- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on April 26, 2017 @ 13:06

A flurry of activity on the cyber-policy front has accompanied the one year anniversary of Australia’s Cyber Security Strategy [1], which was launched by Prime Minister Malcolm Turnbull on 21 April 2016.

The Australian Cyber Security Growth Network [2], the industry-led, not-for-profit company tasked with boosting Australia’s cyber industry, released its first Cyber Security Sector Competitiveness Plan [3] in Sydney last Thursday. The report, developed in conjunction with AlphaBeta [4] is intended to help Australia’s cybersecurity industry ‘reach its full potential [5]’ by identifying and overcoming [6] roadblocks to small business, commercialisation of research and a cyber skilled workforce.

The Minister Assisting the Prime Minister on Cyber Security, Dan Tehan, recently launched the ASX100 Cyber Health Check Report [7], another key deliverable of the Cyber Security Strategy. The report, which reveals how Australia’s biggest businesses approach cybersecurity, was developed [5] by Australian Securities Exchange, the Australian Securities and Investments Commission, the Department of the Prime Minister and Cabinet, Deloitte, EY, KPMG and PwC. One of the report’s many findings [8] is that only 11% of companies have a clear idea of what data is shared with third parties, or have initiatives designed to reassure investors and customers of their cybersecurity.

The Minister’s been busy, also publishing an op-ed [9] calling for a ‘step change’ from passive to ‘active cyberdefence’ to combat cybercrime in Australia. The article advocates [10] for telcos and ISPs to take more responsibility for the dangerous content they inadvertently propagate and that users should be able to opt into services that provide a filtered and more secure version of the internet. While the Minister assured readers that he knows that ‘laws must be respected’, he said the government will ‘investigate existing legislation and, where appropriate, remove any roadblocks’ that may prevent this type of active defence from being possible. The controversial article has been described as a ‘radical plan’ [11] and has been criticised [12] for its poor understanding of the existing services and limited powers of telcos.

Australia took some strides on the international cyber stage this week when it hosted the inaugural Australia–China High-Level Security Dialogue [13] in the wake of Premier Li Keqiang’s March visit [14]. At the meeting Prime Minister Turnbull, Foreign Minister Julie Bishop and Secretary of the Chinese Communist Party’s Central Commission for Political and Legal Affairs Meng Jianzhu reached the significant agreement [15] that ‘neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of obtaining competitive advantage’. The pact reflects the principle of the September 2015 agreement between China and the US [16], which reportedly correlated with a decrease [17] of Chinese commercial espionage. Fingers crossed for similar success Down Under.

Stateside, the CIA and FBI [18] have launched a joint investigation to identify those responsible for leaking the contents of the Wikileaks’ multi-tranche ‘Vault 7’ [19] disclosures. Wikileaks has claimed that the documents, purporting to detail CIA cyber tools for hacking smartphones, televisions and computer systems, come from a former US intelligence contractor [20]. Unsurprisingly, the CIA is staying tight-lipped on the investigation into the source of the leak.

Looking at the date, it appears that the Trump administration’s much-anticipated cybersecurity plan is now officially late [21]. As President-elect, Trump promised [22] to deliver a fresh federal cyber plan ‘within 90 days of taking office’. We’re now past 90 days and the administration still has nothing to show other than a false start [23] and two leaked [24] drafts [25]. Unsurprisingly, assurances have surfaced [26] that Trump will sign a version of the long-awaited Executive Order this week, but we won’t be holding our breath.

French presidential candidate Emmanuel Macron appears to have been targeted [27] by the same Russian operatives behind the 2016 hack of the Democratic National Committee (DNC). A series [28] of phishing attempts and web assaults sought to obtain the email passwords of individuals working on the Macron campaign and gain access to confidential correspondence. New research by cybersecurity firm Trend Micro has compared [29] the digital fingerprints on the Macron system to those found after the DNC hack, finding that they were also from APT28—though the research stops short of saying who’s behind the malicious group. Not that they needed to, with US intelligence agencies having already explicitly attributed [30] the work of APT28 to Russian intelligence services. While the efforts against the Macron campaign were reportedly unsuccessful, Macron’s digital director Mounir Mahjoubi noted [27] ‘there was talent behind it and time went into it: talent, money experience, time and will’.

