radiofree.asia

Category: cyber security

  • Resilience in the face of fire, flood and cyber

    What do bushfires and cyber threats have in common? They are both a fact of life; they are both likely to get worse; and we won’t be able to stop either from happening – so we need to be better prepared and to minimise their impact. In short, we need greater resilience.

    The issues of resilience against bushfires and cyber threats came together in an Age of Trust podcast with Rear Admiral Lee Goddard CSC, RAN, head of partnership ecosystem, government relations and operations at the Minderoo Foundation and Rob Le Busque, the regional vice-president Asia Pacific at Verizon.

    The Minderoo Foundation is a philanthropic organisation that “takes on tough, persistent issues with the potential to drive massive change”. One of those challenges is “to lift Australia to be the global leader in fire and flood resilience by 2025”.

    Lee Goddard Corrie McLeod Rob Le Busque
    Resilience is key: Rear Admiral Lee Goddard, Corrie McLeod and Rob Le Busque

    Mr Goddard said national initiatives to build resilience against bushfires were very much in catch-up mode: “We need to do much more, and we need to do it quickly – we need to be using the collective to find innovative solutions.”

    He introduced the idea of “pre-resilience”. In the case of bushfire preparedness, this means using the off-season to “make sure every part of our society, from the technology to the behavioural to the human aspects, are resilient and ready for further disruptions to come”.

    While there is no off-season for cyber threats, Mr Le Busque said pre-resilience equated to preparedness, but this often fell short of what was required.

    “Preparation is everything. It is really your first line of defence from cybercriminals and a large-scale hacking event,” he said.

    “A concept we talk about a lot is ‘you never rise to the occasion’. When the pressure’s on, you default to your level of training and preparedness.

    “You need to be conscious of the balance between the level of preparation, and the processes and systems you have set up to respond. You need to make sure these represent more than just compliance and are actually actionable programs and systems.”

    He added that often, when Verizon is called in to help an organisation respond to a cyber event, they find processes and systems for recovery exist, but they simply don’t work.

    “They haven’t been tested,” he said. “Then you see a level of disorganisation that adds to the disruption they are already suffering from.”

    The devastating 2019/20 bushfires and, more recently COVID-19, have shown up shortcomings in Australia’s resilience, and the topic is now garnering much attention.

    Mr Goddard, who is a rear admiral in the Australian Navy Reserve with a 34 years of full-time Navy service, said there needed to be an increased focus on the resilience of Australia’s infrastructure.

    “Our ability collectively to really understand where our critical infrastructure is, its vulnerabilities and how we quickly replace it has been an Achilles heel,” he said. “At the Minderoo Foundation, we are working through, and with, partners to identify this.

    “You only know how resilient some of your infrastructure is when the disaster happens. So, you need to really test it: critical communication hubs, critical resource hubs, critical infrastructure that supports dealing with the hazard.”

    He said Minderoo’s fire and flood resilience initiative chief executive of Adrian Turner – the former chief executive at CSIRO’s Data61 – was “focusing on data harmonisation and national data coordination to provide knowledge to support better decision-making and information sharing to enable leaders at all levels to really understand where the critical infrastructure is and where the critical weaknesses are in the system”.

    However, the resilience of critical infrastructure is now garnering considerable attention. There is legislation before Parliament designed to improve the security and resilience of Australia’s critical infrastructure that greatly increases the scope of what is seen as ‘critical infrastructure’.

    In the wake of the bushfires, policy think-tanks Global Access Partners and the Institute for Integrated Economic Research – Australia along with Gravity iLabs set up the GAP Taskforce on National Resilience, a group of 40 representatives from business, government, academia, the not-for-profit sector and the community brought together to “discuss ways to make Australia more resilient to future economic, strategic and environmental threats”.

    Australia has a number of resilience-related challenges that go well beyond our border. These increased vulnerabilities mean we need to deliver more effective solutions at greater speed. The disruption of the last 18 months has driven revolutionary change, and we in turn must be revolutionary innovators that ask questions and solve problems no one else has thought of.

    The Age of Trust podcast series has been produced as a partnership between Verizon Business Group and InnovationAus.com.

    The post Resilience in the face of fire, flood and cyber appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Uber breached 1.2 million Australians’ privacy

    Uber breached 1.2 million Australian customers’ privacy when it failed to protect their data from a cyber attack in 2016, the Privacy Commissioner has determined after a three and a half year investigation which encountered “jurisdictional issues”.

    Names, email addresses, drivers licence numbers, and location data were stolen in the attack, and Uber paid the cyber criminals to destroy the data through its bug bounty program rather than disclosing the breach responsibly.

    The ride hailing giant will only have to make modest remedies, however, including reviewing its data governance and security programs with external experts and implementing their advice within a year.

    But the Privacy Commissioner insists the decision sends a clear message that companies must protect Australians’ data even when it is processed overseas. The lengthy investigation has also demonstrated the “jurisdictional issues” which have made pursuing multinationals difficult.

    Uber breached Australian privacy law in an incident affecting 57 million users.

    The watchdog’s investigation ran for more than three years, which is understood to be due to the complex, cross-jurisdiction nature of the case, which was also expanded several times.

    The breach occurred in 2016 when attackers gained access to the credentials of an Uber employee, giving them access to data stored by Amazon Web Services, including unencrypted files. Attackers downloaded the files which related to around 57 million individuals worldwide, including 1.2 million Australians.

    Uber became aware of the breach almost immediately because the attackers emailed the company demanding payment. Uber paid the attackers US$100,000 through a bug bounty program, which is supposed to be used for good faith disclosures of vulnerabilities, not extortion.

    The tech giant says it obtained written assurances from the attackers they had destroyed the data.

    Uber did not formally investigate the breach with external cyber experts until nearly a year later, and said the investigation found no evidence the data had been misused.

    The company then went public and contacted some of the drivers whose data had been compromised but not riders.

    The Office of the Australian Information Commissioner (OAIC) began an investigation shortly after the public disclosure in late 2017. It made a determination late last month, more than three and a half years later.

    The case was considered complex and important because it dealt with a breach by the US parent of the Uber company operating in Australia, which is actually Dutch.

    Uber had argued because the US company was used to process the data off-shore, the breach it suffered was not subject to Australian privacy law.

    But Australian Australian Information Commissioner and Privacy Commissioner Angelene Falk, who made the determination, said she was satisfied both Uber had an “Australian link” at the time of the breach and were required to comply with the Privacy Act.

    “We need to ensure that in future Uber protects the personal information of Australians in line with the Privacy Act,” Ms Falk said.

    “The matter also raises complex issues around the application of the Privacy Act to overseas-based companies that outsource the handling of Australians’ personal information to other companies within their corporate group.”

    The investigation dragged out because of the inclusion of the Dutch-based Uber company operating in Australia, which was added to the probe in 2019 and the US parent’s argument it was not subject to Australian privacy law, an OAIC spokesperson told InnovationAus.

    “The Uber determination demonstrates the complex jurisdictional issues that can arise in applying the Privacy Act 1988 in its current form to multinational corporate structures and data flows…The US-based entity argued it was not subject to the Privacy Act, and so a formal determination was necessary to address the privacy breach. This also required extensive investigation to establish the OAIC’s jurisdiction in this matter,” the spokesperson said.

    “The existing test for establishing jurisdiction is complex, and the Australian Government’s current review of the Privacy Act is an opportunity to address this issue. The OAIC’s submission to the review proposes amendments to ensure we can more easily address the privacy risks to Australians whose personal information is held by multinational companies based overseas.”

    Ms Falk said her determination made clear the responsibilities of global corporations responsibilities under Australian privacy law.

    “Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred overseas within the corporate group,” she said.

    Ms Falk determined Uber companies breached the Privacy Act 1988 by not taking reasonable steps to protect Australians’ personal information from unauthorised access and to de-identify or destroy the data as required.

    They also failed to take reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles, according tot the watchdog.

    Ms Falk ordered Uber to prepare, implement and maintain a data retention and destruction policy, an information security program, and incident response plan that complies with Australian privacy law.

    The company must also use independent experts to review and report on the policies and there implementation, and report the findings to the OAIC.

    A spokesperson for Uber said the company has made several technical upgrades and security certifications, and policy and leadership changes since the 2016 breach.

    “We welcome this resolution to the 2016 data incident. We learn from our mistakes and reiterate our commitment to continue to earn the trust of users,” the spokesperson told InnovationAus.

    “We are confident that these changes in security and governance will address the determination made by the OAIC, and will work with a third-party assessor to implement any further changes required.”

    The post Uber breached 1.2 million Australians’ privacy appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Cyber attribution a ‘blunt’ warning to Beijing

    Australia has formally attributed the Microsoft Exchange software cyber-attack to China, joining Five Eyes allies and others in condemning what they say is a state sponsored attack which affected an estimated 30,000 organisations globally.

    The public attribution is rare but not unprecedented, with Australia having previously named Iran, China, North Korea, and Russia for other cyber attacks.

    The latest explicit attribution to China – Australia’s first since 2015 – was not accompanied by sanctions, but experts say it could be a precursor to them if attacks continue.

    On Tuesday, Home Affairs Minister Karen Andrews said Australia had worked with allies to gain a “very high” confidence that China’s Ministry of State Security exploited vulnerabilities in the Microsoft software to target thousands of networks and computers around the world, including in Australia.

    She said these vulnerabilities were used to “exploit the private sector for illicit gain”. Beijing has rejected the claims, accusing Australia of hypocrisy.

    Home Affairs Minister Karren Andrews. Photo: NASA/Aubrey Gemignani

    Ms Andrews said the attribution was made because it was in Australia’s interest to do so but acknowledged there would be repercussions from Australia’s biggest trading partner.

    “We are aware that there are serious implications for any attribution that is made to any nation, but we also will not compromise our position on sovereignty, and national security,” Ms Andrews said.

    “And in this instance, along with our partner nations, we needed to call out this malicious cyber attack.”

    While no sanctions were announced, Ms Andrews said China won’t get away with the attack “scot-free” because it has suffered serious reputational damage from the attribution.

    Australia has previously attributed cyberattacks to Iran, North Korea, and Russia, as well as to China in 2011 and 2015. But the government resisted naming China as the nation behind a wave of cyber incidents last year and an attack on the Parliament in 2019, despite security agencies reportedly believing Beijing was the culprit.

    The federal government’s cyber advisory panel last year recommended there should be clearer consequences for malicious actors found to be targeting Australian businesses and governments. The industry panel, dominated by telco and led by Telstra chief Andy Penn, said there should be more of a willingness to publicly attribute these attacks.

    Public attribution is used sparingly because of the difficulties in proving a nation state is directly responsible and because attacks typically need to cross a cyber “red line” to warrant it, according to Australian Information Security Association chair Damien Manuel.

    “[Attribution] is almost like a diplomatic warning of ‘don’t go any further because then there’ll be other consequences’…Often attribution can be used as a diplomatic sort of blunt tool to put a country on notice,” Mr Manuel told InnovationAus.

    Mr Manuel, also Director of Deakin University’s Cyber Research and Solution Centre, said the Australian government will be carefully monitoring China’s response to the attribution and whether the attacks continue to determine if sanctions and tariffs are warranted.

    Just hours after Australia’s official attribution, the Chinese embassy in Canberra issued a statement rejecting the “groundless accusation” of the Australian government, accusing it of “parroting the rhetoric of the US” and engaging in its own eavesdropping.

    “What the Australian government has done is extremely hypocritical, like a thief crying ‘stop the thief’,” a spokesperson for the Chinese Embassy said.

    “As a victim of cyber attacks, China always firmly opposes cyber attacks and cyber theft in all forms, and calls on countries to advance dialogue and cooperation to safeguard cyber security.”

    Attribution is also often a trade or diplomatic tactic, Mr Manuel said, and Australia is deploying it at a time when its relations with China are at their lowest point in years.

    “China will make certain claims about Australia and Australia will make certain claims about China. This is a kind of balancing act,” he told InnovationAus prior to the Chinese embassy statement.

    “There are red lines, obviously, where from a political perspective we don’t want countries to cross. And if they do cross them, that tends to be when they will call it out specifically. And that draws different sort of pressures. It becomes political pressure, social pressure trading pressure as well.”

    The immediate damage for China will be relatively low, according to former National Security Adviser and head of the Australian Cyber Security Centre Alastair MacGibbon.

