Cyber wrap
7 Sep 2016|

There were some high-powered bilateral discussions about cyber incidents this week, with Barack Obama meeting Vladimir Putin and Xi Jinping on the sidelines of the G20 in China. Following the Putin meet, Obama sought to tone down discussion about any US response to recent high-profile cyber incidents related to the US election. While Obama acknowledged that Russia was the source of some of the cyber threats facing the US, he noted the US would prefer to establish norms of behaviour rather than begin a cycle of escalating responses resembling the ‘wild, wild West.’

The British took their cyber security seriously during the G20, with British officials attending the summit warned about their host’s proclivity for cyber espionage and provided with temporary phones and email accounts for use while in China. They were also advised not to accept gifts including USB sticks and phone chargers.

In further UK news, it appears data centre operator GlobalSwitch will be sold to a Chinese consortium for £5 billion. Senior British politicians are reportedly concerned about the security implications of such a deal, as the centre houses IT servers for government organisations and financial institutions. Also in the UK, Parliament has returned for a short two-week stint during which it will consider the Investigatory Powers Bill, also known as the ‘Snooper’s Charter’. The Bill has been criticised for the power it provides signals intelligence agency GCHQ to collect bulk data, and was reviewed over the parliamentary recess by the Independent Reviewer of Terrorism Legislation David Anderson QC. Anderson’s report was largely supportive of the Bill, but found no actual justification for bulk collection and recommended that a Technical Advisory Panel be appointed to consider the effect of technological developments on investigatory powers.

Closer to home, cybersecurity firm iSIGHT has reported that the Hong Kong government had been targeted by what it’s been described as politically-motivated cyber espionage from the mainland. The firm has reported that a group dubbed APT3 has targeted government personnel at least three times with spear phishing emails containing malware designed to infiltrate government networks. This comes in the same week that 30 pro-democracy candidates were elected to the city’s legislature, including one of the leaders of the Umbrella protests in 2014. In the US, the Chamber of Commerce released a study called ‘Preventing Deglobalisation’, which warned China that restrictions on foreign access to its technology market could damage GDP growth by between 1.77% and 3.44% per annum, or about US$200 billion a year.

Warfare in cyberspace remains a topic of significant interest, so here are a few recent pieces. Mathew Cohen looks at Israel’s offensive cyber capability in a blog for Oxford University Press, noting that Israel has significant offensive cyber capabilities, but may lack the strategic depth to respond to simultaneous cyber-attack and invasion. In Canada, the former head of its national signals intelligence agency—the Communications Security Establishment (CSE)—has urged the Canadian government to consider developing an offensive cyber capability in its defence policy review. A CSE spokesperson told media only that, ‘CSE does not have a mandate to conduct offensive cyber activities.’

On the campaign trail Hillary Clinton has told the American Legion in Cincinnati that as president she would consider cyber attacks the same as physical attacks, and the US would respond with political, military and economic measures. Over at Lawfare, Herb Lin has raised some concerns about recent reports that US Cyber Command is working to develop cyber tools that are ‘loud’ (that is, tools that don’t mask attribution). Meanwhile, ZDNet and TechRepublic have good summaries of the history of offensive cyber capabilities and major international cyber exercises, some of which Australia has participated in.

International bank settlements company SWIFT has disclosed that there have been more attempts to hack its network, some of which have been successful. SWIFT sent its clients the news in a private letter, imploring them to comply with new security procedures or risk SWIFT releasing information about breaches at banks without consultation or agreement. A cybercrime analyst who consults for the FBI this week told a conference in Sydney that cyber criminals are continually evolving their tactics, techniques and procedures. However, he noted that 90% of incidents are the result of successful spearphishing, meaning that user education is critical to turn the tide.

Compounding this problem is the continuing shortage of skilled cybersecurity personnel. A study by our friends at CSIS, commissioned by Intel Security, found that technical skills in intrusion detection, software development and attack mitigation were in short supply in Australia, and Australian IT managers won’t be able to fill about 17% of vacancies out to 2020. They also criticised the quality of formal cybersecurity education, with 75% of Australian respondents under the impression that these qualifications don’t adequately prepare individuals for the workforce.