Morrison’s $1.3 billion for more ‘cyber spies’ is an incremental response to a radical problem



Mick Tsikas/AAP

Greg Austin, UNSW

The federal government has announced it will spend more than a billion dollars over the next ten years to boost Australia’s cyber defences.

This comes barely a week after Prime Minister Scott Morrison warned the country was in the grip of a “sophisticated” cyber attack by a “state-based” actor, widely reported to be China.




Read more:
Morrison announces repurposing of defence money to fight increasing cyber threats


The announcement can be seen as a mix of the right stuff and political window dressing – deflecting attention away from Australia’s underlying weaknesses when it comes to cyber security.

What is the funding for?

Morrison’s cyber announcement includes a package of measures totalling $1.35 billion over ten years.

This includes funding to disrupt offshore cyber crime, intelligence sharing between government and industry, new research labs and more than 500 “cyber spy” jobs.

As Morrison explained

This … will mean that we can identify more cyber threats, disrupt more foreign cyber criminals, build more partnerships with industry and government and protect more Australians.

They key aim is to help the country’s cyber intelligence agency, the Australian Signals Directorate (ASD), to know as soon as possible who is attacking Australia, with what, and how the attack can best be stopped.

Australia’s cyber deficiencies

Australia certainly needs to do more to defend itself against cyber attacks.

Intelligence specialists like top public servant Nick Warner have been advocating for more attention for cyber threats for years.

Concerns about Australia’s cyber defences have been raised for years.
http://www.shutterstock.com

The government is also acknowledging publicly that the threats are increasing.

Earlier this month, Morrison held an unusual press conference to announce that Australia was under cyber attack.

While he did not specify who by, government statements made plain it was the same malicious actor (a foreign government) using the same tools as an attack reported in May this year.

Related attacks on Australia using similar malware were also identified in May 2019.

This type of threat is called an “advanced persistent threat” because it is hard to get it out of a system, even if you know it is there.




Read more:
Australia is under sustained cyber attack, warns the government. What’s going on, and what should businesses do?


All countries face enormous difficulties in cyber defence, and Australia is arguably among the top states in cyber security world-wide. Yet after a decade of incremental reforms, the government has been unable to organise all of its own departments to implement more than basic mitigation strategies.

New jobs in cyber security

The biggest slice of the $1.35 billion is a “$470 million investment to expand our cyber security workforce”.

This is by any measure an essential underpinning and is to be applauded.

The Morrison government wants to recruit more than 500 new ASD employees.
http://www.shutterstock.com

But it is not yet clear how “new” these new jobs are.

The 2016 Defence White Paper announced a ten year workforce expansion of 1,700 jobs in intelligence and cyber security. This included a 900-person joint cyber unit in the Australian Defence Force, announced in 2017.

The newly mooted expansion for ASD will also need to be undertaken gradually. It will be impossible to find hundreds of additional staff with the right skills straight away.

The skills needed cut across many sub-disciplines of cyber operations, and must be fine-tuned across various roles. ASD has identified four career streams (analysis, systems architecture, operations and testing) but these do not reflect the diversity of talents needed.

It’s clear Australian universities do not currently train people at the advanced levels needed by ASD, so advanced on-the-job training is essential.

Political window dressing

The government is promoting its announcement as the “nation’s largest ever investment in cyber security”. But the seemingly generous $1.35 billion cyber initiative does not involve new money.

The package is also a pre-announcement of part of the government’s upcoming 2020 Cyber Security Strategy, expected within weeks.

This will update the 2016 strategy released under former prime minister Malcolm Turnbull and cyber elements of the 2016 Defence White Paper.




Read more:
Australia is facing a looming cyber emergency, and we don’t have the high-tech workforce to counter it


The new cyber strategy has been the subject of country-wide consultations through 2019, but few observers expect significant new funding injections.

The main exceptions which may receive a funding boost compared with 2016 are likely to be in education funding (as opposed to research), and community awareness.

With the release of the new cyber strategy understood to be imminent, it is unclear why the government chose this particular week to make the pre-announcement. It obviously will have kept some big news for the strategy release when it happens.

The federal government is expected to release a new cyber security strategy within weeks.
http://www.shutterstock.com

The government’s claim that an additional $135 million per year is the “largest ever investment in cyber security” is true in a sense. But this is the case in many areas of government expenditure.

