The best defence against information warfare and online crime has to include a little bit of offence, according to Malcolm Turnbull’s cyber security delegate Dan Tehan, and he’s delighted to hear government agencies can outsource the capability to attack the attackers.
Tehan also spoke of the importance of relationships and trust between public and private sector organisations in sharing threat intelligence information, at the ceremonial opening of a new “advanced cyber security operations centre” established in Canberra by the Asia-Pacific arm of Verizon Enterprise Solutions.
“It’s music to my ears to understand that in the … security operations that you’re putting in place, that they’re not only purely defensive, but you’re also … attacking in playing defence, because I think that’s absolutely vital as well,” said the assistant minister, after taking the tour of the new secure facility on Northbourne Avenue.
“I think more and more, as a nation, we’re going to have to make sure that … we’ve got the technology and the sophistication to go after those who are seeking to do us harm in this area — not just play a purely defensive role.
“So I think that’s something that, from a government point of view, we’re going to be looking to work closely with [Verizon] as well.”
The opening was also attended by one of the fresh faces in the ACT’s newly enlarged Legislative Assembly, Michael Pettersson, as well as various public servants including senior staff from the Department of Defence and Department of Human Services.
Army Brigadier Murray Thompson of Defence Strategic Communications and Commander David Prentice, an information warfare expert from the Navy, also inspected the new facility.
Verizon Enterprise Solutions Asia-Pacific managing director Robert Le Busque said the new security operations centre was a “quantum leap forward in capability” and one of nine around the world that collectively analyse about 60 billion “security events” every year.
“Now, of those 60 billion security events, the vast majority of those are pulled from our global IP network,” he said.
“We run one of the world’s largest public and private IP networks; in any given day approximately 70% of the world’s internet traffic transits the Verizon network. That gives us incredible insight and reach into what’s happening in the internet more broadly from a threat perspective, it enables us to distil that down and provide it as actionable intelligence to our customers and government partners.”
This data is combined with intelligence from open-source and commercial data feeds, law enforcement agencies and Computer Emergency Response Teams around the world.
Le Busque said the company, which was appointed to the government’s new telecommunications services panel in December, worked with 25 national governments and over 75 federal and state agencies in Australia to share cyber threat intelligence, and had a large network of data centres certified for federal government usage.
The new world of “advanced threat hunting” involves not only reacting to cyber security threats “but to be proactive and pre-empt them” as well, he added.
The Commonwealth government will soon launch new Joint Cyber Security Centres that Tehan said would “drive information sharing about cyberthreats and mitigation strategies across business and government” in a press release.
“We are also establishing the Cyber Security Growth Centre which will build a national network to drive cyber security innovation and unlock greater commercial opportunities for Australian companies,” he added.
Encouraging organisations from all sectors to contribute to a team effort, the assistant minister also announced the Australian Signals Directorate’s “Essential Eight” threat mitigation strategies as a minimum standard:
- Application whitelisting which allows only approved software applications to run on computers.
- Patch applications to fix security vulnerabilities in software applications.
- Disable untrusted Microsoft Office macros because macros can be used to enable the download of malware onto computer systems.
- User application hardening which blocks web browser access to Adobe Flash player, web advertisements and untrusted Java code because these applications can be used to hide malware.
- Restrict administrator privileges for managing systems and installing software and patches to only users that absolutely need them.
- Patch operating systems to fix vulnerabilities.
- Use multi-factor authentication to make it harder for third parties access your information.
- Backup important data daily so you can recover information quickly in the event of a cyber security incident.
Australia’s Computer Emergency Response Team has responded to 3,422 cyber security incidents affecting businesses in the last six months, including 166 that involved systems of national interest and critical infrastructure, according to Tehan, and cybercrime was conservatively estimated to cost the Australian economy $1 billion a year.
“The Prime Minister has announced a special briefing for Australia’s political institutions to help protect our democratic process against foreign cyber influence,” he said. “These eight strategies will help them, and businesses of all size, protect themselves.”