Cyber wrap
19 Oct 2016|


Last Tuesday the G7 announced that they have agreed to new ‘non-binding principles’ to protect the global financial system from cyber threats such as last year’s SWIFT hacking incident in Bangladesh. A US Treasury official told Reuters that the principles are an effort to encourage both regulators and companies to take a risk management approach to cyber security. Among other things, the G7 principles recommend that governments and banks share threat information and cooperate to manage incidents. Of course banks and regulators are already sharing information, with news from the UK this week noting that UK banks have reported 75 incidents so far this year to the Financial Conduct Authority, but that’s probably just the tip of the iceberg.

On Monday WikiLeaks let the world know that Julian Assange isn’t dead (as some rumours suggested), but his internet connection is. WikiLeaks originally blamed a ‘state actor’ for cutting Assange’s internet access, and while they were right, it probably wasn’t who they expected. Assange’s Ecuadorian hosts cut him off from the world after WikiLeaks released more leaked Hillary Clinton emails, yet another move which violates Ecuador’s principle of non-intervention in the affairs of other states. While Ecuador hasn’t backed away from its commitment to protect Assange, it seems they may be getting a bit tired of their guest.

Back in Australia, Senate Estimates have seen interesting exchanges about cyber security issues, highlighting the increasing prominence of cyber security in political circles, and its potential to embarrass the government. Most prominent was the examination of the use of encrypted messaging app WhatsApp by Cabinet ministers and advisers. While the app isn’t on ASD’s list of approved communications and messaging services for sensitive or classified communications, the PM’s Cyber Security Adviser Alastair MacGibbon told estimates that ASD had approved the use of WhatsApp by Ministers for unclassified messages. In another exchange, the Parliamentary Services CIO was quizzed on whether a smart watch that had been given to a government MP had been connected to the parliamentary network. The watch attracted interest because it was manufactured by Chinese firm Huawei, notable in Australia for being banned from providing NBN infrastructure on security grounds.

The Australian government has also taken another step forward in its digital transformation agenda, transferring the IT procurement, project management and policy function from the Finance Department to the Digital Transformation Office, which will become the Digital Transformation Agency. Also announced was the formation of a Digital Transformation Advisory Board of public and private sector experts to advise government on the rollout of digital government services. The DTO, formed by PM Malcolm Turnbull when he was Communications Minister, has been charged with improving the delivery of government services online, including improvements to the myGov portal and its expansion to state government services.

Telstra, Australia’s largest telco, is looking for a new Chief Information Security Officer (CISO) after incumbent Mike Burgess announced his move into private consultancy from early November. Burgess, formerly a Deputy Director at ASD has spent four years managing Telstra’s cyber security. IT News noted that this was the fifth ‘big CISO move’ this year, with CISO vacancies at Telstra and Qantas, and new appointments at Australia Post, AGL Energy, the National Australia Bank and the Department of Human Services.

Internet services in Syria and Lebanon have suffered from a series of outages caused by a spike in routing instability according to US internet monitor Dyn. While the group was careful to point out that correlation doesn’t necessarily imply causation, Dyn has noted that the outages and instability have occurred since the arrival of Russian research vessel Yantar off the Syrian coast. Yantar is equipped with two autonomous submersible craft, and it’s been suggested that the ship has been using these to tap submarine cables or seek out uncharted cables used for classified information. In September last year the ship was in Cuban waters, and similar claims were made in some US media outlets that the ship was spying on US submarines and tapping submarine cables. However cable industry experts have told War is Boring that tapping submarine cables underwater is an unlikely method for the Russians to employ when tapping the cables on land is easier. Interestingly the Russian Navy plans to deploy a similar ship, the Almaz, to the Pacific Ocean by 2019.

And finally, if you’re looking for a gift for the special cryptanalyst in your life, perhaps consider GCHQ’s new puzzle book. GCHQ will be donating all proceeds from the book to mental illness awareness charity Heads Together.