AGCMF).

Australia is currently ill-prepared to respond to a major cyber incident, such as the Wannacry or NotPetya attacks in 2017.

Wannacry severely disrupted the UK’s National Health Service, at a cost of A$160 million. NotPetya shut down the world’s largest shipping container company, Maersk, for several weeks, costing it A$500 million.

When costs for random cyber attacks are so high, it’s vital that all Australian governments have coordinated response plans to high-threat incidents. The CIMA sets out inter-jurisdictional coordination arrangements, roles and responsibilities, and principles for cooperation.

A higher-level cyber crisis that would trigger the AGCMF (a process that itself looks somewhat under-prepared) is one that:

… results in sustained disruption to essential services, severe economic damage, a threat to national security or loss of life.

More cyber experts and cyber incident exercises

At just seven pages in length, in glossy brochure format, the CIMA does not outline specific operational incident management protocols.

This will be up to state and territory governments to negotiate with the Commonwealth. That means the protocols developed may be subject to competing budget priorities, political appetite, divergent levels of cyber maturity, and, most importantly, staffing requirements.

Australia has a serious crisis in the availability of skilled cyber personnel in general. This is particularly the case in specialist areas required for the management of complex cyber incidents.

Government agencies struggle to compete with major corporations, such as the major banks, for the top-level recruits.

Australia needs people with expertise in cybersecurity.

The skills crisis is exacerbated by the lack of high quality education and training programs in Australia for this specialist task. Our universities, for the most part, do not teach – or even research – complex cyber incidents on a scale that could begin to service the national need.




Read more:
It’s time for governments to help their citizens deal with cybersecurity


The federal government must move quickly to strengthen and formalise arrangements for collaboration with key non-governmental partners – particularly the business sector, but also researchers and large non-profit entities.

Critical infrastructure providers, such as electricity companies, should be among the first businesses targeted for collaboration due to the scale of potential fallout if they came under attack.

To help achieve this, CIMA outlines plans to institutionalise, for the first time, regular cyber incident exercises that address nationwide needs.

Better long-term planning is needed

While these moves are a good start, there are three longer term tasks that need attention.

First, the government needs to construct a consistent, credible and durable public narrative around the purpose of its cyber incident policies, and associated exercise programs.

Former Cyber Security Minister Dan Tehan has spoken of a single cyber storm, former Prime Minister Malcolm Turnbull spoke of a perfect cyber storm (several storms together), and Cyber Coordinator Alastair McGibbon spoke of a cyber catastrophe as the only existential threat Australia faced.

But there is little articulation in the public domain of what these ideas actually mean.

The new cyber incident management arrangements are meant to operate below the level of national cyber crisis. But the country is in dire need of a civil defence strategy for cyber space that addresses both levels of attack. There is no significant mention of cyber threats in the website of the Australian Disaster Resilience Knowledge Hub.

This is a completely new form of civil defence, and it may need a new form of organisation to carry it forward. A new, dedicated arm of a existing agency, such as the State Emergency Services (SES), is another potential solution.

One of us (Greg Austin) proposed in 2016 the creation of a new “cyber civil corps”. This would be a disciplined service relying on part-time commitments from the people best trained to respond to national cyber emergencies. A cyber civil corps could also help to define training needs and contribute to national training packages.

The second task falls to private business, who face potentially crippling costs in random cyber attacks.

They will need to build their own body of expertise in cyber simulations and exercise. Contracting out such responsibilities to consulting companies, or one-off reports, would produce scattershot results. Any “lessons learnt” within firms about contingency management could fail to be consolidated and shared with the wider business community.




Read more:
The difference between cybersecurity and cybercrime, and why it matters


The third task of all stakeholders is to mobilise an expanding knowledge community led by researchers from academia, government and the private sector.

What exists at the moment is minimalist, and appears hostage to the preferences of a handful of senior officials in Australian Cyber Security Centre (ACSC) and the Department of Home Affairs who may not be in post within several years.

Cyber civil defence is the responsibility of the entire community. Australia needs a national standing committee for cyber security emergency management and resilience that is an equal partnership between government, business, and academic specialists.The Conversation

Adam Henry, Adjunct Lecturer, UNSW and Greg Austin, Professor UNSW Canberra Cyber, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The US election hack, fake news, data theft: the cyber security lessons from 2017



File 20171219 4995 17al34.jpg?ixlib=rb 1.1
Cyber attacks have the potential to cause economic disruption, coerce changes in political behaviour and subvert systems of governance.
from http://www.shutterstock.com, CC BY-ND

Joe Burton, University of Waikato

Cyber security played a prominent role in international affairs in 2017, with impacts on peace and security.

Increased international collaboration and new laws that capture the complexity of communications technology could be among solutions to cyber security issues in 2018.


Read more: Artificial intelligence cyber attacks are coming – but what does that mean?