And finally, in a development unlikely to boost international confidence in democratic security, a Russian government think tank reportedly [31] outlined a plan to influence the US election in June 2016. US officials have anonymously disclosed that the US government is in possession of a Russian strategy paper written by the Russian Institute for Strategic Studies [32] and circulated to the highest levels of the Russian government last year. Hold on to your votes, people!



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-161/

URLs in this post:

[1] Australia’s Cyber Security Strategy: https://cybersecuritystrategy.dpmc.gov.au/

[2] Australian Cyber Security Growth Network: https://www.acsgn.com/

[3] Cyber Security Sector Competitiveness Plan: https://www.acsgn.com/cyber-security-sector-competitiveness-plan/

[4] AlphaBeta: http://www.alphabeta.com/

[5] reach its full potential: http://www.minister.industry.gov.au/ministers/sinodinos/media-releases/plan-boost-australia%E2%80%99s-cyber-security-capability

[6] identifying and overcoming: http://www.computerworld.com.au/article/617909/roadmap-seeks-boost-local-cyber-security-industry/?fp=16&fpid=1

[7] ASX100 Cyber Health Check Report: http://www.asx.com.au/documents/investor-relations/ASX-100-Cyber-Health-Check-Report.pdf

[8] many findings: http://newsroom.kpmg.com.au/cyber-resilience-among-asx-100-ready/

[9] op-ed: http://readnow.isentia.com/Temp/108277/761504281.pdf

[10] advocates: https://www.itnews.com.au/news/govt-could-make-telcos-block-malware-459087

[11] ‘radical plan’: https://thewest.com.au/news/wa/push-on-telcos-over-cybercrime-ng-b88451159z

[12] criticised: http://www.itwire.com/open-sauce/77762-why-dan-tehan-should-have-nothing-to-do-with-cyber-security.html

[13] High-Level Security Dialogue: http://dfat.gov.au/news/media-releases/Pages/high-level-security-dialogue-with-china-joint-statement.aspx

[14] Premier Li Keqiang’s March visit: http://www.abc.net.au/news/2017-03-23/chinese-premier-li-keqiang-in-canberra-for-five-day-visit/8378146

[15] reached the significant agreement: https://www.pm.gov.au/media/2017-04-24/australia-and-china-agree-cooperate-cyber-security

[16] China and the US: https://www.wired.com/2015/09/us-china-reach-historic-agreement-economic-espionage/

[17] correlated with a decrease: https://www.fireeye.com/blog/threat-research/2016/06/red-line-drawn-china-espionage.html

[18] CIA and FBI: http://www.cbsnews.com/news/cia-fbi-on-manhunt-for-leaker-who-gave-top-secret-documents-to-wikileaks/

[19] ‘Vault 7’: https://wikileaks.org/vault7/

[20] former US intelligence contractor: https://www.businessinsider.com.au/wikileaks-vault-7-2017-4?r=US&IR=T

[21] officially late: http://www.independent.co.uk/news/donald-trump-cyber-security-plan-president-misses-deadline-a7694096.html

[22] promised: https://greatagain.gov/intel-meeting-3b6542ca6500

[23] false start: http://www.reuters.com/article/us-usa-trump-cyber-idUSKBN15E2TC

[24] leaked: https://assets.documentcloud.org/documents/3424611/Read-the-Trump-administration-s-draft-of-the.pdf

[25] drafts: https://lawfareblog.com/revised-draft-trump-eo-cybersecurity

[26] assurances have surfaced: http://www.politico.com/story/2017/04/23/trump-offshore-drilling-237509

[27] targeted: https://www.nytimes.com/2017/04/24/world/europe/macron-russian-hacking.html

[28] series: http://www.news.com.au/technology/online/hacking/russialinked-hackers-are-trying-to-reproduce-the-trumpbump-in-french-elections-researchers-claim/news-story/d92b078202a45746e7e3802ad003b51d

[29] Trend Micro has compared: https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf

[30] already explicitly attributed: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

[31] reportedly: http://www.reuters.com/article/us-usa-russia-election-exclusive-idUSKBN17L2N3

[32] Russian Institute for Strategic Studies: https://en.riss.ru/

Copyright © 2021 The Strategist. All rights reserved.