Imagine. A group of offshore criminals board a plane to Australia. The group is known to law enforcement and wanted by Interpol.
They arrive in Australia, set up camp and over several weeks they ransack thousands of businesses and households to the tune of millions, if not billions. They use the tactics and methods they have successfully deployed around the world.
They are not stopped when boarding the plane nor at the Australian border.
They are not stopped when ransacking homes and businesses.
And they are not stopped when they board the plane home with their winnings.
This is the current state of play in cyberspace. And this scenario is occurring at an alarming rate – every day, hour, minute.
Exponential growth in the cybercrime threat
In the last couple of months, we have seen the exponential growth and global impacts of cybercrime.
By one estimate, the cost of cyber security incidents to the Australian economy is $29 billion per year, or 1.9% of GDP.
According to the Australian Cyber Security Centre, Australians are reporting cybercrimes every 10 minutes. Likening this to the physical world, it is the equivalent to a gangster knocking on your door every 38 seconds trying to break into your home.
The Ransomware Task Force, launched in December 2020 and including organisations from the US as well as the UK and Canada, is calling ransomware one of society’s most pervasive threats, growing from a cybercrime nuisance to a critical risk to national and global security, economic stability, and public safety. The severity of this threat has been highlighted by recent events, including the shutdown of a major US pipeline following an attack by one of the most prolific cyber extortion gangs.
We know that across the globe there are hundreds of cybercriminal groups profiting from their operations.
Today, cybercriminals operate like a sophisticated business – they employ people, they have hierarchies, and they have processes. Cybercrime is also a common experience for everyday Australians – whether it be ransomware, identity theft, or the romance scams, which last year had reported losses across Australia in excess of AUD38 million.
In an ever-increasingly connected world where our work lives, personal lives, and finances have all gravitated online, we must consider how to protect Australians from these threats and do it at scale.
We need to stop these cyber threats before they hit our businesses and homes.
Another way – clean pipes
Clean pipes refers to the ability of internet service providers (ISPs) to have constant real-time visibility across traffic passing through their networks and being able to detect and stop in real time cybersecurity threats within that traffic. To ensure the necessary level of security capabilities clean pipes would be delivered by ISPs in collaboration with industry partners.
The 2020 Cyber Security Strategy noted the importance of businesses, particularly telecommunications providers, automatically blocking known malicious threats to protect Australians and Australian businesses from at speed and scale.
Essentially, service providers and ISPs could provide security services to their customers to deliver a level of default security, free of malicious software targeting our organisations and systems at home and prevent cybercriminals from sending our data out to their systems.
These measures can reduce the volume and impact of cyberattacks to national infrastructure, government networks, business, and citizens. Industry and governments should work together to achieve this goal.
The strategy also notes Telstra’s “Cleaner Pipes” initiative announced in May 2020. Telstra should be lauded for paving the way with this initiative, which involves Telstra’s Domain Name System (DNS) filtering, where millions of malware communications are being blocked as they try to cross Telstra’s networks.
DNS in short is the phone book of the internet — a system used by computers connected to the internet which allows us to browse the Internet and make it a more human-friendly place.
While DNS security is important, additional steps are necessary for a more robust “clean pipes” approach to more fully protect the Australian economy.
Firstly, stopping malicious DNS traffic means that you are only seeing the traffic after a system in a business or household has been compromised, so it does not allow prevention of attacks. Secondly, attackers can easily leverage or reroute to use another DNS service, and malicious actors can create code to do this automatically as part of their attacks. Thirdly, a user can easily choose a different DNS provider which would bypass filtering by a provider.
In order to really stop the flow of cybercrime activity, we need to get ahead of the problem – before a system is compromised and have a consistent approach to see all the threats, such as exploits, malware, and other malicious content and prevent them in real-time across every telco and ISP in Australia. This allows us to move beyond just blocking a domain or IP address a cybercriminal uses and enables us to also prevent the techniques cybercriminals use, such as changing or switching domains at regular intervals.
The time is now
This month the Australian government is closing its formal consultation on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia’s digital economy, presenting an opportunity for fresh approaches. We would encourage the government to look at how they can incentivise all ISPs to adopt a clean pipes policy — where cyber threats are stopped “at the border”. This would help provide all Australian businesses and citizens with a level of protection from a range of cyber adversaries.
A national clean pipes policy can prevent cyber attackers from jeopardising our finances, stealing our information, and disrupting the livelihoods of all Australians.