The US election hack and the end of cyber scepticism

The big story of the past year has been the subversion of the US election process and the ongoing controversies surrounding the Trump administration. The investigations into the scandal are unresolved, but it is important to recognise that the US election hack has dispelled any lingering scepticism about the impact of cyber attacks on national and international security.

From the self-confessed “mistake” Secretary Clinton made in setting up a private email server, to the hacking of the Democratic National Committee’s servers and the leaking of Democratic campaign chair John Podesta’s emails to WikiLeaks, the 2016 presidential election was in many ways defined by cyber security issues.

Many analysts had been debating the likelihood of a “digital Pearl Harbour”, an attack producing devastating economic disruption or physical effects. But they missed the more subtle and covert political scope of cyber attacks to coerce changes in political behaviour and subvert systems of governance. Enhancing the security and integrity of democratic systems and electoral processes will surely be on the agenda in 2018 in the Asia Pacific and elsewhere.

Anti-social media

The growing impact of social media and the connection with cyber security has been another big story in 2017. Social media was meant to be a great liberator, to democratise, and to bring new transparency to politics and societies. In 2017, it has become a platform for fake news, misinformation and propaganda.

Social media sites clearly played a role in displacing authoritarian governments during the Arab Spring uprisings. Few expected they would be used by authoritarian governments in an incredibly effective way to sow and exploit divisions in democratic countries. The debate we need to have in 2018 is how we can deter the manipulation of social media, prevent the spread of fake news and encourage the likes of Facebook and Twitter to monitor and police their own networks.

If we don’t trust what we see on these sites, they won’t be commercially successful, and they won’t serve as platforms to enhance international peace and security. Social media sites must not become co-opted or corrupted. Facebook should not be allowed to become Fakebook.

Holding data to ransom

The spread of the Wannacry virus was the third big cyber security story of 2017. Wannacry locked down computers and demanded a ransom (in bitcoin) for the electronic key that would release the data. The virus spread in a truly global attack to an estimated 300,000 computers in 150 countries. It led to losses in the region of four billion dollars – a small fraction of the global cyber crime market, which is projected to grow to $6 trillion by 2021. In the Asia Pacific region, cyber crime is growing by 45% each year.


Read more: Cyberspace aggression adds to North Korea’s threat to global security


Wannacry was an important event because it pointed not only to the growth in cyber crime but also the dangers inherent in the development and proliferation of offensive cyber security capabilities. The exploit to windows XP systems that was used to spread the virus had been stockpiled by the US National Security Agency (NSA). It ended up being released on the internet and then used to generate revenue.

A fundamental challenge in 2018 is to constrain the use of offensive cyber capabilities and to reign in the growth of the cyber-crime market through enhanced cooperation. This will be no small task, but there have been some positive developments.

According to US network security firm FireEye, the recent US-China agreement on commercial cyber espionage has led to an estimated 90% reduction in data breaches in the US emanating from China. Cyber cooperation is possible and can lead to bilateral and global goods.

Death of cyber norms?

The final big development, or rather lack of development, has been at the UN. The Government Group of Experts (GGE) process, established in 2004 to strengthen the security of global information and telecommunications systems, failed to reach a consensus on its latest report on the status of international laws and norms in cyberspace. The main problem has been that there is no definite agreement on the applicability of existing international law to cyber security. This includes issues such as when states might be held responsible for cyber attacks emanating from their territory, or their right to the use of countermeasures in cyber self-defence.

Some analysts have proclaimed this to be “the end of cyber norms”. This betrays a pessimism about UN level governance of the internet that is deeply steeped in overly state-centric views of security and a reluctance to cede any sovereignty to international organisations.

It is true that norms won’t be built from the top down. But the UN does and should have an important role to play in cyber security as we move into 2018, not least because of its universality and global reach.

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia recently launched the Tallinn Manual 2.0, which examines the applicability of international law to cyber attacks that fall below the use of force and occur outside of armed conflict.

These commendable efforts could move forward hand in hand with efforts to build consensus on new laws that more accurately capture the complexity of new information and communications technology. In February 2017, Brad Smith, the head of Microsoft, proposed a digital Geneva Convention that would outlaw cyber attacks on civilian infrastructure.

The ConversationIn all this we must recognise that cyber security is not a binary process. It is not about “ones and zeros”, but rather about a complex spectrum of activity that needs multi-level, multi-stakeholder responses that include international organisations. This is a cyber reality that we should all bear in mind when we try to find solutions to cyber security issues in 2018.

Joe Burton, Senior Lecturer, Institute for Security and Crime Science, University of Waikato

This article was originally published on The Conversation. Read the original article.

Iran: Latest Persecution News


The link below is to an article that reports on the latest persecution news out of Iran, where persecution has now gone cyber.

For more visit:
http://www.christiantelegraph.com/issue17616.html