Cyber wrap
30 Nov 2016|

Image courtesy of Flickr user Blue Coat Photos.

The consequences of August’s #censusfail continue to reverberate in Canberra, and two reports released last week—one by the PM’s Special Adviser on Cyber Security, Alastair MacGibbon; the other by the Senate’s Economics Committee—pull no punches. Both reports are highly critical of the Australian Bureau of Statistics and IBM for the planning, management and response to the census debacle. MacGibbon’s report noted that the ABS had no ‘clearly identified and tested cyber security incident response processes’, resulting in ad-hoc decision-making, and that the government’s Cyber Incident Management Arrangements were similarly inadequate.

MacGibbon’s report also recommends that a ‘Cyber Bootcamp’ for senior government executives and Ministers should be instituted to educate them on cyber risks and crisis communications. IBM was called out for its failure to plan for and test its response to foreseeable incidents such as a DDoS, and both reports criticised the single-source tender approach by the ABS to the procurement of IBM’s services. The government has reached a settlement with IBM for an unspecified amount.

In a speech at the National Press Club last week, the Minister Assisting the PM for Cybersecurity, Dan Tehan, warned that Australia remains vulnerable to a ‘cyberstorm’, an attack that could knock out power, telecommunications, emergency services and financial networks. Tehan admitted that the government had much to do to protect Australia from cyber threats, and that implementation of the Cyber Security Strategy should be accelerated. His focus is on making government departments accountable for their own security, greater transparency from government on cyber security incidents, fighting cybercrime, and protecting critical infrastructure. Tehan also announced that he’ll initiate quarterly meetings with business leaders to discuss cyber security, starting in December.

Prime Minister Malcolm Turnbull has announced that Australia is conducting offensive cyber operations against the Islamic State. The PM wouldn’t be drawn on exactly what was being done, but was careful to note that Australia’s offensive cyber operations against IS are subject to the same Rules of Engagement, legal oversight and consistency with international law as Australia’s kinetic military capabilities in the Middle East. The nature of offensive cyber operations is usually obscured for operational security reasons, but ICPC fellow Jim Lewis’ publication ‘Cyberspace and armed forces’ gives some insight. Lewis notes that ‘most cyberattacks will produce intangible effects. Expanding the ‘fog of war’ creates indecision and slows opponents’ reactions in ways that confer military advantage.’

The PM also announced last week that Julie Inman Grant will be Australia’s new eSafety Commissioner, filling the post left vacant by Alastair MacGibbon. Inman Grant will be responsible for implementing the new online reporting tool for revenge pornography announced by government in October as part of the National Plan to Reduce Violence against Women.

There have been several hacking incidents across the world this week. The Japan Times has reported that Japan’s Ministry of Defense and Self Defense Force’s internal network, the Defense Information Infrastructure, was breached in September by a ‘sophisticated cyberattack.’ It’s believed that the hackers gained access to the National Defense Academy network and then used it to hop across to the Ministry’s network and exfiltrate an unknown quantity of data. The Ministry has declined to comment, but it’s been reported that internal internet use has been temporarily banned.

A ransomware infection on the San Francisco Municipal Transportation Agency (known as Muni) has been a boon for commuters, who were able to travel for free last weekend when ticketing machines were taken offline. The hackers have demanded 100 bitcoins, about US$73,000 to provide the encryption keys to unlock just over 2,000 infected terminals. The hackers have also threatened to release 30 gigabytes of data including customer information if the ransom isn’t paid. Muni was able to restore its system using backups and didn’t pay the ransom.

In Germany, Deutsche Telekom has hinted that hackers were the cause of a network outage that affected 900,000 people over the weekend. The outage has only affected customers using routers with ‘certain software’, indicating that the issue was caused by hackers and not a broader network issue. The company’s IT security chief has told newspaper Das Tagesspiel that it was likely the result of a botched attempt to use the routers as part of a botnet and Kaspersky researchers have identified ‘Mirai-related’ activity on affected routers. Deutsche Telekom is currently rolling out firmware upgrades on routers from Taiwanese company Arcadyn Technology to address the issue.

And finally closer to home, the head of Telecom Fiji has said that the country’s Standing Committee on Foreign Affairs and Defence that his company’s firewalls block more than 1,000 cyber threats a day. He encouraged the Fijian Government to do more to address cyber threats, and suggested they focus on insider threats and cybercriminals.