    He told ABC Radio the retaliations to these types of attacks are typically “quite muted” because it is so difficult to prove the exact provenance of attacks and to hold foreign individuals responsible.

    “The reality is consequences for China will be pretty low, but I think there’s an important moral message here,” Mr MacGibbon said, pointing to the unprecedented involvement of Japan and NATO in an attribution to China.

    “That shows us the significance of the body of evidence and the global nature of this particular activity. So it is a significant day.”

    Mr MacGibbon, now chief strategy officer at private firm CyberCX, said the Microsoft Exchange attacks attributed to China had crossed a “significant line” of cyber espionage norms because China had used private contractors to exploit the vulnerability, who then made personal gains through cybercrimes.

    “China has used contractors to carry out what you would suggest is a legitimate state-based espionage activity. We may not like it but it’s kind of what nations do to each other,” he said.

    “And those contractors have then, for their own gain, carried out activities in parallel to what they were doing for the Chinese government.”

    The post Cyber attribution a ‘blunt’ warning to Beijing appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • NZ cyber agency chief worried China hacks exploiting security weakness

    RNZ News

    New Zealand’s cyber security agency believes China has been behind numerous hack attacks spanning years.

    The government joined Western allies and Japan in calling out Beijing for so-called state-sponsored hacks, including a major incursion in February when Microsoft email servers were targeted.

    The US has charged four Chinese nationals — three security officials and one contract hacker — with targeting dozens of companies and government agencies in the United States and overseas under the cover of a tech company.

    “What we do is when we see malicious cyber activity on New Zealand networks, that may be through our own capabilities that we have to help protect New Zealand networks or it may be something that’s reported to us, we look at the malware that’s used,” Government Communications Security Bureau Director-General Andrew Hampton told RNZ Checkpoint.

    “We look at how the actor behaves. We look at who they might be targeting and what they do if they get onto a network.

    “That allows us to build a bit of a picture of who the actor is. We then compare that with information that we receive, often from our intelligence partners who are also observing such activity.

    “That allows us to make an assessment, and it’s always a probability assessment about who the actor is.

    The APT 40 group
    “In this case, because of the amount of information we’ve been able to access both from our own capabilities and from our partners, we’ve got a reasonably high level of confidence that the actor who we’ve seen undertaking this campaign over a number of years, and in particular, who was responsible for the Microsoft Exchange compromise, was the APT 40 group — Advanced Persistent Threat Group 40 — which has been identified as associated with the Chinese Ministry of State Security.


    The RNZ National live stream.  Video: Checkpoint

     

    “The actors here are state sponsored actors rather than what we would normally define as a criminal group. What we’re seeing here is a state sponsored actor likely to be motivated by a desire to steal information.”

    Hampton said there was a blurring of lines between what a state agency does, and what a criminal group does.

    “Some of the technical capabilities that previously only state organisations had, have now got into the hands of criminal groups.

    “Also what we’ve seen in a range of countries is individuals who may work part-time in a government intelligence agency, and then may work part-time in a criminal enterprise. Or they may have previously worked in a state intelligence agency and are now out by themselves but still have links links back to the state.

    “We don’t know the full detail of the nature of the relationship, but what we do know is the Ministry of State Security in China, for example, is a very large organisation with many thousands of of employees.

    “So they are big organisations with people on their payroll but they also would have connections with other individuals and organisations.

    Information shared with criminals
    “Something else worth noting with regard to this most recent compromise involving the Microsoft Exchange, what we saw there is once the Ministry of State Security actors had identified the vulnerability and exploited it, they then shared that information with a range of other actors, including criminal groups, so they too could exploit it.

    “This is obviously a real concern to see this type of behaviour occurring,” Hampton said.

    All evidence showed the cyber attacks were all originating from mainland China, Hampton told Checkpoint.

    He said such attacks would be aimed at stealing data or possibly positioning themselves on a system to be able to access information in the future.

    “A common tactic we see, unfortunately, is there may be a vulnerability in a system,” Hampton said.

    “It could be a generic vulnerability across all users of that particular system, and a malicious actor may become aware of that vulnerability, so they would use that to get onto the network.

    “That doesn’t mean they will then start exfiltrating data from day one or something like that. They may just want to to sit there in the event that at some point in the future they may want to start doing that.

    Malicious actors
    “This exploitation of known vulnerabilities is a real concern. This is why all organisations need to keep their security patches up to date, because what can happen is you can have malicious actors use technology to scan whole countries to see who hasn’t updated their patches.

    “They then use that vulnerability to get on the network and they may not do anything with it for some time. Or they might produce a list of all the organisations, say, in New Zealand who haven’t updated their patches.

    “Then they make a decision – okay these are the four to five we want to further exploit.”

    This article is republished under a community partnership agreement with RNZ.

    This post was originally published on Asia Pacific Report.

  • ASPI ‘soft target’ warning on ransomware

    Ransomware attacks will only get worse for Australia without strategic domestic efforts to thwart it, according to a new report which warns a “policy vacuum” has made the nation an “attractive market” for cyber attackers.

    The Australian Strategic Policy Institute report follows a spate of ransomware attacks in Australia and across the world, which have crippled services and infrastructure while costing organisations millions of dollars.

    The Opposition called for a national ransomware strategy in February and a mandatory notification scheme for Australia in June. International experts have also called for strategies as part of a coordinated response from national leaders and backed the use of notice schemes.

    But the federal government is yet to launch a formal ransomware policy or notification scheme, instead using a business advisory group, an awareness campaign and pledging to work with international allies against the threat.

    digital
    ASPI bells the cat on ransomware

    The latest report from ASPI said much more will be needed in Australia to combat the growing threat of ransomware, part of a $1 trillion “tsunami” of cybercrime.

    “A current policy vacuum makes Australia an attractive market for these attacks, and ransomware is a problem that will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed,” the report said.

    “Developing a strategy now is essential. Not only are Australian organisations viewed as lucrative targets due to their often low cybersecurity posture, but they’re also seen as soft targets.”

    Written by Cyber Security Cooperative Research Centre chief executive Rachael Falk and colleague Anne-Louise Brown, the ASPI report suggests several domestic policy levers to thwart ransomware attackers, which typically operate from foreign countries.

    “Such action is essential because the grim reality is that, when it comes to ransomware, prevention is the best response,” it said.

    The report’s policy recommendations include a mandatory notice scheme, a dedicated cross-departmental taskforce also involving state and territory representatives, greater clarity about the legality of ransomware payments, more transparency when attacks do occur, expanding the official alert system of the Australian Cyber Security Centre (ACSC), education programs to improve public and the business understanding, and tax, procurement and subsidy measures to incentivise cybersecurity uplift.

    On the same day the federal government funded ASPI’s report was released, Home Affairs minister Karen Andrews launched a discussion paper on regulatory reforms and voluntary incentives to strengthen cyber security across the economy.

    The paper estimates the cost of cyber security incidents to the Australian economy is $29 billion per year, or 1.9 per cent of GDP.

    “We cannot allow this criminal activity to become a significant handbrake on our economic growth and digital security,” Minister Andrews said.

    Labor said the ASPI report echoes its continued calls for a ransomware strategy and a notification scheme.

    “By contrast, while the Morrison government never misses an opportunity for a dramatic press conference on cyber security it’s missed every opportunity to take the basic actions needed to combat this threat,” said shadow assistant minister for cyber security Tim Watts, who introduced a private members bill for a notification scheme last month which is yet to be listed for debate.

    “Instead it’s simply played the blame game, telling businesses it’s up to them to protect themselves against increasingly sophisticated and well-resourced cyber-criminals.

    “Australian businesses and the workers they employ need a government that understands organisational IT security is only part of the response to the threat of ransomware.”

    The ASPI report concludes there is a key role for government to play in tackling ransomware but  the problem is a shared responsibility.

    “While there’s no doubt that organisations must take responsibility for ensuring that their cybersecurity posture is up to scratch, there are practical and easily implementable steps the government can take to provide clarity, guidance and support,” it said.

    The post ASPI ‘soft target’ warning on ransomware appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • US cyber expert backs ransomware notice scheme

    A renowned US cybersecurity expert has put weight behind calls for a mandatory ransomware payment notification scheme in Australia and said the country’s election administration system should be considered critical infrastructure.

    Cybersecurity expert and former United States Cybersecurity and Infrastructure Security Agency chief Chris Krebs appeared at a Parliamentary Joint Committee on Intelligence and Security on Friday, where he backed calls for organisations being required to report to authorities when they have made a ransomware payment.

    Mr Krebs said a notification scheme would help authorities understand the scale of the problem and collect valuable intelligence on incidents.

    “We have to get to the denominator of ransomware attacks, and the easiest way to do that is to require ransomware victims to make a notification to the government…if you’re going to be engaging [in a] transaction with a ransomware group, that needs to be notified,” Mr Krebs told the inquiry, which is reviewing current and proposed critical infrastructure legislation.

    “The second [reason] is if you’re going to make the payment we also want to make sure the information, specifically the wallet to which the ransomware payment is going, can be tracked by law enforcement and intelligence officials to light up the economy.”

    Former US Cybersecurity chief Chris Kreb. Image: Department of Homeland Security/Tara Molle

    Last month, shadow assistant minister for cyber security Tim Watts introduced a private members’ bill which would establish a notification scheme, and called on the government to urgently support it following a spate of ransomware attacks around the world.

    Home Affairs Minister Karen Andrews told a business event shortly after that the government is “open to exploring” a mandatory reporting scheme but added it must follow an increased awareness of the problem.

    The Department of Home Affairs is reportedly considering a notification scheme, with secretary Mike Pezzullo saying he believes it is “likely” one would be rolled out soon.

    Following Mr Krebs evidence on Friday, Labor’s Mr Watts issued a statement calling for the government to urgently list his bill for debate when Parliament returns in August.

    “The Minister said when taking on the role in March cyber security was a ‘priority’ for her. It’s time we saw some real action,” Mr Watts said.

    “Ransomware is completely out of control in 2021. There has been an onslaught of attacks that threaten Australian jobs including JBS Foods, our biggest meat producer, the Nine Network, and multiple hospitals.”

    The US expert also called for Australia to consider election administration as critical infrastructure. Mr Kerbs was fired by the-US President Donald Trump in 2020 for refuting his claims the 2020 presidential election was fraudulent.

    “I think there are elements of the election administration function that should absolutely be considered critical infrastructure, and that is the administration element,” he said.

    “That’s the systems, the machines, the counting process, the protocols around it — I think it’s, at least in the US, a step too far to call the political parties themselves as part of the infrastructure, but they do have certainly a contribution and a piece involvement.”

    The PJCIS is currently considering legislation which would see more Australian sectors considered “critical infrastructure”, including communications and data storage and processing.

    Mr Krebs said bad actors have been effective in disrupting elections with disinformation campaigns and “perception hacks”.

    “Those are the more pervasive, much harder to debunk, because there’s an asymmetry of the adversary,” he said.

    “Even if it’s domestic, it’s still an adversary, in this case, [a] domestic actor that is trying to undermine confidence in the process for their own outcomes.”

    The post US cyber expert backs ransomware notice scheme appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Call for campaign on cyber critical infrastructure

    The changes to critical national infrastructure regulation in relation to cyber security will need a coordinated, Australia-wide communications campaign that embraces small and medium sized companies in order to carry maximum impact.

    Email security and cyber resilience specialists Mimecast’s country manager Nick Lennon says changes to critical national infrastructure legislation in Australia is a positive step forward. The regulation of cyber risks is a good thing and will ultimately lift cyber standards across the economy. In order effect change, there needs to be a complete commitment across all levels of government and private sectors, as without the necessary changes, there is the potential risk for considerable socioeconomic impact.

    The new regulations are ultimately a way of introducing standards to manage cyber risks in Australia, just as financial reporting requirements and audits through regulations have been a way to manage financial risks across the economy.

    Changes to the critical national infrastructure regulations will result in the introduction of minimum standards. The key to its roll-out in the early stages will be in a mass communications campaign that reaches the small and medium-sized companies that will be ‘captured’ by the new legislation.

    Nick Lennon
    Mimecast country manager Nick Lennon

    “The critical national infrastructure changes effectively introduce ‘table stakes’ – or minimum standards – for companies, to enable them to participate in the new economy and the new environment,” Mr Lennon said. “That’s a positive thing and it really should be promoted.”

    “This is regulation catching up in cyber, and supporting modern businesses to operate effectively in the current environment.”