The government has obviously cut pre-planned expenses in some unrevealed areas of Defence.

Meanwhile, the issues this funding is supposed to address are so complex, that $1.35 billion over ten years can best be seen as an incremental response to a radical threat.

Australia needs to do much more

According to authoritative sources, including the federal government-funded AustCyber in 2019, there are a number of underlying deficiencies in Australia’s industrial and economic response to cyber security.

These can only be improved if federal government departments adopt stricter approaches, if state governments follow suit, and if the private sector makes appropriate adjustments.

Above all, the leading players need to shift their planning to better accommodate the organisational and management aspects of cyber security delivery.




Read more:
Australia is vulnerable to a catastrophic cyber attack, but the Coalition has a poor cyber security track record


Yes, we need to up our technical game, but our social response is also essential.

CEOs and departmental secretaries should be legally obliged to attest every year that they have sound cyber security practices and their entire organisations are properly trained.

Without better corporate management, Australia’s cyber defences will remain fragmented and inadequate.The Conversation

Greg Austin, Professor UNSW Canberra Cyber, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Cyber threats at home: how to keep kids safe while they’re learning online



Shutterstock

Paul Haskell-Dowland, Edith Cowan University and Ismini Vasileiou, De Montfort University

Before COVID-19, children would spend a lot of the day at school. There they would be taught about internet safety and be protected when going online by systems that filter or restrict access to online content.

Schools provide protective environments to restrict access to content such as pornography and gambling. They also protect children from various threats such as viruses and unmoderated social media.

This is usually done using filters and blacklists (lists of websites or other resources that aren’t allowed) applied to school devices or through the school internet connection.

But with many children learning from home, parents may not be aware of the need for the same safeguards.

Many parents are also working from home, which may limit the time to explore and set up a secure online environment for their children.

So, what threats are children exposed to and what can parents do to keep them safe?

What threats might children face?

With an increased use of web-based tools, downloading new applications and a dependence on email, children could be exposed to a new batch of malware threats in the absence of school-based controls.

This can include viruses and ransomware – for example, CovidLock (an application offering coronavirus related information) that targets the Android operating system and changes the PIN code for the lock-screen. If infected, the user can lose complete access to their device.

Children working at home are not usually protected by the filters provided by their school.

Seemingly innocent teaching activities like the use of YouTube can expose children to unexpected risks given the breadth of inappropriate adult content available.

Most videos end with links to a number of related resources, the selection of which is not controlled by the school. Even using YouTube Kids, a subset of curated YouTube content filtered for appropriateness, has some risks. There have been reports of content featuring violence, suicidal themes and sexual references.




Read more:
Can you keep your kids safe watching YouTube?


Many schools are using video conferencing tools to maintain social interaction with students. There have been reports of cases of class-hijacking, including Zoom-bombing where uninvited guests enter the video-conference session.

The FBI Boston field office has documented inappropriate comments and imagery introduced into an online class. A similar case in Connecticut resulted in a teenager being arrested after further Zoom-bombing incidents.




Read more:
‘Zoombombers’ want to troll your online meetings. Here’s how to stop them


Because video conferencing is becoming normalised, malicious actors (including paedophiles) may seek to exploit this level of familiarity. They can persuade children to engage in actions that can escalate to inappropriate sexual behaviours.

The eSafety Office has reported a significant increase in a range of incidents of online harm since early March.

In a particularly sickening example, eSafety Office investigators said:

In one forum, paedophiles noted that isolation measures have increased opportunities to contact children remotely and engage in their “passion” for sexual abuse via platforms such as YouTube, Instagram and random webchat services.

Some families may be using older or borrowed devices if there aren’t enough for their children to use. These devices may not offer the same level of protection against common internet threats (such as viruses) as they may no longer be supported by the vendor (such as Microsoft or Apple) and be missing vital updates.

They may also be unable to run the latest protective software (such as antivirus) due to incompatibilities or simply being under-powered.

Error message when attempting to install a new application on an older device.
Author provided

What can parents do to protect children?

It’s worth speaking with the school to determine what safeguards may still function while away from the school site.

Some solutions operate at device-level rather than based on their location, so it is possible the standard protections will still be applicable at home.

