Tag Archive for: cyber security

Reader response: government and cybersecurity – how big a role?

I’m glad to see Klee Aiken offer his thoughts on cybersecurity, and I share his suspicion of intrusive surveillance. But it’s for this very reason that I’m raising alternative uses of ‘big data’, and I fear Klee’s assessment of the potential role for government neglects several key issues.

To begin with, I’m not particularly confident the private sector will prove capable of protecting their own systems as cyber security becomes more burdensome. I’d welcome Klee’s input on this point, but I see a classic example of market failure behind industry’s lagging response to the system-wide costs inflicted by malware. After all, the US government has been announcing plans to foster more security-conscious behaviour since 2003, and yet they’re still waiting for any meaningful changes which can keep pace with new dangers.

Read more

Cyber wrap

This month Indonesia had the dubious honour of becoming the cyberattack capital of the world. According to the second quarter Akamai report, Indonesia has surpassed China to become the preferred launching pad for 38% of the world’s cyberattacks. 79% of all attacks now originate from the Asia-Pacific region; this is a significant increase of almost 25% since the end of 2012.

Last week the third instalment of the International Conference on Cyber Space was held in Seoul, South Korea. Initiated in London 2011, the process draws ministers, government and private sector cyber leaders from across the globe. The conference produced the Seoul Framework—a principles document organised around the themes of the conference, including cybersecurity, economic growth and development, cybercrime and capacity building. Read more

Putting runs on the board: Australia and International Cyberspace

Foreign Minister Julie Bishop delivering a keynote speech at the Seoul Conference on Cyberspace 2013.At the Seoul International Cyberspace Conference last week, I was listening out for the big advances—if there were any—which had occurred since the previous conference in Budapest.  (For what the International Cyberspace Conference process is all about, my first post on The Strategist outlines the details.)

The most notable change in Seoul was the degree of participation from developing nations, who were absent from previous years. This time some 87 nations were represented at the conference, from all corners of the globe.  This is welcome, as unlike many of the more developed economies of Europe, China, and North America, many of these nations are still in the process of understanding how they exploit the digital economy to their advantage, building their own capabilities and working out where exactly they stand on the question of internet governance and security. Read more

Cyber wrap

Online security firm Symantec has released a report detailing the activities of an online ‘hackers-for hire’ group it has dubbed ‘Hidden Lynx’. The company claims the group possesses levels of capability and sophistication not seen in other well-known groups such as APT1. Hidden Lynx is said to essentially operate as an online hacking consultancy. It has been tied to high-level attacks against Google, Adobe, Lockheed Martin and others. The organisation, linked to a base in China, has a history of stealing information that would be beneficial to both government and corporate entities. Interestingly, the report reveals that Australia was one of the top 10 regions targeted by the group.

Telstra has become the first Australian ISP to step up and introduce ‘malware protection technology’ on its internet subscription services to private residences and small businesses. The technology is designed to prevent the spread of botnet malware by preventing personal computers from accessing pre-identified malicious servers. These steps can’t come soon enough, if a report last week by cybersecurity company Trend Micro is anyhting to go by. The report revealed that 32% of targeted cyberattacks in the second quarter of 2013 made use of a compromised computer in Australia. These computers were used, unbeknown to their owners, in cyberattacks after they’d been co-opted by hackers using malware or trojan horses. Read more

Cybersecurity for Australia’s critical infrastructure

The fear of attacks on critical infrastructure such as nuclear power plants, dams and electricity substations is not new – there has been a decade of commentary about threats to public services emanating from cyberspace. But governments have only recently begun to look to legal measures to mitigate these risks.

In February Barack Obama released an executive order entitled Improving Critical Infrastructure Cybersecurity, calling it ‘one of the most serious security challenges we must face.’ Australia faces the same kinds of risks, and we could look to similar measures to help protect ourselves.

Assigning responsibility for critical infrastructure protection is complex. Whilst the government has a role in ensuring the supply of essential services, up to 85% of critical infrastructure in the United States and 90% in Australia is owned or operated by private industry. Some industries have strong regulatory frameworks and well-established cybersecurity practices, but some sectors struggle to maintain basic levels of cyber resilience. Read more

Collaborating for a stronger region – cybersecurity capacity building within the ARF

In my previous post, I looked at the polarised geopolitical, technological and economic situation that provides the backdrop to ASEAN states’ deliberations on cyberspace. During the course of the ARF meeting there was a focus on practical ways in which states in the region can begin to create a more even playing field, and begin to create a common understanding of the language, vulnerabilities and responses to cyber threats. My talk focused on what measures the ARF could take to assist in capacity building in the region to bolster the capabilities of those states capabilities that are severely lagging behind.