    “Longer term, it is easy to see a world where cyber security is regulated in the same way that the accounting and financial services industry is stood up today.

    “So, we are obliged to check and report our [financial] books every 12 months, and we have multiple government agencies that analyse the quality of that information, to make sure that there’s transparency and due diligence around these organisations so they are able to trade appropriately,” he said.

    In the same way government financial regulation is an effective measure to ensure the financial services sector meets and exceeds global standards, Australia’s new cyber regulations needs to be in lockstep with other countries to meet our obligations as global citizens in terms of cyber security standards. These new cyber regulations are about creating clear standards that enable trust across the systems of the economy, allowing customers and businesses to invest in one another. This is the same scenario that underscored the introduction of standard financial reporting, Mr Lennon said.

    The key in cyber would be to make these new standards “more visible, more accessible and more in your face.”

    “It is easy to envisage a world where organisations are reporting on their cybersecurity standards in a similar manner to how they are considering their financial auditing in today’s terms,” Mr Lennon said.

    “So the question becomes, how does a small to medium-sized organisation consider what that means to them? And how do they meet or exceed those standards that are being asked of them around positive security objectives and the processes associated with reporting cybersecurity event. Of note the private sector has asked what will it cost businesses to meet the new cybersecurity standards, and where will that cost burden lie?”

    It is a complex communications challenge, but not dissimilar to issues that governments have helped solve effectively in the past with national and coordinated campaigns. Think Slip, Slop Slap or the ongoing anti-smoking campaigns or any number of health campaigns. These aim at registering a broad community and individual benefit for action.

    This can work with cyber.

    Mr Lennon points to Mimecast’s own authoritative State of Email Security 2021 report for the numbers that illustrate the massive scale of cybersecurity problems across the economy.

    In Australia, the report found that an incredible 64 per cent of companies had experienced some form of business disruption through ransomware in the past year, a massive increase from the 48 per cent reported in the previous year.

    Of those companies, 54 per cent paid the ransom. And of the companies that paid a ransom, 76 per cent recovered their data, but 24 per cent paid and never recovered their data – a true nightmare scenario for any business. In terms of downtime, there is a big impact, with the report revealing that business disruption caused an average of 4 days of downtime, and for 26 per cent of businesses it was one week or more. This downtime can greatly impact our supply chains and the economy, and underscores the immediacy of protecting our critical national infrastructure.

    “If you do the maths on that, you find that the scale of the ransomware ‘industry’ is massive. And that fact is not as well publicised as it should be in terms of communicating why regulation through changes to the critical national infrastructure legislation is so important,” Mr Lennon said.

    This article was produced in partnership with Mimecast as a member of the InnovationAus Leadership Council.

    The post Call for campaign on cyber critical infrastructure appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • New investigation shows global reach of NSO Group’s spyware

    On 3 July 2021, a new interactive online platform by Forensic Architecture, supported by Amnesty International and the Citizen Lab, maps for the first time the global spread of the notorious spyware Pegasus, made by cyber-surveillance company NSO Group.

    ‘Digital Violence: How the NSO Group Enables State Terror’ documents digital attacks against human rights defenders around the world, and shows the connections between the ‘digital violence’ of Pegasus spyware and the real-world harms lawyers, activists, and other civil society figures face.   NSO Group is the worst of the worst in selling digital burglary tools to players who they are fully aware actively and aggressively violate the human rights of dissidents, opposition figures, and journalists. Edward Snowden, President of Freedom of the Press Foundation.

    NSO Group is a major player in the shadowy surveillance industry. The company’s Pegasus spyware has been used in some of the most insidious digital attacks on human rights defenders. When Pegasus is surreptitiously installed on a person’s phone, an attacker has complete access to a phone’s messages, emails, media, microphone, camera, calls and contacts. For my earlier posts on NSO see: https://humanrightsdefenders.blog/tag/nso-group/

    “The investigation reveals the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space,” said Shourideh C. Molavi, Forensic Architecture’s Researcher-in-Charge. 

    Edward Snowden narrates an accompanying video series which tell the stories of human rights activists and journalists targeted by Pegasus. The interactive platform also includes sound design by composer Brian Eno. A film about the project by award-winning director Laura Poitras will premiere at the 2021 Cannes Film Festival later this month.

    The online platform is one of the most comprehensive databases on NSO-related activities, with information about export licenses, alleged purchases, digital infections, and the physical targeting of activists after being targeted with spyware, including intimidation, harassment, and detention. The platform also sheds light on the complex corporate structure of NSO Group, based on new research by Amnesty International and partners.

    For years, NSO Group has shrouded its operations in secrecy and profited from working in the shadows. This platform brings to light the important connections between the use of its spyware and the devastating human rights abuses inflicted upon activists and civil society,” said Danna Ingleton, Deputy Director of Amnesty Tech.

    Amnesty International’s Security Lab and Citizen Lab have repeatedly exposed the use of NSO Group’s Pegasus spyware to target hundreds of human rights defenders across the globe. Amnesty International is calling on NSO Group to urgently take steps to ensure that it does not cause or contribute to human rights abuses, and to respond when they do occur. The cyber-surveillance must carry out adequate human rights due diligence and take steps to ensure that human rights defenders and journalists do not continue to become targets of unlawful surveillance.

    In October 2019, Amnesty International revealed that Moroccan academic and activist, Maati Monjib’s phone had been infected with Pegasus spyware. He continues to face harassment by the Moroccan authorities for his human rights work. In December 2020, Maati Monjib was arbitrarily detained before being released on parole on 23 March 2021.

    Maati Monjib, tells his story in one of the short films, and spoke of the personal toll following the surveillance, “The authorities knew everything I said. I was in danger. Surveillance is very harming for the psychological wellbeing of the victim. My life has changed a lot because of all these pressures.”

    Amnesty International is calling for all charges against Maati to be dropped, and the harassment against him and his family by the Moroccan authorities to end.

    To find out more visit digitalviolence.org

    https://www.amnesty.org/en/latest/news/2021/07/investigation-maps-human-rights-harm-of-nso-group-spyware/

    This post was originally published on Hans Thoolen on Human Rights Defenders and their awards.

  • Defence adds $3m to university cyber research

    The Department of Defence has funded three more Australian universities for their work with a US counterpart on cybersecurity research that could one day benefit defence forces.

    $3 million of the department’s emerging technology fund will be shared by researchers at the University of Melbourne, Macquarie University and the University of Newcastle for their joint project to develop autonomous cyber security systems.

    The work is exploring how cyber bots can learn from and form teams with each other and humans to combat cyber threats.

    Cyber security industry policy
    A cohort of Australian and US universities led by the University of Melbourne has received $3 million to research cyber bots

    The project also involves the University of Wisconsin and the funds will come via the Australia—US Multidisciplinary University Research Initiative, a nine-year $25 million program to fund Australian and US universities’ joint projects on areas of high priority for Defence.

    The program is part of Defence’s Next Generation Technologies Fund’s (NGTF).

    The NGTF was established in 2016 with $600 million to back research and development of technology for the “future Defence force after next” over ten years. It was topped up last year to $1.2 billion and extended to 2030.

    InnovationAus can reveal less than $220 million from the NGTF has been allocated so far including the latest universities projects, meaning around 18 per cent of funds have been used, more than a third of the way into the projected lifespan.

    “As at 31 May 2021, the NGTF has funded a total of 282 activities worth $211 million. This includes both completed and active arrangements,” A department of Defence spokesperson told InnovationAus.

    The latest project to be funded is the joint cyber initiative between the University of Melbourne, Macquarie University, the University of Newcastle and the University of Wisconsin.

    The project aims to develop autonomous cyber security systems through “robust and effective teaming of bots and humans”.

    “The joint project, led in Australia by the University of Melbourne, will explore how cyber bots can learn and form teams, either amongst themselves or with humans, to counter cyber threats,” Department of Defence chief science engagement and impact division Dr Kershaw said.

    “Improved security through cyber autonomy is critical for Defence’s future in highly challenging and adverse environments.”

    Last week, the Department of Defence announced it had funded quantum technology and 3D printing projects through the same program, with $4 million being shared by teams from Griffith University, the University of Technology Sydney, the University of New South Wales, and the University of Sydney.

    The Department of Defence is still seeking research and development proposals from Australian universities and small to medium enterprises to support Defence capability, and has urged universities to take advantage of the “hug opportunity” to partner with the well funded department.

    The post Defence adds $3m to university cyber research appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • ‘Dramatically greater’ investment needed in cyber

    Australia needs to make “dramatically greater investments” in cybersecurity education and sovereign capability in order to become a more effective cyber power, according to a report by the International Institute for Strategic Studies.

    The International Institute for Strategic Studies (IISS) released its report on the cyber capabilities and powers of 15 countries this week.

    It ranked these countries across three tiers, with Australia placed on the second level, with “world-leading strengths” in some of the categories, but struggles in others, especially around skills, education and commercialisation.

    The global report also called out failings in cyber controls in Australian government departments and agencies and the need for better coordination at a federal level.

    2020 Cybersecurity strategy
    The IISS has called on Australia to “dramatically” increase its cyber investment

    “For Australia to become a more effective cyber power, it will need to make dramatically greater investments in cyber-related tertiary education and carve out a more viable sovereign cyber capability,” the IISS report said.

    The report found that the federal government’s 2020 Cyber Security Strategy helped to “significantly improve” its cybersecurity guidance for all sectors, but there are still “significant weaknesses in the government’s own practices”, with “considerable recalcitrance on the part of government agencies when it comes to upgrading their cybersecurity”.

    In terms of skills, the previous 2016 strategy didn’t have enough funding to make any real impact, the report found, and in last year’s iteration the government opted for “radical” new visa programs to attract talent from overseas.

    But funding is still an issue here, according to IISS.

    “But Australian universities’ response to the new opportunities and demand for cybersecurity education could not match the government’s ambition, particularly since the government wasn’t prepared to invest sufficient funds,” the report said.

    The 2020 strategy included about $50 million in funding for workforce development, education and community initiatives.

    “But this is unlikely to give universities much incentive because the government prefers community and business-based solutions,” the IISS report said.

    This funding included a $26.5 million Skills Partnership Innovation Fund, with the first round of grants opened in February to “improve the quality and availability of cybersecurity professionals through training”.

    The funding package also included $6.3 million for the Australian Cyber Security Centre to grow education skills, $14.9 million for Questacon and $2.5 million to improve data on cybersecurity skills shortages.

    More leadership and funding is required from the federal government, it said.

    “Australia has moved towards a more coherent policy and legislative framework for cybersecurity and resilience, but the changes need to be reflected in better governmental coordination and more consistent use of standardised tools,” it said.

    “The country has not yet made adequate investments to defend against the most serious potential threats. Its providers of critical national infrastructure appear not to have a sufficient understanding of the risks and the situations is aggravated by a shortage of personnel with the relevant skills, including at board level.”

    Funding and skills is also an issue in terms of Australia’s developing offensive cyber capability.

    “In terms of resources and available personnel, Australia does not match the capabilities of its senior allies,” it said.

    “In common with all other states, the biggest constraint on Australia’s offensive cyber capability may well be the limited extent of its national skills base and pipeline.”

    In the report, the IISS also took aim at Australia’s long-running commercialisation struggles, pointing out that despite being among the top countries in the world in terms of average internet usage and companies engaged in e-commerce, it falls outside the top 10 in terms of innovation, competitiveness and cybersecurity.

    “Since the turn of the century, Australia’s digital economy has mostly stood still in relative terms – for example, its information industries share of total global value added hardly increased between 2006 and 2016,” it said.

    “There is a mismatch between its innovation inputs, in which it ranked 13th in the world in 2020, and its innovation outputs, in which it ranked only 31st. Overall, Australia has a modest capability to assess the security implications of imported technologies, with the best capabilities concentrated largely in government and in several larger corporations.”

    The post ‘Dramatically greater’ investment needed in cyber appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Foreign Secretary Dominic Raab’s mobile number has been online for years

    Fresh questions for the security services have been raised after it emerged Foreign Secretary Dominic Raab’s private mobile number has been available online for a number of years.

    The discovery came weeks after it was revealed Prime Minister Boris Johnson’s phone number was freely available on the internet for more than a decade.

    The Foreign Office said on Tuesday Raab’s number and other private information was swiftly removed once the department was made aware of the oversight.