Some devices support filters and controls natively. For example, many Apple devices offer ScreenTime controls to limit access to apps and websites and apply time limits to device use (recent Android devices might have the Digital Wellbeing feature with similar capabilities).

Traditional mechanisms like firewalls and anti-virus tools are still essential on laptops and desktop systems. It is important these are not just installed and forgotten. Just like the operating systems, they need to be regularly updated.

There is a wealth of advice available to support children using technology at home.

The Australian eSafety Commissioner’s website, for instance, provides access to:

But if you’re feeling overwhelmed by these materials, some key messages include:

  • ensuring (where appropriate) the device is regularly updated. This can include updating the operating system such as Windows, Android or Mac

  • using appropriate antivirus software (and ensuring it is also kept up to date)

  • applying parental controls to limit screen time, specific app use (blocking or limiting use), or specific website blocks (such as blocking access to YouTube)

  • on some devices, parental controls can limit use of the camera and microphone to prevent external communication

  • applying age restrictions to media content and websites (the Communications Alliance has a list of accredited family friendly filters)

  • monitoring your child’s use of apps or web browsing activities

  • when installing apps for children, checking online and talking to other parents about them

  • configuring web browsers to use “safe search”

  • ensuring children use devices in sight of parents

  • talking to your children about online behaviours.




Read more:
Children can be exposed to sexual predators online, so how can parents teach them to be safe?


While technology can play a part, ensuring children work in an environment where there is (at least periodic) oversight by parents is still an important factor.The Conversation

Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University and Ismini Vasileiou, Associate Professor in Information Systems, De Montfort University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

‘Click for urgent coronavirus update’: how working from home may be exposing us to cybercrime


Craig Valli, Edith Cowan University

Apart from the obvious health and economic impacts, the coronavirus also presents a major opportunity for cybercriminals.

As staff across sectors and university students shift to working and studying from home, large organisations are at increased risk of being targeted. With defences down, companies should go the extra mile to protect their business networks and employees at such a precarious time.

Reports suggest hackers are already exploiting remote workers, luring them into online scams masquerading as important information related to the pandemic.

On Friday, the Australian Competition and Consumer Commission’s Scamwatch reported that since January 1 it had received 94 reports of coronavirus-related scams, and this figure could rise.

As COVID-19 causes a spike in telework, teleheath and online education, cybercriminals have fewer hurdles to jump in gaining access to networks.

High-speed access theft

The National Broadband Network’s infrastructure has afforded many Australians access to higher-speed internet, compared with DSL connections. Unfortunately this also gives cybercriminals high-speed access to Australian homes, letting them rapidly extract personal and financial details from victims.

The shift to working from home means many people are using home computers, instead of more secure corporate-supplied devices. This provides criminals relatively easy access to corporate documents, trade secrets and financial information.




Read more:
What’s your IT department’s role in preventing a data breach?


Instead of attacking a corporation’s network, which would likely be secured with advanced cybersecurity countermeasures and tracking, they now simply have to locate and attack the employee’s home network. This means less chance of discovery.

Beware cryptolocker attacks

Cryptolocker-based attacks are an advanced cyberattack that can bypass many traditional countermeasures, including antivirus software. This is because they’re designed and built by advanced cybercriminals.

Most infections from a cryptolocker virus happen when people open unknown attachments, sent in malicious emails.

In some cases, the attack can be traced to nation state actors. One example is the infamous WannaCry cyberattack, which deployed malware (software designed to cause harm) that encrypted computers in more than 150 countries. The hackers, supposedly from North Korea, demanded cryptocurrency in exchange for unlocking them.

If an employee working from home accidentally activates cryptolocker malware while browsing the internet or reading an email, this could first take out the home network, then spread to the corporate network, and to other attached home networks.

This can happen if their device is connected to the workplace network via a Virtual Private Network (VPN). This makes the home device an extension of the corporate network, and the virus can bypass any advanced barriers the corporate network may have.




Read more:
Hackers are now targeting councils and governments, threatening to leak citizen data


If devices are attached to a network that has been infected and not completely cleaned, the contaminant can rapidly spread again and again. In fact, a single device that isn’t cleaned properly can cause millions of dollars in damage. This happened during the 2016 Petya and NotPetya malware attack.

Encryption: not a cryptic concept

On the bright side, there are some steps organisations and employees can take to protect their digital assets from opportunistic criminal activity.

