Cyber wrap
14 Dec 2016| and

For the final two cyber wraps of 2016, ICPC will review some of the biggest cyber stories to make headlines over the last twelve months so that we can all laugh, cry and reflect on the year that was together.

On the home front, 2016 was a big year. Australia’s Cyber Security Strategy was released in April by Prime Minister Malcolm Turnbull. The Strategy committed a total of $230 million to new initiatives to strengthen Australia’s cyber security, in addition to the $400 million funding already allocated to cyber security efforts in the 2016 Defence White Paper. The Strategy also created a new ministerial position for cyber issues, with two new positions—a Special Adviser to the PM, and a Cyber Ambassador—joining the existing ACSC Coordinator. Work has commenced on new capital city threat sharing centres and academic Centres of Excellence, as have preparations to move the ACSC from within ASIO HQ to new digs that will be more accessible to private sector partners and cyber workers with lower levels of security clearance. While those are all promising signs for the implementation of the Strategy, there’s been some criticism from industry about the pace of implementation. Full steam ahead for 2017.

Australia’s offensive cyber capability, which is being housed in the Australian Signals Directorate HQ, was also announced in the Strategy. While there understandably isn’t much detail available, the PM revealed that Australia’s capabilities have been engaged against Daesh’s cyber efforts in the Middle East. Other Australian highlights for 2016 include the second annual ACSC Threat Report which revealed a state actor was behind the hack of the Australia’s Bureau of Meteorology which took place last year.

2016 also saw a major change in how the internet is managed worldwide, with the transition of the Internet of Assigned Numbers Authority (IANA) from a US Department of Commerce contract to a standalone multi-stakeholder-led institution. The move was the culmination of a policy plan which stretches back to the Clinton administration, which was spurred along by the Snowden disclosures and increasing international concern about the US’s role in internet governance. The transition was delayed several times as the multi-stakeholder community struggled to implement a plan to take on the function, and was nearly further delayed by court action initiated by US Senator Ted Cruz. However, the move was eventually successful on 1 October. While the average Internet user wouldn’t have noticed any difference, the transition is a win for proponents of the multi-stakeholder model of internet governance.

Several other countries released new cyber strategies in 2016, with Britain, Germany,  New Zealand and Singapore providing some interesting policy contrasts to Australia’s effort. Britain’s government is taking a stronger position in protecting its citizens online, Germany is increasingly concerned about privacy, New Zealand is focused on cybercrime and education, and Singapore remains set on maximising digital growth’s full potential.

Cyber security incidents also remained weekly news in 2016. The fallout from the Dyn DDoS incident back in October continues to reverberate as other attempts to exploit security vulnerabilities of IoT infrastructure have followed—including one affecting Germany’s Deutsch Telekom earlier last month. In the US, the revelation that Yahoo! had hidden a 2014 data breach complicated the planned Verizon takeover. Other big breaches this year include the DNC hack (which we’ll cover next week), the US$81 billion dollar compromise of the SWIFT network through Bangladesh’s Central Bank, and Australia’s largest ever data breach—when the Red Cross Blood Service accidentally leaked the personal information of more than 550,000 donors.

We’ll see you next Wednesday for part two of our wrap-up of the year that was!