    Since 2010

    The Guardian, which first reported the number’s availability after being notified by a reader, said it appeared to have been online since before he became an MP in 2010.

    A Foreign Office spokesperson said:

    Private information was wrongly retained online, before the Foreign Secretary’s appointment.

    Once we were made aware, we had it removed immediately. Most of it was out of date, and no security was compromised.

    In April it emerged that Johnson’s number remained on the bottom of an online press release from when he was shadow higher education minister in 2006.

    That disclosure – by the Popbitch gossip newsletter – prompted concerns that Johnson had left himself vulnerable to covert activity by hostile states.

    The Prime Minister had already been reportedly told by Civil Service head Simon Case to change his number, because it was too widely known from his career as a journalist.

    Risk

    Former UK national security adviser lord Ricketts told the Guardian:

    The wide availability of Mr Raab’s personal phone number must increase the risk that other states, or even criminal gangs, have been able to eavesdrop on his calls.

    It also means that anyone who happens to have had his phone number … is able to lobby the foreign secretary, bypassing the official channels which everyone else has to use.

    Anyone taking on a role as sensitive as this should in their own interests pay as much attention to online as to physical security.

    Concerns have also been raised over senior Government figures’ use of WhatsApp.

    Former Downing Street aide Dominic Cummings has published a series of exchanges on the messaging network, showing it was used to co-ordinate elements of the coronavirus pandemic response.

    By The Canary

    This post was originally published on The Canary.

  • Rachael Falk on building local cyber capability

    As chief executive of the Cyber Security Cooperative Research Centre, Canberra-based Rachael Falk has been one of the most clear-eyed and articulate advocates for building cyber capability across the Australian economy.

    Ms Falk arrived in the cybersecurity sector via an early career in the law and then telecommunications. She spent 15 years at Telstra in roles that included National Security Advisor and general manager of cyber influence.

    The Cyber Security CRC is somewhat of a newcomer to the federal government’s Cooperative Research Centre program, with Ms Falk joining as founding CEO three years ago.

    The cybersecurity “landscape” has changed quite radically during those three years. Certainly issues of sovereign capability and supply chains have taken on new meaning since COVID-19, as well as cloud services and data sovereignty, the government’s treatment of encryption services and even definitions and obligations under critical infrastructure protection laws.

    In this episode of the Commercial Disco podcast, Rachael Falk talks about the challenges of building domestic cyber capability and the role of the CRC in creating the top-end skills that can underpin a healthy and growing Australian cyber industry.

    The CRCs bring together like-minded partners from industry, academia and government to work together to solve problems and in doing so to create research translation and commercialisation outcomes.

    As a horizontal industry that touches on literally all parts of the modern economy, the global market for cyber products and services is clearly massive with a growth rate that outstrips others.

    The CRC is geared toward commercialisation, and has processes in place to ensure that the “commercialisable” parts of a project are identified early, and that the various parties involved in the project can recognise and agree on the pathways to commercialisation.

    Building Australian cyber products and services based on research partnerships is key to lifting national capability, Ms Falk said. It is not enough to simply buy product from overseas. Creating and building solutions to problems through top end research provides an unmatched capability uplift that results in both a more secure Australian economy but creates access to valuable global chains.

    While recognising that Australian companies can’t do everything, and that local firms have not been able to build at the scale of multinational suppliers in some areas there is a recognition that local companies have been able to fill niches and participate in global supply chains that are valuable to the economy and to the nations security.

    “There has been this recognition that it’s a broad church and that we need all the players [domestic and multinational]. That to me has been one of the biggest shifts of the past three years,” Ms Falk said.

    Rachael Falk
    Building capability: Cybersecurity CRC chief executive Rachael Falk

    “When you’re designing and making widgets here and you’re investing in people here, you’re [also] building capability here,” she said.

    This is a great interview for anyone looking for a 20 minute snapshot of the local cybersecurity sector.

    The Cyber Security CRC is funded through to 2024 and it will be up to its member participants and discussions with the government on what the future holds beyond that. There is no suggestion that the organisation will not continue beyond that date.

    It is a measure of how serious the sector is taken that the Cyber Security CRC – which is effectively a modest-sized not-for-profit – boasts a board of directors that looks more like an ASX 200 company.

    The board includes former ASIO and ASIS director general David Irvine, Business Council of Australia CEO Jennifer Westacott, the Australian Signals Directorate’s ACSC chief Abigail Bradshaw, Nuix founder Eddie Sheehy, Cisco Systems global chief of nation cyber security officers Greg Thomas, Deakin University deputy vice-chancellor Prof Julie Owens, QBE director John Green, and Commonwealth Bank director Anne Templeman-Jones.

    The Cyber Security CRC is chaired by former ACT senator Kate Lundy. Ms Falk is also on the board.

    The post Rachael Falk on building local cyber capability appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Cyber security across local councils is ‘disjointed and under-resourced’

    In the wake of the coronavirus (Covid-19) pandemic, we’ve been spending more time online. As a result, more of our personal data is also online. There’s also been an increase in certain kinds of cyber attacks since the start of the pandemic. According to an Interpol report, cybercriminals are beginning to target “corporations, governments and critical infrastructure”.

    And this is affecting councils in the UK too. Because, as reported by Alex Scroxton in ComputerWeekly.com, Freedom of Information (FoI) requests show:

    UK councils reported more than 700 data breaches to the Information Commissioner’s Office (ICO) during 2020

    But the damage is not limited to councils. Because a number of healthcare providers have also been hit by similar data breaches.

    Damage done

    The FoIs were disclosed to security services provider Redscan. In Scroxton’s article, he explained:

    Redscan received responses from over 60% (265 of 398) of borough, district, unitary and county councils in England, Scotland, Wales and Northern Ireland,

    The security company found evidence that UK local government cyber security is “by and large, disjointed and under-resourced”. And responsibility for local government rests with central government. According to a report commissioned by the Local Government Association (LGA), as of 2020, “local authorities will have faced a reduction to core funding from the Government of nearly £16 billion over the preceding decade”. Meanwhile the data of private citizens is at risk.

    So these are real concerns. Because according to Redscan’s chief technology officer Mark Nicholls:

    Every council has thousands of citizens depending on its services daily. Going offline due to a cyber attack can deny people access to critical services. To minimise the impact of data breaches, it is important that councils are constantly prepared to prevent, detect and respond to attacks.

    However, according to Nicholls:

    While our findings show that councils are taking some steps to achieve this, approaches vary widely and, in many cases, are not enough.

    So because data held by councils is at risk from cybercriminals, people need assurances that their data is safe.

    Previous attacks on councils

    Unfortunately, data breaches are far from uncommon. As reported by The Canary in June 2020, a subsidiary of Kent County Council, Kent Commercial Services (KCS), was hit by a ransomware attack. The attackers sent KCS a ransom note demanding £800k in Bitcoins.

    Ransomware is software used by cybercriminals to gain access to information on computers. The criminals ensure the computer is inaccessible so they can steal, delete, or encrypt that information. Cybercriminals then ask the computer user to pay a ransom to get the information back.

    In February 2020, Redcar and Cleveland Council suffered a similar attack to KCS. That meant over 135,000 UK residents didn’t have access to online public services for almost one week. That included services related to social care and housing complaints. According to ComputerWeekly.com 10 councils, including Redcar and Cleveland, reported disruption to daily operations in 2020 as a result of a breach or ransomware attack.

    Attacks on healthcare

    In May, an Edinburgh mental health clinic was hit by a phishing scam. The scammers were able to access email addresses. Also in May, “a gaping security hole” was discovered in the NHS’ vaccination booking website. This “hole” could have been used “to find out whether someone has received a jab”.

    On 14 May this year, the Irish Health Service Executive (HSE) also suffered a ransomware attack. The Irish government says it didn’t pay a ransom. However, the HSE chief executive estimated the attack could have a human costs as well as a cost of around €0.5bn.

    Protect our data

    These data breaches and attacks on councils and healthcare reveal how vulnerable personal data can be. It also highlights that in a world of increasing online presence, we need to be extra vigilant about where and with whom we share our data. But ultimately, the onus of ensuring local councils are fully resourced to manage our data is on the government.

    Featured image via Unsplash – FLY:D

    By Peadar O'Cearnaigh

    This post was originally published on The Canary.

  • Data sovereignty issues are complex but critical

    Sovereignty issues have shifted into the spotlight across a number of sectors in Australia due to the supply chain challenges wrought by the COVID-19 pandemic.

    This should raise important questions for local businesses not just about physical supply chains, but where and how critical data is stored.

    Australian businesses and executives need a better understanding of data sovereignty and the issues around storing data through a foreign company. And the federal government has an important role to play in this mission, Dekko Secure chief executive officier Jacqui Nelson said.

    According to Ms Nelson, more Australian companies need to consider these issues and to actively investigate and understand how their data is stored and what laws in other jurisdictions can be applied to it.

    Jacqui Nelson
    F Dekko Secure chief executive officer Jacqui Nelson

    “Organisations need to start thinking about sovereignty as a policy goal. The Big Tech players have a role to play but there also needs to be a focus on Australia’s own local capability,” Ms Nelson said.

    “As an Australian company I comply with all laws, but once we host on a different server owned by a foreign country, that data is subject to that country’s laws as well. While I understand that, currently we’re seeing some organisations that don’t get it.”

    Dekko Secure is an Australian cybersecurity firm founded in 2015. It offers technology that replaces high-risk electronic exchanges such as video conferencing, file sharing, email and chat with a new standard in privacy.

    Its main products include DekkoVault, a secure document and file-sharing service, and DekkoLynx, a recently-launched service for confidential video meetings between government departments at the “protected” level, as well as for use by other organisations handling highly sensitive information, such as law firms.

    Both of these Dekko products use end-to-end encryption.

    Dekko currently stores its data in Australian-based data centres running Microsoft Azure. Ms Nelson said she wants to also utilise Australian providers such as Vault Cloud or AU Cloud, but this will become more practical when these offerings are more established, and there is more knowledge of data sovereignty among clients.

    The government should work with local players and their clients to educate them on these issues, Ms Nelson said.

    “With heightened focus on our national security posture, it makes sense for government to work with local companies to be able to provide those services,” she said.

    “It’s about access to the right talent to help providers scale. Establishing local sovereignty that competes at scale is tough without very deep support from the government.”

    “Starting at the bottom of the chain is always better than trying to fix it at the other end.”

    The government also has a role to play in educating the private sector on the importance of these issues, she said.

    “I don’t think enough people in the private sector actually know the right questions to ask in relation to where their data is being housed. There’s a huge education piece that needs to be worked on,” Ms Nelson said.

    “For me the biggest challenge is getting the message out to organisations that they really need to up their questions of their providers. They need to not just accept they’ve got data centres here and that they’re secure, but they need to deeply understand which parts of the channel are secure and where the vulnerable points are.”

    This discussion should start with understanding what data sovereignty actually means, she said.

    “There are challenges around the word sovereignty – it’s a little bit like security, it means so many things to so many people,” Ms Nelson said. “The devil is always in the detail and there’s a challenge in communicating it with customers.”

    “COVID and changes in the geopolitical landscape have pushed the conversation to a much broader audience, but in the private sector there is some confusion about what sovereignty means in this space.”

    With the federal government preparing to pass new critical infrastructure laws which will expand security requirements to a range of new sectors, now is an important time for Australian businesses to consider their own data sovereignty.

    “It captures places like education for example, where sovereignty hasn’t really ever played into their thinking. Now around vaccines and COVID, those conversations are starting to be elevated, we’re hearing a lot more noise from those industries,” Ms Nelson said

    Dekko Secure, an Australian owned and operated technology company that provides industry-leading end-to-end encryption. This article was produced in partnership with Dekko Secure as part of the Connect with Confidence sponsored content series by Dekko Secure and InnovationAus.

    The post Data sovereignty issues are complex but critical appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Labor introduces ransomware notification bill

    Labor has called on the federal government to urgently support its legislation introducing a mandatory ransomware notification scheme which “lays the foundation” for enforcement actions against cyber attacks.

    Shadow assistant minister for cyber security Tim Watts on Monday morning introduced a private members’ bill to the House of Representatives which would launch a scheme requiring organisations to notify the Australian Cyber Security Centre (ACSC) if they are planning to make a ransomware payment.

    This information would then be used to inform Australian authorities and policymaking in the space.