Encryption is a key weapon in this fight. This security method protects files and network communications by methodically “scrambling” the contents using an algorithm. The receiving party is given a key to unscramble, or “decrypt”, the information.

With remote work booming, encryption should be enabled for files on hard drives and USB sticks that contain sensitive information.

Enabling encryption on a Windows or Apple device is also simple. And don’t forget to backup your encryption keys when prompted onto a USB drive, and store them in a safe place such as a locked cabinet, or off site.

VPNs help close the loop

A VPN should be used at all times when connected to WiFi, even at home. This tool helps mask your online activity and location, by routing outgoing and incoming data through a secure “virtual tunnel” between your computer and the VPN server.

Existing WiFi access protocols (WEP, WPA, WPA2) are insecure when being used to transmit sensitive data. Without a VPN, cybercriminals can more easily intercept and retrieve data.

VPN is already functional in Windows and Apple devices. Most reputable antivirus internet protection suites incorporate them.

It’s also important that businesses and organisations encourage remote employees to use the best malware and antiviral protections on their home systems, even if this comes at the organisation’s expense.

Backup, backup, backup

People often backup their files on a home computer, personal phone or tablet. There is significant risk in doing this with corporate documents and sensitive digital files.

When working from home, sensitive material can be stored in a location unknown to the organisation. This could be a cloud location (such as iCloud, Google Cloud, or Dropbox), or via backup software the user owns or uses. Files stored in these locations may not protected under Australian laws.




Read more:
How we can each fight cybercrime with smarter habits


Businesses choosing to save files on the cloud, on an external hard drive or on a home computer need to identify backup regimes that fit the risk profile of their business. Essentially, if you don’t allow files to be saved on a computer’s hard drive at work, and use the cloud exclusively, the same level of protection should apply when working from home.

Appropriate backups must observed by all remote workers, along with standard cybersecurity measures such as firewall, encryption, VPN and antivirus software. Only then can we rely on some level of protection at a time when cybercriminals are desperate to profit.The Conversation

Craig Valli, Director of ECU Security Research Institute, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

We’ve been hacked – so will the data be weaponised to influence election 2019? Here’s what to look for


Michael Jensen, University of Canberra

Prime Minister Scott Morrison recently said both the Australian Parliament and its major political parties were hacked by a “sophisticated state actor.”

This raises concerns that a foreign adversary may be intending to weaponise, or strategically release documents, with an eye towards altering the 2019 election outcome.




Read more:
A state actor has targeted Australian political parties – but that shouldn’t surprise us


While the hacking of party and parliamentary systems is normally a covert activity, influence operations are necessarily noisy and public in order to reach citizens – even if efforts are made to obscure their origins.

If a state actor has designs to weaponise materials recently hacked, we will likely see them seek to inflame religious and ethnic differences, as well as embarrass the major parties in an effort to drive votes to minor parties.

If this comes to pass, there are four things Australians should look for.

1. Strategic interest for a foreign government to intervene

If the major parties have roughly the same policy position in relation to a foreign country, a foreign state would have little incentive to intervene, for example, in favour of Labor against the Coalition.

They may, however, attempt to amplify social divisions between the parties as a way of reducing the ability of Australians to work together after the election.

They may also try to drive down the already low levels of support for democracy and politicians in Australia to further undermine Australian democracy.

Finally, they may also try to drive the vote away from the major parties to minor parties which might be more favourable to their agenda.

This could be achieved by strategically releasing hacked materials which embarrass the major parties or their candidates, moving voters away from those parties and towards minor parties. These stories will likely be distributed first on social media platforms and later amplified by foreign and domestic broadcast media.

It is no secret that Russia and China seek a weakening of the Five Eyes security relationship between Australia, New Zealand, Canada, the United States, and the United Kingdom. If weakened, that would undermine the alliance structure which has helped prevent major wars for the last 70 years.

2. Disproportionate attention by foreign media to a local campaign

In the US, although Tulsi Gabbard’s polling numbers rank her near the bottom of declared and anticipated candidates for the Democratic nomination, she has received significant attention from Russia’s overt or “white” propaganda outlets, Sputnik and RT (formerly Russia Today).

