Across Australia, governments are creating previously unimagined amounts of data.
As all jurisdictions invest heavily in digital technologies, platforms and networks to significantly improve services and programs, the rapid arrival of cloud computing, the Internet of Things and high-performance 5G mobile networks has turbocharged the volume of data government agencies will be accountable for.
Ensuring data privacy – however it’s defined – and security sits at the core of citizen trust.
Let’s be real. Many of the intelligent service applications that public sector consumers now routinely experience with banking and ecommerce will need citizen usage data to be integrated – often in real time.
So, it follows that ensuring confidence in information and data security is critical for ensuring citizens buy into these services.
Yet unlike banks, utilities or online retail, there is often no competing or alternative provider for government. And often the service – such as paying a parking fine – is mandated, further intensifying public expectations.
So, when government goes digital, for the most part it must work first time ‘out of the box’. No pressure …
Welcome to the multiplier
At the same time as agencies are pushing to create intelligent, joined-up services, the threat environment has become far more complex, with the types and scale of threats growing rapidly.
An array of hostile actors – fraudulent, state sponsored or both – now have at their disposal powerful and highly disruptive technologies to attack and exploit vulnerable networks. These threats are often interlinked and impervious to national boundaries.
They target both private and public sector networks, including critical infrastructure that keeps our highly-connected economy working.
In this era of massive data and threat complexity, enterprise CIOs say it is intelligence, speed and accuracy that are crucial to effective cyber defences.
New school rules: persistent evolution
Traditional threat intelligence is struggling to stay on top of this cacophony of digital noise, leading to resource leaching false positives, delayed responses and wastage of precious and finite analytic resources.
Reactive perimeter defence systems are giving way to proactive global systems which scan and parse the massive amounts of threat intelligence now on the open web. As much as 80 per cent of this information is unstructured. New cognitive systems are using powerful, artificial intelligence applications to rapidly digest this treasure trove of intelligence and recommend responses.
“Forward focused and continuously multi-tasking, cognitive systems scour for vulnerabilities, connect dots, detect variances and sift through billions of events to build upon a base of actionable knowledge.” — IBM Cognitive Security White Paper
A key pillar of the Australian Government cyber policy is the promotion of intelligence sharing across the public and private sector.
This requires industrial context to make sense of the daily waterfall of threat data. By applying cognitive intelligence to threat data, security analysts have a powerful context to detect and interpret even the subtlest change in activity.
These very same systems are now applying tremendous computer power – and intelligence – to rapidly give CIOs options to mitigate threats. IBM research reveals reducing average incident response and resolution time remains the top cyber security challenge for enterprise CIOs.
The 2017 Ponemon Cost of Data Breach Study for Australia found organisations were slowly bringing down response time, but that the number of days to identify the data breach was still an alarming 191 and the average days to contain the data breach, 66.
When demarcation evaporates
Detection and escalation must encompass global and seasoned expertise. It requires major investment in forensic and investigative activities, assessment and audit services, crisis team management and communications to senior agency executives and ministers.
Robust information governance and risk management programs are critical to effective management of infiltration attacks.
It’s certainly no cakewalk for CIOs and CISOs.
At a time of major fiscal pressures, technology leaders are looking for new ways to justify the cost of cybersecurity investments and demonstrate value – the challenge is attributing value to what was prevented as opposed to what was lost.
The view that security is simply an insurance policy or a cost of doing business must be dispelled. Reports back to IBM suggest the top two factors used to justify investments include clear communication of the current risk exposure in the organisation and getting the support from finance, risk management, operations and other key executives. This needs to be communicated in a language easily understood by non-technical executives.
Cyber defence in this day is very much a mix of modern technology, access to expertise, and partnerships with critical support institutions, locally and around the globe.
At a time of critical shortage of cyber skills, the key is working with partners with proven depth and international reach. Cyber today is very much a multi-vendor game, so finding partners that work in an open and collaborative fashion is also important. This is especially so as the world moves toward more sharing of threat intelligence and the emergence of major threat sharing platforms.
Mandate from the top
In Australia, the Prime Minister has established the Home Affairs portfolio to provide coordinated strategy and policy leadership as a direct response to this increasingly complex and challenging security environment.
This has seen the Prime Minister’s former cyber adviser, Alastair MacGibbon, become the National Cyber Co-ordinator in the new Home Affairs Department.
The new agency is expected to drive a strong unified approach to cyber and represents a major consolidation of federal government cyber agencies and expertise.
For government CIOs, federal, state or local, this resets the landscape and implies a far more sophisticated nationally-driven response to cyber attacks.
At the highest level, the message is clear: the cyber threat is very real and the public sector needs to be much better prepared and coordinated.
This includes agency resilience strategies that are robust and backed by the right mix of threat intelligence and mitigation technologies and expertise. As agencies move through the next phase of digital development and maturity, the need for a robust security platform is only going to intensify.