    Tim Watts

    The scheme would function in a similar way to the existing mandatory data breach notification scheme, which has been in place since early 2018.

    The Coalition is already reportedly considering such a scheme, with Home Affairs secretary Mike Pezzullo saying he believes it is “likely” that it would be rolled out soon.

    Speaking in Parliament, Mr Watts said the legislation would mark a first step in government action to combat the growing threat of ransomware attacks.

    “With this bill, Labor is showing the political leadership on cyber security policy that has been missing since the election of this Prime Minister,” Mr Watts said.

    “Such a scheme would be a policy foundation for a coordinated government response to the threat of ransomware, providing actionable threat intelligence to inform law enforcement, diplomacy and offensive cyber operations. There is an urgent need for this bill. Mandatory reporting of ransomware payments is far from a silver bullet for this national security problem but it’s an important first step.”

    The Opposition said there is “no reason” for the government to not support the bill, and called on it to list it for debate “as a matter of priority” when Parliament returns in August.

    The bill would establish a mandatory reporting requirement for Commonwealth entities, state or territory agencies, and corporations or payments who are making a payment in response to a ransomware attack.

    “This will allow our signals intelligence and law enforcement agencies to collect actionable intelligence on where this money is going so they can track and target the responsible criminal groups,” Mr Watts said.

    “And it will help others in the private sector by providing de-identified actionable threat intelligence that they can use to defend their networks. Importantly, it will give us a fuller picture of ransomware attacks in Australia and the scale of the threat.”

    The legislation defines a ransomware attack as “when an unauthorised person accesses, modifies or impairs data and demands payment to repair or undo damage or prevent the publication of data”.

    Small businesses with annual turnover under $10 million will be exempt from the scheme, as would sole traders, unincorporated entities and charities.

    The entities will have to notify the ACSC of key details about the ransomware attack, the attacker and the payment to be made, including the cryptocurrency wallet details, the amount of the payment and the indicators of a compromise.

    Failure to notify the ACSC will result in a penalty under the new regime.

    The information will be held by the ACSC and shared in a de-identified way with the private sector through the threat-sharing platform, and will also be used by law enforcement and to inform policy making and track the effectiveness of policy responses.

    Mr Watts said Australia has reached a “crisis point” on ransomware attacks, pointing to several recent events, including this month against JWS meats, which eventually paid an $11 million ransom payment to the attackers.

    These ransomware attacks are an “intolerable burden on Australian organisations” and represent a “significant national security threat”, Mr Watts said.

    “The current trajectory of these attacks, and the traditional response to them – asking organisations to implement an ever-increasing uplift in cyber resilience – is inefficient and not sustainable,” he said.

    Last week the federal government launched a new public awareness campaign around the threat of ransomware, centred mostly on what companies can do to protect from these attacks and make it harder for cyber criminals.

    It is also considering implementing a mandatory reporting scheme on ransomware, according to Mr Pezzullo, as an extension to the 2020 Cyber Security Strategy.

    “I think we’re at a point, most advanced economies are at a point, where by some means, whether it’s mandatory reporting combined with other measures, that a much more active defence posturing is going to be required simply because of the prevalence of the attacks,” Mr Pezzullo said in a Senate Estimates hearing last month.

    The post Labor introduces ransomware notification bill appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Time to ‘release the hounds’ on ransomware gangs

    Labor has called on the federal government to get on the cyber offensive and “release the hounds” on global ransomware gangs following a series of high profile cyber-attacks against Australian companies and hospitals.

    Last week Australia’s largest meat processor JBS Foods was forced to shut down its local operations for a day following a ransomware attack against the global company that the US government has said originated from a Russian criminal organisation.

    Days later, the US Department of Justice confirmed that it would be upping its investigations of ransomware attacks to a similar level as terrorism.

    Speaking in Parliament last week, shadow cybersecurity minister Tim Watts said these events should be a wake-up call for the government, and reiterated his calls for a national ransomware strategy.

    “It’s a timely reminder of the economic cost of the scourge of ransomware – it’s a jobs and investment destroyer when the economy can least afford it. It also highlighted the urgent need for the Morrison government to adopt a national ransomware strategy to combat these attacks,” Mr Watts said.

    “The JBS Foods barbeque stopper should be a wake-up call for the Morrison government to finally take responsibility.”

    Tim Watts

    Mr Watts said the government should be proactive in its fight against ransomware gangs, and its spy agencies should be actively trying to disrupt these organisations.

    In Senate Estimates last week it was revealed that the Australian Signals Directorate (ASD) did not take any offensive operations against those responsible for the cyber-attack on Nine, despite appearing to know who was behind it.

    “As part of a national ransomware strategy, the Morrison government needs to get serious about using its signals capability to disrupt cybercriminals and deter attacks on Australian targets,” he said.

    “To date, these ransomware crews have been able to target Australian organisations with impunity. No wonder we’ve seen these attacks increasing in their scale and frequency. In general, the position of the Morrison government is not to tell us or the cybercriminals targeting Australia what they are doing to disrupt them. A secret deterrent is no deterrent at all.”

    The ASD should create a “target list” of the top 10 ransomware groups targeting Australia and ramp up efforts to disrupt their operations, he said.

    “The scourge of ransomware has become an intolerable burden on our nation – a $1 billion annual burden, collectively. It’s time that we said enough is enough. It’s time to release the hounds on these ransomware crews,” Mr Watts said.

    “Ransomware groups should fear the consequences of being added to ASD’s targeting list. We need to end the age of impunity for ransomware attacks and teach these ransomware groups that there are consequences for targeting Australian organisations with ransomware attacks and that these attacks are not worth the potential benefits.

    “The Morrison government has left Australian governments, businesses and community groups to combat these international ransomware groups for too long,” Mr Watts said.

    “It’s time it took responsibility, did its job and developed a national ransomware strategy. These groups are the modern day pirates, and it’s time we treated them that way.”

    Mr Watts also recently called for the government to implement a mandatory ransomware notification scheme, with businesses or individuals to report details of an attack to government agencies. At Senate Estimates last month, Home Affairs secretary Mike Pezzullo confirmed it was “likely” that such a scheme would be introduced.

    The post Time to ‘release the hounds’ on ransomware gangs appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • 30 NGOs call on Google to drop plan for a Cloud region in Saudi Arabia

    Groups call on Google to drop out of Saudi project over human rights concerns

    © Getty Images

    The Hill of 26 May 2021 reports that a coalition of more than 30 human rights and digital privacy rights groups called on Google to abandon its plans to establish a Google Cloud region in Saudi Arabia over concerns about human rights violations.

    The groups, which include Amnesty International, Human Rights Watch and PEN America, wrote in their letter that Saudi Arabia’s record of tamping down on public dissent and its justice system that “flagrantly violates due process” made it unsafe for Google to set up a “cloud region” in the kingdom.

    While Google publishes how it handles government requests for customer information and reports when requests are made through formal channels, there are numerous potential human rights risks of establishing a Google Cloud region in Saudi Arabia that include violations of the rights to privacy, freedom of expression and association, non-discrimination, and due process,” the groups said. See also: https://humanrightsdefenders.blog/2019/03/08/saudi-arabia-for-first-time-openly-criticized-in-un-human-rights-council/

    The letter also pointed to Saudi authorities who have routinely sought to identify anonymous online dissenters and spy on Saudi citizens through digital surveillance. The groups also pointed to how they themselves are believed to have been put under surveillance by the Saudi government.

    “Google has a responsibility to respect human rights, regardless of any state’s willingness to fulfill its own human rights obligations,” the letter continued, pointing to Google’s statement in which it expressed its commitment to human rights and to “improve the lives of as many people as possible.”

    In order to address these concerns, the groups called on Google to conduct a “robust, thorough human rights due diligence process” and to “draw red lines around what types of government requests concerning Cloud regions it will not comply with” due to human rights concerns.

    “The Saudi government has demonstrated time and again a flagrant disregard for human rights, both through its own direct actions against human rights defenders and its spying on corporate digital platforms to do the same,” the letter read. “We fear that in partnering with the Saudi government, Google will become complicit in future human rights violations affecting people in Saudi Arabia and the Middle East region.”

    https://thehill.com/policy/technology/555597-groups-call-on-google-to-drop-out-of-saudi-project-over-human-rights

    This post was originally published on Hans Thoolen on Human Rights Defenders and their awards.

  • China, Singapore line up for dumped CSIRO seL4 team

    The world-leading Australian research team dumped by the CSIRO’s Data61 last week is in the acquisition sights of a large Chinese company and the Singapore Government’s R&D agency.

    The two potential buyers have moved quickly to register their interest in acquiring the Trusted Systems team responsible for the extremely hard to hack seL4 microkernel.

    NASDAQ-listed Chinese electric vehicle manufacturer Li Auto and Singapore’s research and science agency A*STAR are both understood to have expressed interest in buying the Trusted Systems team, which had been supported by the CSIRO for more than a decade.

    The science agency’s digital arm Data61 last week revealed it will stop funding the world-renowned Trusted Systems team, because it no longer fits the CSIRO’s strategy, which is increasingly focused on artificial intelligence.

    cybersecurity electronics
    World-class: Buyers from China and Singapore want to buy a CSIRO seL4 security team dumped by the agency

    Some Trusted Systems team members will be moved to AI projects while others are expected to lose their jobs in a broader restructure of Data61 that will see 70 positions lost.

    It is unclear how CSIRO will deliver its outstanding commercial contracts that rely on seL4 knowledge.

    The agency said it will work to smooth the transition but did not respond to requests for comment on the potential Trusted Systems buyers.

    “CSIRO will work to minimise any impacts on partners or stakeholders as we implement the changes,” a spokesperson for the CSIRO told InnovationAus.

    The seL4 microkernel claims to be the world’s most highly assured operating system kernel. It works by creating an ironclad separation between software systems to prevent unauthorised access.

    Work will continue on the open source seL4 through an independent foundation set up last year, but the group needs secure base funding to operate and support the seL4 technology.

    But two potential overseas buyers have already emerged. According to people involved in the project, Li Auto, a Chinese electric vehicle manufacturer and Singapore’s research and science agency A*STAR have expressed interest in acquiring the Trusted Systems team.

    The Chinese manufacturer is believed to be interested in taking over the entire Trusted Systems team and setting up a research and development lab in Australia. The A*STAR offer is less certain but it is likely the agency would want to onshore the talent to Singapore.

    A*STAR and the CSIRO already worked together, including a $2.2m joint program on food health and safety program, and a 2019 collaboration on machine learning.

    In disbanding the Trusted Systems team last week, the CSIRO said seL4 was now a mature technology that is “well supported” outside the organisation.

    But Trusted Systems team members, including UNSW Scientia Professor Dr Gernot Heiser, said they were disappointed support had been pulled from the world leading security team.

    “Here is an absolutely recognised world class, world leading asset that’s unique in its composition and its track record and ability to do outstanding research, that’s being abandoned and destroyed,” Dr Heiser told InnovationAus on Friday.

    The post China, Singapore line up for dumped CSIRO seL4 team appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • NSW launches cyber strategy to fill industry gaps

    One year after the flagship NSW Government delivery site at Service NSW was breached, the state has unveiled a cybersecurity strategy that puts industry development and capability-building in cyber at the centre of government tech policy.

    The sector-wide cybersecurity strategy is an acknowledgment of the importance of bringing together industry policy in relation to cyber with government resilience in relation to cyber.

    The thinking is that a focus on building a strong local cyber industry inevitably leads to improved cyber skills, cyber capability and ultimately the resiliency of cyber infrastructure – including in government.

    The strategy is focused on four key commitment including improved state government cyber resilience, industry assistance to help NSW cyber businesses to grow, uplifting the cyber security workforce and skills, and supporting cyber research and innovation.

    Sydney traffic busy lights
    Bright lights, cyber city: NSW has unveiled an industry-centric cyber strategy

    NSW Digital Minister Victor Dominello claimed NSW was already leading the nation in the cybersecurity sector. Improving cyber resilience across the economy required the involvement of all sectors – citizens, businesses, government, and researchers. But government needed to lead.

    “Increasing overall cybersecurity resilience is about ensuring the safety and security of citizens and communities online. Government is absolutely pivotal to this as part of its overall responsibility to protect its citizens,” Mr Dominello said.

    “In a post COVID-19 environment, we need to adapt our way of living and working to embrace the digital future,” he said.