The suspected reason for this attention is that some of her foreign policy positions on the Middle East are consistent with Russian interests in the region.

In Australia, we might find greater attention than normal directed at One Nation or Fraser Anning – as well as the strategic promotion of Green candidates in certain places to push political discussion further right and further left at the same time.

3. Promoted posts on Facebook and other social media platforms

Research into the 2016 US election found widespread violations of election law. The vast majority of promoted ads on Facebook during the election campaign were from groups which failed to file with the Federal Election Commission and some of this unregistered content came from Russia.

Ads placed by Russia’s Internet Research Agency, which is under indictment by the Mueller investigation, ended up disproportionately in the newsfeeds of Facebook users in Wisconsin and Pennsylvania – two of the three states that looked like a lock for Clinton until the very end of the campaign.

What makes Facebook and many other social media platforms particularly of concern is the ability to use data to target ads using geographic and interest categories. One can imagine that if a foreign government were armed with voting data hacked from the parties, this process would be all the more effective.




Read more:
New guidelines for responding to cyber attacks don’t go far enough


Seats in Australia which might be targeted include seats like Swan (considered a marginal seat with competition against the Liberals on both the left and the right) and the seats of conservative politicians on GetUp’s “hitlist” – such as Tony Abbott’s and Peter Dutton’s seats of Warringah and Dickson.

4. Focus on identity manipulation, rather than fake news

The term “fake news” suffers from conceptual ambiguities – it means different things to different people. “Fake news” has been used not just as a form of classification to describe material which “mimics news media content in form but not in organisational process or intent” but also used to describe satire and even as an epithet used to dismiss disagreeable claims of a factual nature.

Studies of propaganda show that information need not be factually false to effectively manipulate target audiences.

The best propaganda uses claims which are factually true, placing them into a different context which can be used to manipulate audiences or by amplifying negative aspects of a group, policy or politician, without placing that information in a wider context.

For example, to amplify concerns about immigrants, one might highlight the immigrant background of someone convicted of a crime, irrespective of the overall propensity for immigrants to commit crimes compared to native born Australians.

This creates what communication scholars call a “representative anecdote” through which people come to understand and think about a topic with which they are otherwise unfamiliar. While immigrants may or may not be more likely to commit crimes than other Australians, the reporting creates that association.

Among the ways foreign influence operations function is through the politicisation of identities. Previous research has found evidence of efforts to heighten ethnic and racial differences through Chinese language WeChat official accounts operating in Australia as well as through Russian trolling efforts which have targeted Australia. This is the same pattern followed by Russia during the 2016 US election.

Liberal democracies are designed to handle conflicts over interests through negotiation and compromise. Identities, however, are less amenable to compromise. These efforts may not be “fake news” but they are effective in undermining the capacity of a democratic nation to mobilise its people in pursuit of common goals.




Read more:
How digital media blur the border between Australia and China


The Russian playbook

No country is immune from the risk of foreign influence operations. While historically these operations might have involved the creation of false documents and on the ground operations in target countries, today materials can be sourced, faked, and disseminated from the relative security of the perpetrating country. They may include both authentic and faked documents – making it hard for a campaign to charge that certain documents are faked without affirming the validity of others.

Most importantly, in a digitally connected world, these operations can scale up quickly and reach substantially larger populations than previously possible.

While the Russian interference in the 2016 US election has received considerable attention, Russia is not the only perpetrator and the US is not the only target.

But the Russians created a playbook which other countries can readily draw upon and adapt. The question remains as to who that might be in an Australian context.The Conversation

Michael Jensen, Senior Research Fellow, Institute for Governance and Policy Analysis, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

‘State actor’ makes cyber attack on Australian political parties



File 20190218 56204 18qp4dj.jpg?ixlib=rb 1.1
While the government has not identified the state actor, China is.
being blamed.
Shutterstock

Michelle Grattan, University of Canberra

“A sophisticated state actor” has hacked the networks of the major
political parties, Prime Minister Scott Morrison has told Parliament.

Recently the Parliament House network was disrupted, and the intrusion
into the parties’ networks was discovered when this was being dealt
with.

While the government has not identified the “state actor”, the Chinese
are being blamed.

Morrison gave the reassurance that “there is no evidence of any
electoral interference. We have put in place a number of measures to
ensure the integrity of our electoral system”.