Capacity building can take place at both the policy and the technical levels; it’s a fact that having the technical cyber capabilities to respond to a crisis is of no use if policy mechanisms aren’t in place to enable them. And it’s important to recognise that the private sector and civil society are key parts of the equation for the most comprehensive and constructive capacity building.

Bearing that in mind, I proposed five key areas for capacity building for the ARF to consider. None of this is rocket science, but failure to act could lead to a regional cyber domain that’s akin to the Wild West. Read more

Cyber wrap

cyber logo

Christopher Painter, the US State Department’s Coordinator for Cyber Issues, conducted an insightful interview last week on cyber diplomacy, norms and whole-of-government approaches to cybersecurity. Painter, who is the lead negotiator on the US – China cybersecurity working group, spoke about the opportunities the dialogue presents and the challenges that differing views of cyberspace presents for policy formation. He also spoke positively about the recent consensus reached in the UN Group of Government Experts (UNGGE).

The UNGGE on Developments in the Field of Information and Telecommunications in the Context of Information Security recently released the report from its June meeting. The gathering was significant as it saw landmark consensus on the applicability of international law, in particular the UN charter, to cyberspace. The group of 15 experts including representatives from Russia and China was chaired by Australian Deborah Stokes, now Australia’s High Commissioner to PNG. Read more

A seat at the table for homeland security?

Attorney-General's Department in the Canberra.As outlined by Tobias Feakin and Jessica Woodall’s post last week, ASPI recently launched its new international cyber policy centre in Sydney. An expert panel discussed many facets of Australian cyber policy.

What wasn’t really discussed by the panel was the political responsibility for cybersecurity in the Australian government.

In a recent ASPI paper Peter Jennings and Toby Feakin recommend establishing a Prime Minister’s Cyber Council, comprising leading private and public sector figures, as well as cyber specialists to discuss cybersecurity and a cyber policy unit, reporting to the Secretary of the Attorney General’s Department.

I’d like to suggest that while bureaucratic innovations such as those proposed by my colleagues are important, it’s even more critical we get the political ‘ownership’ of cybersecurity (and homeland security more generally) ‘gripped up’. Read more

Reflecting on the launch of the ASPI International Cyber Policy Centre

Malcolm Turnbull (Shadow Minister for Communications and Broadband), Gary Blair (Commonwealth Bank of Australia), Tim Morris (Assistant Commissioner, Australian Federal Police), and Judith Lind (Australian Crime Commission) at the launch of the ASPI International Cyber Policy Centre.Last Thursday the Australian Strategic Policy Institute, in partnership with the Commonwealth Bank, launched its new International Cyber Policy Centre (ICPC).

A packed audience of key public and private sector stakeholders, all with a direct responsibility for elements of cybersecurity policy development and delivery, gathered at the launch. Catherine McGrath, Asia Editor at the ABC facilitated the lively dialogue which ensued from a panel of experts, including amongst others, Director-General of ASIO David Irvine, Malcolm Turnbull MP and the Commonwealth Bank’s security chief, Gary Blair.

After the centre was officially launched by ASPI CEO Peter Jennings, Gary Blair and myself (TF), the panel discussed the topic ‘What is Australia’s current response to cybersecurity and how should it evolve to promote a vibrant and dynamic digital economy into the future?’ Read more

Cyber wrap

cyber logoAs a Strategist post earlier this week reported, former CIA head Michael Hayden has accused Chinese Telecommunications company Huawei of snooping for the Chinese Government. Huawei isn’t new to controversy, after being blocked from working on the NBN due to ‘security concerns’ in 2012. But this story is significant as it’s the first time a senior official has categorically and publicly implicated the company in spying. This news rounds off a bad week for Huawei after the UK Parliament’s Intelligence and Security Committee (ISC) handed down a report outlining concerns with Huawei’s Cyber Security Evaluations Centre. In what the ISC sees as a direct conflict of interest, the Huawei staffed cell is responsible for providing security assurance on Huawei products. The ISC is now calling for GCHQ to staff the centre.

China’s Ambassador to Australia Chen Yuming has responded to the allegations, calling General Hayden’s comments a politically motivated attack. The Ambassador went on to distance both Huawei and the Chinese Government from cyber espionage, saying “There may be some people doing things the article referred to, but it is not Huawei or China for sure.” Read more