    “Our post COVID-19 ‘new normal’ will bring incredible opportunities as we adapt to greater reliance on connectivity, remote working and importance of data.

    “It is important that the NSW Government maximizes the state’s existing capabilities and develops the local cybersecurity industry into a globally competitive, innovative ecosystem that drives economic growth.”

    The NSW government has spent the last year working through its cybersecurity structures following a breach at Service NSW.

    A parliamentary inquiry into the breach released earlier this year recommended an overhaul of cyber practices – including the strengthening of the mandate and resources of Cybersecurity NSW, and moving the agency from the Department of Customer Service to Premier and Cabinet.

    NSW is also set to become the first Australian state or territory to introduce a mandatory data breach notification scheme, following a serious cyber incident last year.

    But it is the recognition of the direct link between the strength of the local cyber industry and overall cyber resilience across the economy – including government – that is most interesting about this strategy. And the industry development initiatives recognise that link.

    NSW Jobs and Investment Minister Stuart Ayres said the state would partner with the cyber sector to grow the local industry, leverage academic strengths, and to drive international competitiveness.

    “Under this strategy, Investment NSW will establish a NSW Cyber Hub, delivering a range of initiatives to accelerate the growth of NSW cyber businesses, maintain and attract the right talent to create the fluid, dynamic workforce needed to address skills gaps,” Mr Ayres said.

    “NSW already has an incredible depth of talent however we need to continue to foster, cultivate and grow this pipeline to ensure our industry thrives. This strategy builds on our strengths whilst seeking to grow new ones and will help the NSW digital economy thrive.”

    “The export opportunities for cybersecurity industry is enormous. From Bondi to Broken Hill, cybersecurity businesses can export to any location around the world from any city or town in NSW.”

    The public consultation and industry engagement finished in late 2020. The new strategy replaces the existing NSW Cyber Security Strategy and the NSW Cyber Industry Development Strategy, combining both into one overarching cyber security strategy.

    The post NSW launches cyber strategy to fill industry gaps appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Ransomware and phishing drive data breach spike

    Phishing and ransomware attacks spiked in the last year leading to a growing number of data breaches, according to analysis of more than 29,000 security incidents.

    Australian governments and businesses were among 83 organisations to contribute to Verizon’s latest Data Breach Investigations Report, now in its 14th iteration.

    The latest report found 5,258 of the incidents analysed, or around 18 per cent, resulted in a confirmed data breach.

    The analysis found a human element is present in almost every breach, and most involve users’ credentials. Financial services and health organisations were heavily targeted, in line with incidents reported to Australia’s mandatory notifiable data breach scheme last year.

    Phishing was present in 36 per cent of the breaches analysed by Verizon, up from 25 per cent last year. The presence of ransomware in breaches also doubled in the last year, and is now used in one in ten data breaches, according to the report.

    Phishing and ransomware are leading to more data breaches, according to new analysis.

    More than 1,000 data breaches were reported to Australia’s Privacy Commissioner last year, as part  of a mandatory reporting scheme for large companies and government agencies.

    In 2020, the government unveiled a $1.7 billion cybersecurity strategy that focuses on protecting essential infrastructure from cyber-attacks, improving the resilience of businesses and uplifting community awareness of cybersecurity.

    However, the policy has been criticised by the Opposition for not addressing ransomware, and a dedicated strategy for the growing threat is yet to be developed in Australia.

    The Verizon report breaks down global regions, showing many APAC breaches were caused by Financially motivated attackers phishing employees for credentials, and then using those stolen creds to gain access to mail accounts and web application servers.

    Lead author of the Verizon report, Alex Pinto, said sweeping and revolutionary solutions for data breaches aren’t realistic and mitigation must be straightforward.

    “The truth is that, whilst organisations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them.”

    Verizon Business chief executive officer Tami Erwin said the COVID-19 pandemic had a “profound” on the security challenges organisations are facing, and cloud technologies are creating new risks.

    “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures,” she said.

    The post Ransomware and phishing drive data breach spike appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Cybersecurity now the number one business risk

    Cyber risk, the likelihood of data loss or business disruption resulting from a cyber-attack, is now seen by Australian organisations as one of the biggest risks they face, according to Alastair MacGibbon, chief strategy officer at CyberCX and former head of the Australian Cyber Security Centre.

    “Cybersecurity is now number one or two on any organisation’s risk register – public or private,” Mr MacGibbon said.

    The increased awareness of the danger that cyber threats pose to their operations is leading to a shift in responsibility for cybersecurity from IT departments to other parts of organisations, according to privileged access management specialists CyberArk’s senior vice-president for identity security, Barak Feldman.

    CyberArk
    Clockwise from top left: Thomas Fikentscher, James Riley, Alastair MacGibbon, and Barack Feldman

    Goodbye CISO, hello BISO

    Mr Feldman suggested a new role was emerging, that of business information security officer.

    “We believe that security means taking more responsibility for the risk to the organisation, educating internally on awareness and how to prepare for a situation, and how to respond to it,” he said.

    “Not just responding technically, but even how to respond to the media and different elements of a security attack.”

    Mr MacGibbon said the increased focus on cybersecurity at board level had been rapid, with boards now showing a much more mature understanding of and response to cyber risk. Using traditional business risk language has helped boards to understand the impact of a cyber threat.

    “Now most boards understand that what they’re dealing with is the concept of ‘cyber risk management’ and how resilient they are to cyber events,” Mr MacGibbon said.

    “They recognise those events are likely to occur, an Assumed Breach Mindset, and it’s a more mature conversation than we were having at the launch of Australia’s first National Cybersecurity Strategy in April 2016.”

    The increasing integration of operational technology with IT was also a factor in shifting responsibility for cybersecurity.

    “We’re seeing a huge trend on the operational technologies side –manufacturing plants can work faster with more data analytics with remote access,” said Mr Feldman.

    “I don’t need to go to the plant anymore, I can control it remotely and collect data on how fast I’m manufacturing my product, and so on. So that means the ownership is starting to be delegated into the business owners.”

    Mr MacGibbon agreed, but suggested this was not a popular view. “I don’t believe chief security officers in organisation should report into an IT function because I don’t think that creates the right balance to have a proper risk discussion.”

    Both cybersecurity experts were joined by CyberArk’s ANZ Regional Director Thomas Fikentscher for the final Security in Transformation episode of the Bridging the Cyber Divide podcast series.

    Leaders and laggards

    Mr Fikentscher suggested that this trend has still yet to make an impact in many traditional sectors, and that their tardiness was increasing the risk for the more advanced organisations that are become connected in order to leverage benefits.

    “Some of the industries that have been in this space for a longer period of time, like the banking industry, have their house in order,” he said.

    “But, they are concerned about business connectivity, the wider ecosystem and how they secure that ecosystem as they open up their systems to accelerate digital transformation. For example, to allow people to have a view into the last 10 years of claims management.

    “Then you go to other industries, which might fall under the new Critical Infrastructure Bill [the Security Legislation Amendment (Critical Infrastructure) Bill 2020, which will increase the scope of what is deemed to be critical infrastructure] like the food industry or the transport industry,” Mr Fikentscher said.

    “Cyber risk management is something that is very new to them, and they need to start from the beginning and create a philosophy of how they attack that particular problem.”

    It’s an ill wind…

    And, unfortunate as the increase in cyberthreats is, Mr Fikentscher said it was having a positive impact by pushing many organisations to elevate cybersecurity to board level. “There are more cyber incidents, and that’s painful, but at the same time it wakes people up and focusses their minds on a very important element of their business.

    “And, that’s not just happening in IT, it is reverberating through the business functions into the boardroom, and all of a sudden, people are starting to get things done.”

    The Bridging the Cyber Divide series is produced as a partnership between InnovationAus and CyberArk.

     

    The post Cybersecurity now the number one business risk appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Expert cyber cohort call out on ransomware

    Aggressive nationally and internationally coordinated strategies are needed to tackle the growing threat of ransomware, according to an expert taskforce that included the US, UK and Canadian government cyber agencies.

    Australia was not part of the taskforce and the federal government is yet to develop a national ransomware strategy, leading to calls from Labor that Australia is being left behind.

    A coalition of global experts assembled by business group, the Institute for Security and Technology (IST), on Thursday released a strategic framework for combatting ransomware, which has quickly grown into a “serious national security threat and a public health and safety concern”.

    “This global challenge demands an ‘all hands on deck’ approach, with support from the highest levels of government,” the IST report said.

    hacker
    A coordinated international response is needed to the growing threat of ransomware.

    The framework calls for coordinated global action to deter and disrupt ransomware attacks, and help organisations prepare for attacks and respond to them. According to the report, ransomware victims paid attackers more than US$350 million last year, more than triple the amount in 2019, and the average downtime from an attack was three weeks.

    “The immediate physical and business risks posed by ransomware are compounded by the broader societal impact of the billions of dollars steered into criminal enterprises, funds that may be used for the proliferation of weapons of mass destruction, human trafficking, and other virulent global criminal activity,” the IST report said.

    The number one goal of the framework proposed by the group is to deter ransomware attacks through a “nationally and internationally coordinated, comprehensive strategy” which would be led by the US.

    Labor has welcomed the report but says it highlights Australia’s increasingly isolated position of not prioritising the threat of ransomware at a national level.

    The Australian Cyber Security Centre has said that ransomware is the “highest threat” facing Australian businesses and governments in the cyber domain. But the government’s 2020 national cybersecurity strategy mentions it only twice; once in quoting a submission to the report and once advising where victims can report it.

    In March, a government advisory group released a report on ransomware urging businesses to implement basic cyber security. But it did not include any recommendations for government or any calls for new policies.

    Earlier this month, Australia signed a new communiqué with Five Eyes partners which included a commitment to share lessons on ransomware and, where possible, align national policies, public messaging and industry engagement.

    The Opposition released its own ransomware discussion paper in February and called for a dedicated national strategy.

    In response to the IST report, shadow minister for Home Affairs Kristina Keneally and shadow assistant minister for cybersecurity Tim Watts said the government is being left behind on ransomware.

    “While our major security partners are recognising the need for a plan to tackle this billion-dollar scourge plaguing business, we have yet to hear the Morrison Government’s strategy to address this critical threat to Australia’s economy and society,” a joint statement said.

    “Just in the last week we’ve seen ransomware attacks on two Brisbane hospitals and a Geelong secondary school. This followed the major ransomware attack on the Nine Network last month.”

    The IST’s ransomware taskforce included cyber industry leaders, academics, and representatives from the UK National Crime Agency, US Cybersecurity and Infrastructure Security Agency, US Federal Bureau of Investigation, U.S. Secret Service and the Royal Canadian Mounted Police’s National Cybercrime Coordination Unit.

    The post Expert cyber cohort call out on ransomware appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Govt gives IT resellers $7M for SME cyber support

    A cohort of “trusted” companies will share in $6.9 million in federal government grants to support SME cyber awareness and resilience, with nearly 40 per cent of the money going to channel partners.

    Charities, a university and the peak caravanning group also received funding to help SMEs build cyber awareness and “promote action”.

    But more than $2.7 million of the grants will go to IT Connexion, Loyal IT Solutions, CyberCX, Real World Technology Solutions, First Focus IT and Concept Data, to develop various cyber awareness and support training initiatives.

    Two of the biggest grants went to cyber services providers CyberCX and Real World Technology Solutions, which each received the maximum $750,000 on offer.

    city data
    The government has provided $6.9 million in grants to support SMEs cyber awareness and reillience.

    CyberCX is the private sector venture of former head of the Australian Cyber Security Centre and Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon. It has received funding for a ‘Cyber123 for SME’ program.

    Real World Technology Solutions is an IT services provider for SMEs and not-for-profits. Its grant will be used to support cyber security resilience within small-to-medium, charity & indigenous businesses.

    Business support charity the Murray Hume Business Enterprise Centre also received the maximum $750,000, while the Queensland Chamber Of Commerce And Industry received $738,500 for its cyber security accreditation program.

    The grants are part of the Cyber Security Business Connect and Protect Program, which provides funding to trusted organisations that give business advice to SMEs to raise their cyber risk awareness, promote action to address the risks, and support SME uplift to best cyber practices.

    Applications closed in November last year with successful applicants revealed last week and announced Tuesday by the government.

    “SMEs make up 99 per cent of all Australian businesses and employ about half our workforce, so it is essential to our economy and national security that SMEs continue to expand and improve their digital capabilities in a secure way,” Industry Minister Christian Porter said.