In his statement to the House Morrison said: “The Australian Cyber
Security Centre recently identified a malicious intrusion into the
Australian Parliament House computer network.

“During the course of this work, we also became aware that the
networks of some political parties – Liberal, Labor and the Nationals
– have also been affected.

“Our security agencies have detected this activity and acted
decisively to confront it. They are securing these systems and
protecting users”.

The Centre would provide any party or electoral body with technical help to deal with hacking, Morrison said.

“They have already briefed the Electoral Commissions and those
responsible for cyber security for all states and territories. They
have also worked with global anti-virus companies to ensure
Australia’s friends and allies have the capacity to detect this
malicious activity,” he said.

“The methods used by malicious actors are constantly evolving and this
incident reinforces yet again the importance of cyber security as a
fundamental part of everyone’s business.

“Public confidence in the integrity of our democratic processes is an
essential element of Australian sovereignty and governance,” he said.

“Our political system and our democracy remains strong, vibrant and is
protected. We stand united in the protection of our values and our
sovereignty”.

Bill Shorten said party political structures were perhaps more vulnerable than government institutions – and progressive parties particularly so.

“We have seen overseas that it is progressive parties that are more likely to be targeted by ultra-right wing organisations.

“Political parties are small organisations with only a few full-time staff, they collect, store and use large amounts of information about voters and communities. These institutions can be a soft target and our national approach to cyber security needs to pay more attention to non-government organisations,” Shorten said.

Although the authorities are pointing to a “state actor”, national cyber security adviser Alastair MacGibbon told a news conference: “We don’t know who is behind this, nor their intent.

“We, of course, will continue to work with our friends and colleagues, both here and overseas, to work out who is behind it and hopefully their intent”.

Asked what the hackers had got their hands on MacGibbon said: “We don’t know”.The Conversation

Michelle Grattan, Professorial Fellow, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

New guidelines for responding to cyber attacks don’t go far enough



File 20181217 185255 1repzj6.jpg?ixlib=rb 1.1
If Australia’s electricity grid was targeted by cyber attack the fall out could be severe.
Shutterstock

Adam Henry, UNSW and Greg Austin, UNSW

Debates about cyber security in Australia over the past few weeks have largely centred around the passing of the government’s controversial Assistance and Access bill. But while government access to encrypted messages is an important subject, protecting Australia from threat could depend more on the task of developing a solid and robust cyber security response plan.

Australia released its first Cyber Incident Management Arrangements (CIMA) for state, territory and federal governments on December 12. It’s a commendable move towards a comprehensive national civil defence strategy for cyber space.

Coming at least a decade after the need was first foreshadowed by the government, this is just the initial step on a path that demands much more development. Beyond CIMA, the government needs to better explain to the public the unique threats posed by large scale cyber incidents and, on that basis, engage the private sector and a wider community of experts on addressing those unique threats.




Read more:
What skills does a cybersecurity professional need?


Australia is poorly prepared

The aim of the new cyber incident arrangements is to reduce the scope, impact and severity of a “national cyber incident”.

A national cyber incident is defined as being of potential national importance, but less severe than a “crisis” that would trigger the government’s Australian Government Crisis Management Framework (AGCMF).

Australia is currently ill-prepared to respond to a major cyber incident, such as the Wannacry or NotPetya attacks in 2017.

Wannacry severely disrupted the UK’s National Health Service, at a cost of A$160 million. NotPetya shut down the world’s largest shipping container company, Maersk, for several weeks, costing it A$500 million.

When costs for random cyber attacks are so high, it’s vital that all Australian governments have coordinated response plans to high-threat incidents. The CIMA sets out inter-jurisdictional coordination arrangements, roles and responsibilities, and principles for cooperation.

A higher-level cyber crisis that would trigger the AGCMF (a process that itself looks somewhat under-prepared) is one that:

… results in sustained disruption to essential services, severe economic damage, a threat to national security or loss of life.

More cyber experts and cyber incident exercises

At just seven pages in length, in glossy brochure format, the CIMA does not outline specific operational incident management protocols.

This will be up to state and territory governments to negotiate with the Commonwealth. That means the protocols developed may be subject to competing budget priorities, political appetite, divergent levels of cyber maturity, and, most importantly, staffing requirements.