    “The assistance provided through this grant program will support businesses in recognising cyber risks and opportunities, particularly in the wake of the strong digital uptake during the COVID-19 pandemic.”

    Business support groups and consultants in the Hunter Region, Wodonga, Brisbane and Darwin will also get funding.

    The Western Sydney University will receive $754,920 to develop its Oz Cybersecurity Aid Centre and online call line in conjunction four New South Wales cybersecurity companies.

    Caravan Industry Association Of Australia received $364,500 for cyber awareness training in Australia’s caravan and camping industry.

    The 14 successful applicants and their funding are:

    • IT Connexion – $250,000 for Cyber Security Awareness Training
    • Loyal I.T. Solutions – $456,258 for Cyber Secure Central Coast!
    • CyberCX – $750,000 for Cyber123 for SME
    • Real World Technology Solutions – $750,000 for Cyber Security resilience within SMB, Charity & Indigenous Businesses
    • First Focus IT – $339,780 to Develop & deliver a cyber security education package for SME C-suite
    • Concept Data – $188,721 for a South Australian Business Cyber Security Advisory Service
    • Murray Hume Business Enterprise Centre Limited – $750,000 for a Business Enterprise Cyber Secure initiative.
    • Hunter Business Centre – $349,40 for a Cyber Security Culture Program for Regional SMEs
    • Queensland Chamber Of Commerce And Industry – $738,500 for a Cyber Security Accreditation Program
    • Business Enterprise Centre (Darwin Region) – $219,596 for its CyberSafe program
    • Belmont Business Enterprise Centre – $274,900 for cyber security training and mentoring
    • The Project Lab – $641,434.00 for CyberUP for SMEs
    • Western Sydney University – $745,920 for its Oz Cybersecurity Aid Centre
    • Caravan Industry Association Of Australia – $364,500 for cyber awareness training in the camping and caravan industry

    The post Govt gives IT resellers $7M for SME cyber support appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • What the EH Holden can teach us about cybersecurity

    The World Economic Forum recently pointed out that cyberattacks rank first among global human-caused risks and this year, it’s expected cybercrime will cost the world US $11.4 million each minute. Let that sink in for one moment.

    It’s no wonder cybersecurity has emerged as one of the hottest topics for Australian boardrooms – especially in the context of accelerated digitisation and prolific cybercriminal activity driven by Covid-19.

    At the same time, geo-political pressures on Australia to adopt internationally recognised cybersecurity standards and build safer critical infrastructure are growing.

    An increase in cybersecurity is needed. Yet, no matter what we do, the stats keep showing more successful attacks, more data breaches, and more system compromises.

    roads interchange connections
    Road to nowhere: What the big selling EH Holden can tell us about cybersecurity

    What are we missing?

    To quote the immortal words of Albert Einstein, “the definition of insanity is doing the same thing over and over again and expecting different results.”

    For years we’ve been adding more security layers on top of each other, and on top of systems not organically designed to be secure, in the hope that one day we’ll reduce our vulnerabilities. Yet, the issue gets bigger each day.

    Those security layers, while needed, only help us keep up with the rising complexity of the threat landscape, not get on top – or ahead – of it.

    Something else needs to be done to drive a different outcome. It won’t happen overnight, but it is critical we change what we’re doing, as well as our overall cybersecurity thinking.

    Are we repeating the same mistakes over again?

    As a nation we understand the importance of ramping up cybersecurity however, on the whole, we still have a relatively passive posture towards it.

    What we’ve done so far is much like car safety before the 1970s; investing resources in making driving safer by insisting people pass driving tests, fining drivers for bad behaviour, while also adding road speed limits, stop signs, and traffic lights.

    When it comes to cyber, we’ve continuously focused on user awareness, user access control, traffic monitoring, protecting endpoint devices, data networks and computing infrastructure.

    While those have their place, just like driver training and licensing plays a role in road safety today, they do not shift the cyber-incident needle materially. Governments, organisations and people are still having more fatal accidents – in a cyber sense.

    In the same way car safety needed to go deeper in the 60s, so too does our cybersecurity approach.

    Embedded safety learnings from the EH Holden days

    Auto industry lessons from the past may teach us how to fundamentally improve safety and remove the roadblocks from our current ineffective cybersecurity approach.

    Prior to the 1970s, there was a direct correlation between the number of cars registered and the number of road fatalities. This was despite safety features being available on many vehicles as premium options, mandatory licensing of drivers, and investment in better road signage and infrastructure, which is very similar to what we’re seeing in cybersecurity today.

    Then something changed. Car ownership exploded in Australia – a large part of it driven by the EH Holden which would become one of the most successful cars Holden ever built – very much like today’s accelerated digitisation of our economy.

    In just a few years every family owned a car (Holden produced more than 256,959 EH models in 18 months), the road toll proportionally rose, and it became apparent a change was needed to improve auto safety.

    It took years, but government and manufacturers finally realised that safety needed to be embedded into every car if they were to reduce the community cost and reputational damage of car related deaths.

    From the late 1960s until today, we’ve seen both the legislative and industrial embedding of safety features into the vehicles themselves.

    Starting with mandates on the likes of seat belts, collapsible steering columns, and airbags, to later manufacturers proactively embedding advanced safety features such as ESC, adaptive cruise control, and anti-collision systems (manufacturers came to realise it was good for business).

    This took safety out of the hands of the drivers and road conditions.

    Embedded security lessons for cyber

    We need a new approach that doesn’t expect every person who attends cybersecurity awareness training to be the cybersecurity equivalent of Lewis Hamilton.

    Often when it comes to digital systems, it’s the data itself we are trying to protect from accidental or deliberate damage to its confidentiality, integrity or availability.

    Some data-dependent organisations today – very (very) few though – have recognised the need for embedding security and have invested in digital systems that are fundamentally different in their approach. These systems codify security using data encryption, anonymisation, and access controls. They no longer rely solely on user behaviour or computing infrastructure.

    If we want to protect our digital economy we need to stop thinking of cybersecurity as a user problem, or as something that can be fixed through infrastructure. We need to start embedding it in digital business processes and systems.

    Just like the EH Holden had the potential to be much safer, all the tools for embedding safety into digital systems and data platform already exist – the missing piece is the realisation and will by industry and government to re-think, re-frame our cybersecurity strategy: it’s time to embed, not add on.

    Brian Grant is ANZ Director for Digital Security at Thales

    The post What the EH Holden can teach us about cybersecurity appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • DFAT cyber engagement strategy launched

    Australia has pledged $37.5 million to its regional neighbours to sure up their cyber defences and will seek to establish a new global agreement on responsible cyber behaviour, as part of a new international engagement strategy launched Wednesday by the government.

    Labor has criticised the plan for being months behind schedule, failing to support local institutions, and lacking “real action”.

    Developed by DFAT last year but only launched on Wednesday due to Foreign Affairs Minister Marise Payne’s “scheduling” issues, the International Cyber and Critical Technology Engagement Strategy outlines Australia’s plans to use cyber and critical technology in a “more dynamic and contested regional environment”.

    Marise Payne has launched Australia’s  International Cyber and Critical Technology Engagement Strategy, originally scheduled to be released last year.

    The original 2017 cyber engagement strategy has been expanded to include “critical technologies”, defined as technologies that have the capacity to significantly enhance or threaten national interests. They include things like AI, 5G IoT, quantum computing and synthetic biology as well as cyber security, according to the strategy.

    “Countries and companies at the cutting edge of innovation in these critical technologies often promote values that are at odds with our own,” Minister Payne writes in the new document’s forward.

    The three pillars of the strategy are values, security, and prosperity. Australia will pursue, support, and oppose efforts to undermine them, according to the plan.

    The strategy will be used to guide Australia’s international engagement “across cyber and critical technology issues” in the hopes of leveraging technological innovation while avoiding the risks it creates.

    As part of the strategy, the government announced a package of measures to support regional neighbours to build and maintain their own cyber resilience.

    Australia will co-sponsor a proposal to establish a new United Nations Program of Action for Responsible State Behaviour in Cyberspace. All UN members already agree the Charter of the UN in its entirety is applicable in cyberspace, but the Australian government will push for a new dedicated cyber behaviour program.

    Australia’s flagship Cyber Cooperation Program, established in 2016 to support the cyber resilience of countries in Southeast Asia and Pacific, has also been rebranded Cyber and Critical Tech Cooperation Program and will receive an “additional $20.5 million” in funding.

    But the program will drop pacific nations, which will now receive cyber support separately, including $17 million announced Wednesday to strengthen their capabilities and resilience.

    The government said it will also support partnerships between Australian and Indian universities through an Australia-India Cyber and Critical Technology Partnership program.

    “The Strategy’s aims, to strengthen national security, protect our democracy and sovereignty, promote economic growth, and pursue international peace and stability, are founded in Australia’s national interests,” Foreign Affairs Minister Marise Payne said in a statement.

    The Opposition have questioned the plan, however, saying it fails to support Australian institutions or show “real leadership”.

    A joint statement from Shadow Minister for Foreign Affairs Penny Wong and Shadow Assistant Minister for Cybersecurity Tim Watts said, “Many of Australia’s most significant social and economic opportunities, as well as geostrategic and security challenges, are currently unfolding through the prism of cyber and critical technologies.

    “Yet Australian industries and institutions have been left to go it alone. The strategy does not propose any new actions by the Morrison Government to tackle the billion-dollar wave of ransomware attacks Australian business are facing from international cybercrime groups.”

    Mr Watts last month told Parliament a lack of leadership on cybersecurity from the Morrison Government, including declining to attribute or seriously address major attacks publicly was putting Australians at risk.

    Labor has also released its own ransomware strategy which includes calls for diplomatic cooperation on practical measures to address global cybercrime. The party also wants democratic institutions considered critical infrastructure.

    In the joint statement, Mr Watts and Ms Wong said the latest engagement strategy represented more risky rhetoric and lacked practical measures.

    “In her speech launching the strategy, the Foreign Minister referenced cyber-attacks on the Australian Parliament and political parties, declaring that ‘attacks on democracy cannot go unchallenged’.

    “But the Morrison Government has never taken any action to challenge those responsible for the 2019 cyber-attacks on the Australian Parliament, nor has it publicly attributed responsibility — despite all its tough talk.”

    The post DFAT cyber engagement strategy launched appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Australia blames Russia for SolarWinds attack

    Australia has officially attributed the SolarWinds cyber attack to Russia and has committed to helping the US in holding the nation “to account” for the incident.

    Overnight US President Joe Biden signed an Executive Order declaring a national emergency to deal with the threat of Russia’s foreign interference, including “malicious cyber-enabled activities”.

    In a joint statement released late Thursday, Foreign Affairs Minister Marise Payne, Defence Minister Peter Dutton and Home Affairs Minister Karen Andrews condemned Moscow for a “harmful cyber campaign” against US firm SolarWinds.

    “Over the past 12 months, Australia has witnessed Russia use malicious activity to undermine international stability, security and public safety. Australia condemns such behaviour,” the Ministers said.

    “Russia’s campaign has affected thousands of computer systems worldwide. Australia acknowledges the high costs borne by the US private sector.”

    Marise Payne joined the Defence and Home Affairs Ministers in attributing the SolarWinds attack to Russia. Image: Ron Przysucha/United States Department of State.

    SolarWinds is a major IT firm that provides software to large companies and governments. A massive cybersecurity attack on the company spread to its clients last year and is believed to have exposed sensitive information held by the US government, including data of the US military and White House.

    Hackers from Russia were suspected almost immediately when the attack was first reported by Reuters in December last year. US security agencies first accused the Russian government of orchestrating the SolarWinds attack in January.

    But the attack was not officially attributed to the state actor until Thursday in a joint advisory from US intelligence firms that named Russian Foreign Intelligence Service actors APT29, Cozy Bear, and The Dukes as being supported by the Kremlin.

    US President Joe Biden also signed an Executive Order on Thursday condemning the Russian government’s foreign interference, including meddling in US elections and the facilitation of “malicious cyber-enabled activities against the United States and its allies and partners”.

    President Biden’s order includes a host of sanctions against Russia, escalating tensions between the superpowers.

    “The United States is not ready to come to terms with the objective reality that there is a multipolar world that excludes American hegemony,” a Russian government spokeswoman said.

    “We have repeatedly warned the United States about the consequences of its hostile steps, which dangerously increase the degree of confrontation between our countries.

    “A response to sanctions is inevitable.”

    The Australian government joined international partners in supporting the US to combat the SolarWinds incident in its joint statement on attack.

    “Australia welcomes private sector and government responders’ efforts around the world to expose and mitigate this threat and uphold the international norms of responsible behaviour in cyberspace,” the statement said.

    The post Australia blames Russia for SolarWinds attack appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Funding-starved National Archives struggles with cyber resilience

    The National Archives of Australia is struggling to maintain cyber resilience as the agency battles budget and staff cuts that are also putting important records at risk and slowing the work of researchers.

    But the government has rejected the idea the agency is under resourced, as it mulls major reforms recommend in a damming internal review of the National Archives handed to it more than a year ago.

    Significant vulnerabilities were identified by the ANAO in its 2018 review of the National Archives’ cyber resilience, which triggered the development of a cyber resilience framework and supporting plan.

    A subsequent, wider review of the agency in 2020 found implementation of the cyber strategy had been slowed by “funding pressures” and more resources were needed.

    The National Archives has warned it is struggling with cyber resilience

    The National Archives has lost between five and nine million dollars in funding each year for the last five years through government savings measures and increases to “efficiency dividends”.

    During Senate Estimates on Wednesday, National Archives director-general David Fricker answered questions about the review, which the government is yet to respond to despite receiving it more than a year ago.

    Mr Fricker confirmed  the agency was struggling with resourcing pressures which forced two rounds of redundancies since 2014 and limited upgrades of technology.

    The pressures are manifesting in three immediate areas of concern, according to the Archives director general.

    “The [three] areas where we are feeling the most pressure at the moment are maintaining our cyber resilience – so investments in our cyber security capability – [and] the preservation of records at risk … and keeping up with the demand for declassification of records,” Mr Fricker said.

    Mr Fricker explained there are many unique records at risk because of the format they are stored on. He said the agency needs to invest tens of millions of dollars more in technology and staffing to safely migrate and protect the records, which include indigenous cultural artefacts.

    Losing the records would constitute a breach of the Archives Act, a key concern raised by the internal review.

    Mr Fricker said resourcing pressures were also contributing to delays in assessing and releasing archives to researchers with a backlog now sitting at more than 20,000 applications.

    Despite the evidence presented, Assistant Minister to the Attorney-General Amanda Stoker rejected questions from Labor Senator Raff Ciccone about resourcing pressures compromising the National Archives, which is mandated to preserve records.

    “I don’t accept that they are in breach of the [Archives] Act. If there is evidence of that I will be interested in it. But I don’t accept the premise that the Archives are being starved [of funding],” Senator Stoker said.

    “They receive a considerable amount of resources annually for their important work.”

    Senator Stoker said the delay on a government response to the 2020 review was due to the significant changes it proposes for the National Archives. She said implementing “some version” of the recommendations would cost more than $200 million.

    She declined to set a date for the government’s response but said it can be expected by the end of the year.

    The post Funding-starved National Archives struggles with cyber resilience appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Govt signs Five Eyes ransomware pledge

    In anticipation of international borders reopening , Australia has recommitted to collaborating with its Five Eyes counterparts on migration, foreign interference, child exploitation and cybercrime – including the growing threat of ransomware which received a new dedicated agreement.

    In one of her first major moves as Home Affairs Minister, Karen Andrew’s met virtually with her Ministerial counterparts from the US, UK, New Zealand and Canada last week.

    “Cooperation with our trusted partners is critical to keeping Australians safe, particularly in the face of the ongoing COVID-19 pandemic,” Mrs Andrews said in a statement on Friday.

    “By working together and leveraging our collective knowledge and experiences we can better respond to threats here at home.”

    Karen Andrews
    Karen Andrews and Five Eyes countries pledge to work together on global challenges.

    The countries signed a new communiqué which includes commitments to share best practices on “innovative and effective border and migration measures” in response to the pandemic, countering foreign interference in academia and research and development, a global approach to combatting cybercrime and ransomware, and a feasibility study on a shared dataset for law enforcement agencies combatting child exploitation.

    “The whole world is eager to open up again, but it’s essential that we do it in a way that’s safe and sustainable,” Mrs Andrews said.

    “The development of international standards and best practice will be critical to ensure the resumption of large-scale international travel in the future.”

    A dedicated statement was issued for how the countries expect to tackle the growing threat of ransomware which was noted as a criminal threat but also a risk to national security, critical infrastructure and governments.

    Five Eyes countries committed to sharing lessons on ransomware and, where possible, aligning national policies, public messaging and industry engagement.

    The group also pledged to address the “underlying factors” of the issue, including reducing the public’s exposure to ransomware.

    Australia has identified the threat of ransomware most recently in a government advisory group report which urges Australian businesses to implement basic cybersecurity practices but includes no recommendations for governments or policies.

    The Opposition criticised the report and released its own paper calling for the government to develop a National Ransomware Strategy and take actions to reduce the attractiveness of Australian businesses for hackers.

    The final commitment in the Five Eyes agreement is to continue the global fight against child exploitation and abuse. The pandemic and new technologies are compounding the problem, the group said in the agreement which includes committing to a new feasibility study on a “specific combined dataset for use by our law enforcement agencies”.

    Five Eyes countries are also asking for more from the tech companies which provide the digital services perpetrators routinely exploit. While the agreement supports “strong encryption” and a collaborative approach between government and industry, Australia’s representative attacked social media companies and their encrypted services.

    “We all have a role to play in tackling this horrific behaviour, including technology companies who are neglecting their social responsibility to protect children online. Their use of end-to-end encryption is putting children’s safety at risk and precludes lawful access to data,” Ms Andrews said in her statement.

    “Our Government will continue to work with our trusted partners to pressure technology companies to address public safety challenges by building their systems and platforms with safety front of mind.”

    The post Govt signs Five Eyes ransomware pledge appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Procurement policy holds cyber startups back

    Australia’s cybersecurity startups have matured to a point where many have global potential. But a lack of support from the federal government in both policy and procurement is holding the sector back, according to a Melbourne cyber accelerator.

    CyRise chief executive Scott Handsaker says beyond the government’s AustCyber growth centre there is little in the way of support for early stage cyber companies.

    “Outside of that [AustCyber], the strategy from the Australian Government in not really focused on entrepreneurship,” Mr Handsaker told InnovationAus.

    “They don’t really see it as critical, which I think is wrong.”

    Cyber security industry policy
    Government procurement policy is getting in the way of startup growth

    The Australian government’s $1.7 billion cybersecurity strategy unveiled last year has been criticised for its lack of support for local industry.

    The vast majority of funding for the strategy had already been announced and is re-appropriated from the Defence budget. It provides little attention to the local cyber sector including no incentives for startups and tech companies.

    Experts have also pushed for a less fragmented approach to Australia’s cyber policies that sees cybersecurity as a national interest rather than a national security issue.

    CyRise was founded in 2017 through a partnership between Deakin University and global tech service firm NTT. The accelerator provides funding and support to cyber statups in exchange for a small equity stake, and has typically focused on early stage Australian companies in its four previous cohorts.

    Mr Handsaker, whose accelerator received support from the Victorian government to get started but now operates independently, says it is critical to support local cyber companies early on as their first customer is typically the hardest to get.

    A risk averse culture from the federal government, however, means large cyber multinationals get most of the work, leaving the procurement lever unpulled, according to Mr Handsaker.

    “From a government’s perspective, typically, they’re going to go with a really large company — often that’s a multinational company — so that they can feel confident and safe their services are going to be delivered. And that’s not always the case.”

    “… There’s enormous opportunity to drive innovation by using a procurement lever. At the moment, federally, whatever they’re doing it’s not working.”

    There is a similar challenge for cyber startups trying to work with risk averse large corporates in Australia, according to Mr Handsaker, who says big companies are typically more open to smaller partners in the UK, Israel and the UK.

    CyRise seeks to address the reluctance through the network partnerships it provides its cohorts, including the latest round announced this week.

    The accelerator is taking on board five companies ranging from drone security to developer skills in its fifth and latest cohort. CyRise invests $50,000 into each team and provides a 14 week program. The companies are:

    • Dronesec: a cyber-uav firm providing security and threat intelligence for drones and drone operations.
    • Safestack: The startup’s academy trains developers, testers, analysts and architects in security skills to design, build and deploy secure, high quality software at speed.
    • Cyamast: an Australian cybersecurity technology and analytics company that has developed a new approach to asset visibility and anomaly detection for connected devices.
    • Byte25: a network monitoring solution providing comprehensive visibility of network security, performance and end user experience.
    • Traild: an AI-driven security product that patrols the payment workflow to protect businesses from business email compromise, insider fraud, supplier fraud and other threats.

    “The quality of the teams just continues to rise,” said Mr Handsaker.

    “100 per cent of the teams coming into the program have existing revenue, with more than half having customers spread across multiple countries.”

    The post Procurement policy holds cyber startups back appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Govt’s global cyber strategy delayed by ‘busy’ parliament

    The government is still yet to publish Australia’s 2020 international cyber engagement strategy, four months past its scheduled release and three and a half years on from the inaugural strategy.

    The strategy is currently with the government for consideration, but has apparently been accepted and is already informing Australia’s international cyber relations. Its absence has prompted renewed concerns from the Opposition about the “disarray” of Australia’s cybersecurity policies.

    The International Cyber Engagement Strategy was developed and launched by the Department of Foreign Affairs and Trade in 2017 along with the appointment of Dr Tobias Feakin as the Ambassador for Cyber Affairs and Critical Technology.

    The strategy is intended to guide global and regional engagement across the full range of Australia’s interests in cyber affairs and is scheduled to be revisited every three years to adjust its settings.

    2020 Cybersecurity strategy
    An international engagement strategy for Australia’s cyber affairs remains unpublished months after its scheduled release.

    A new 2020 strategy has been with government for consideration since last year and was scheduled to be launched at the end of the final Parliament sitting week in December.

    During Senate Estimates last month, Dr Feakin said the new strategy is already informing a range of ongoing work by DFAT but a “particularly busy parliamentary activity week” last year meant a “short postponement” to the official launch was necessary.

    “We’re in discussions about a suitable date,” Dr Feakin told the Estimates hearing.

    Foreign Affairs Minister Marise Payne said that she had delayed the launch because of “timing and the scheduling issues”.

    A DFAT spokesperson confirmed the updated strategy is now in use but did not respond to questions on when it will be launched or when it was first provided to government.

    “The International Cyber and Critical Technology Engagement Strategy continues to inform DFAT’s active program of international engagement in pursuit of a safe, secure and prosperous Australia, Indo-Pacific and world,” the spokesperson told InnovationAus.

    The work influenced by the unpublished strategy includes the recent launch of a Quad Critical and Emerging Technology Working Group, following a March meeting of the US, Japan, Australia and India, as well as DFAT’s ongoing work to “build the cyber resilience of regional partners”, according to the spokesperson.

    Shadow Assistant Minister for Cyber Security Tim Watts said the response from the department official and the Minister for Foreign Affairs during Estimates last month highlighted the “the disarray that is cybersecurity policy in the Morrison Government”.

    “It seems incredible that an important government strategy has been sitting in a drawer gathering dust for four months because the Minister is too ‘busy’ to launch it,” Mr Watts told InnovationAus.

    “Australians deserve better than these excuses when it comes to an issue as critical as cyber security.”

    First developed in 2017, Australia’s International Cyber Engagement Strategy was broadened to include critical technology in the 2020 update.

    Public submissions for to the 2020 strategy closed in June 2020 and included stakeholder input from academics, civil society groups, Big Tech and cyber companies among 31 submissions. DFAT also engaged with 18 Commonwealth departments on the new strategy, which supersedes the 2017 plan.

    Since the strategy was originally scheduled to be released last year, a series of high profile international cyber attacks have occurred, including the Microsoft Exchange exploit which led to a breach of Western Australia’s parliamentary email network and a SolarWinds software exploit which provided attackers access to US government networks.

    While China and Russia have been the respective suspects of the two incidents, Australia has yet to attribute either cyber attack. Dr Feakin told Estimates DFAT’s increasing preference is to make attributions in partnership with allies, but the department was yet to go through any multilateral attribution processes.

    The post Govt’s global cyber strategy delayed by ‘busy’ parliament appeared first on InnovationAus.

    This post was originally published on InnovationAus.