Australia has a serious crisis in the availability of skilled cyber personnel in general. This is particularly the case in specialist areas required for the management of complex cyber incidents.

Government agencies struggle to compete with major corporations, such as the major banks, for the top-level recruits.

Australia needs people with expertise in cybersecurity.

The skills crisis is exacerbated by the lack of high quality education and training programs in Australia for this specialist task. Our universities, for the most part, do not teach – or even research – complex cyber incidents on a scale that could begin to service the national need.




Read more:
It’s time for governments to help their citizens deal with cybersecurity


The federal government must move quickly to strengthen and formalise arrangements for collaboration with key non-governmental partners – particularly the business sector, but also researchers and large non-profit entities.

Critical infrastructure providers, such as electricity companies, should be among the first businesses targeted for collaboration due to the scale of potential fallout if they came under attack.

To help achieve this, CIMA outlines plans to institutionalise, for the first time, regular cyber incident exercises that address nationwide needs.

Better long-term planning is needed

While these moves are a good start, there are three longer term tasks that need attention.

First, the government needs to construct a consistent, credible and durable public narrative around the purpose of its cyber incident policies, and associated exercise programs.

Former Cyber Security Minister Dan Tehan has spoken of a single cyber storm, former Prime Minister Malcolm Turnbull spoke of a perfect cyber storm (several storms together), and Cyber Coordinator Alastair McGibbon spoke of a cyber catastrophe as the only existential threat Australia faced.

But there is little articulation in the public domain of what these ideas actually mean.

The new cyber incident management arrangements are meant to operate below the level of national cyber crisis. But the country is in dire need of a civil defence strategy for cyber space that addresses both levels of attack. There is no significant mention of cyber threats in the website of the Australian Disaster Resilience Knowledge Hub.

This is a completely new form of civil defence, and it may need a new form of organisation to carry it forward. A new, dedicated arm of a existing agency, such as the State Emergency Services (SES), is another potential solution.

One of us (Greg Austin) proposed in 2016 the creation of a new “cyber civil corps”. This would be a disciplined service relying on part-time commitments from the people best trained to respond to national cyber emergencies. A cyber civil corps could also help to define training needs and contribute to national training packages.

The second task falls to private business, who face potentially crippling costs in random cyber attacks.

They will need to build their own body of expertise in cyber simulations and exercise. Contracting out such responsibilities to consulting companies, or one-off reports, would produce scattershot results. Any “lessons learnt” within firms about contingency management could fail to be consolidated and shared with the wider business community.




Read more:
The difference between cybersecurity and cybercrime, and why it matters


The third task of all stakeholders is to mobilise an expanding knowledge community led by researchers from academia, government and the private sector.

What exists at the moment is minimalist, and appears hostage to the preferences of a handful of senior officials in Australian Cyber Security Centre (ACSC) and the Department of Home Affairs who may not be in post within several years.

Cyber civil defence is the responsibility of the entire community. Australia needs a national standing committee for cyber security emergency management and resilience that is an equal partnership between government, business, and academic specialists.The Conversation

Adam Henry, Adjunct Lecturer, UNSW and Greg Austin, Professor UNSW Canberra Cyber, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The US election hack, fake news, data theft: the cyber security lessons from 2017



File 20171219 4995 17al34.jpg?ixlib=rb 1.1
Cyber attacks have the potential to cause economic disruption, coerce changes in political behaviour and subvert systems of governance.
from http://www.shutterstock.com, CC BY-ND

Joe Burton, University of Waikato

Cyber security played a prominent role in international affairs in 2017, with impacts on peace and security.

Increased international collaboration and new laws that capture the complexity of communications technology could be among solutions to cyber security issues in 2018.


Read more: Artificial intelligence cyber attacks are coming – but what does that mean?


The US election hack and the end of cyber scepticism

The big story of the past year has been the subversion of the US election process and the ongoing controversies surrounding the Trump administration. The investigations into the scandal are unresolved, but it is important to recognise that the US election hack has dispelled any lingering scepticism about the impact of cyber attacks on national and international security.

From the self-confessed “mistake” Secretary Clinton made in setting up a private email server, to the hacking of the Democratic National Committee’s servers and the leaking of Democratic campaign chair John Podesta’s emails to WikiLeaks, the 2016 presidential election was in many ways defined by cyber security issues.

Many analysts had been debating the likelihood of a “digital Pearl Harbour”, an attack producing devastating economic disruption or physical effects. But they missed the more subtle and covert political scope of cyber attacks to coerce changes in political behaviour and subvert systems of governance. Enhancing the security and integrity of democratic systems and electoral processes will surely be on the agenda in 2018 in the Asia Pacific and elsewhere.

Anti-social media

The growing impact of social media and the connection with cyber security has been another big story in 2017. Social media was meant to be a great liberator, to democratise, and to bring new transparency to politics and societies. In 2017, it has become a platform for fake news, misinformation and propaganda.

Social media sites clearly played a role in displacing authoritarian governments during the Arab Spring uprisings. Few expected they would be used by authoritarian governments in an incredibly effective way to sow and exploit divisions in democratic countries. The debate we need to have in 2018 is how we can deter the manipulation of social media, prevent the spread of fake news and encourage the likes of Facebook and Twitter to monitor and police their own networks.

If we don’t trust what we see on these sites, they won’t be commercially successful, and they won’t serve as platforms to enhance international peace and security. Social media sites must not become co-opted or corrupted. Facebook should not be allowed to become Fakebook.

Holding data to ransom

The spread of the Wannacry virus was the third big cyber security story of 2017. Wannacry locked down computers and demanded a ransom (in bitcoin) for the electronic key that would release the data. The virus spread in a truly global attack to an estimated 300,000 computers in 150 countries. It led to losses in the region of four billion dollars – a small fraction of the global cyber crime market, which is projected to grow to $6 trillion by 2021. In the Asia Pacific region, cyber crime is growing by 45% each year.


Read more: Cyberspace aggression adds to North Korea’s threat to global security


Wannacry was an important event because it pointed not only to the growth in cyber crime but also the dangers inherent in the development and proliferation of offensive cyber security capabilities. The exploit to windows XP systems that was used to spread the virus had been stockpiled by the US National Security Agency (NSA). It ended up being released on the internet and then used to generate revenue.

A fundamental challenge in 2018 is to constrain the use of offensive cyber capabilities and to reign in the growth of the cyber-crime market through enhanced cooperation. This will be no small task, but there have been some positive developments.

According to US network security firm FireEye, the recent US-China agreement on commercial cyber espionage has led to an estimated 90% reduction in data breaches in the US emanating from China. Cyber cooperation is possible and can lead to bilateral and global goods.

Death of cyber norms?

The final big development, or rather lack of development, has been at the UN. The Government Group of Experts (GGE) process, established in 2004 to strengthen the security of global information and telecommunications systems, failed to reach a consensus on its latest report on the status of international laws and norms in cyberspace. The main problem has been that there is no definite agreement on the applicability of existing international law to cyber security. This includes issues such as when states might be held responsible for cyber attacks emanating from their territory, or their right to the use of countermeasures in cyber self-defence.

Some analysts have proclaimed this to be “the end of cyber norms”. This betrays a pessimism about UN level governance of the internet that is deeply steeped in overly state-centric views of security and a reluctance to cede any sovereignty to international organisations.

It is true that norms won’t be built from the top down. But the UN does and should have an important role to play in cyber security as we move into 2018, not least because of its universality and global reach.

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia recently launched the Tallinn Manual 2.0, which examines the applicability of international law to cyber attacks that fall below the use of force and occur outside of armed conflict.

These commendable efforts could move forward hand in hand with efforts to build consensus on new laws that more accurately capture the complexity of new information and communications technology. In February 2017, Brad Smith, the head of Microsoft, proposed a digital Geneva Convention that would outlaw cyber attacks on civilian infrastructure.

The ConversationIn all this we must recognise that cyber security is not a binary process. It is not about “ones and zeros”, but rather about a complex spectrum of activity that needs multi-level, multi-stakeholder responses that include international organisations. This is a cyber reality that we should all bear in mind when we try to find solutions to cyber security issues in 2018.

Joe Burton, Senior Lecturer, Institute for Security and Crime Science, University of Waikato

This article was originally published on The Conversation. Read the original article.

Iran: Latest Persecution News


The link below is to an article that reports on the latest persecution news out of Iran, where persecution has now gone cyber.

For more visit:
http://www.christiantelegraph.com/issue17616.html