Cyber wrap
10 May 2017|

Image courtesy of Pixabay user Magnascan.

The 2017 Cyber Security Challenge Australia (CySCA) kicks off today. Seventy-nine teams will compete over 24 hours for trips to cybersecurity conferences including DEFCON, Cisco Live, and RUXCON, as well as the possibility of being headhunted for a cyber security job. CySCA is just part of the Australian government’s push to expand the cybersecurity talent pool in Australia.

Last Friday, the government’s Special Advisor, Alastair MacGibbon, was talking up the need to start teaching primary school children about cybersecurity. And MacGibbon’s deputy, Sandra Ragg, was also out on the hustings last week pitching the idea of an Australian cyber alumni network to a conference in Sydney. The network would be a means to transfer skills between the public and private sectors, crowd source new ideas and provide a ‘surge’ capability for major cybersecurity threats to the country.

Also in Canberra last week was the inaugural Australia-Indonesia Cyber Policy Dialogue, hosted by Australia’s Cyber Ambassador Dr Tobias Feakin. The Dialogue, announced by the Prime Minister and Indonesian President Widodo in February, reportedly discussed views on international cyber norms, cooperation on cybersecurity and engagement with regional countries to reduce cyber risks. Mirroring the broader bilateral relationship, Australia’s cyber relationship with Indonesia has been rocky in the past, but events such as the Dialogue indicate a new positive focus from both countries.

China has launched an ambitious program to write an online Chinese Encyclopaedia, dubbed a ‘Great Wall of Culture’ by its new editor in chief Yang Muzhi. 20,000 authors have been recruited from Chinese universities to write 300,000 entries. Yang also told the South China Morning Post that the project will directly compete with Wikipedia, to ‘guide and lead the public and society’.  SCMP also notes that access to Wikipedia in China is ‘patchy’, with possibly controversial subjects usually timing out. Gizmodo notes that Wikipedia access has been a tricky subject for Chinese web-censors, who have variously blocked access to single pages, the Chinese version, and the whole site at different times.

The French presidential election was marred by the last minute dump of nine gigabytes of information stolen by hackers from the eventual victor Emmanuel Macron’s campaign. Macron’s campaign headquarters had previously noted persistent attempts by suspected Russian-linked hacking group APT28 to access campaign information. Just before the 12pm Friday media blackout, Macron’s campaign announced that they had fallen victim to a ‘massive hacking attack’, which resulted in thousands of emails, internal campaign memos and accounts being posted online late Friday. The material also included some obviously fake documentation.

While the documents were largely mundane, and the incident didn’t appear to have a noticeable effect on the ultimate outcome, Macron hasn’t ruled out retaliation against Russia for the incident. His foreign policy adviser said that ‘We will have a doctrine of retaliation when it comes to Russian cyberattacks or any other kind of attacks’. France’s national cybersecurity agency will also be investigating the incident.

In Germany, Hans-Georg Maasse, the head of domestic security agency BfV, has threatened to ‘wipe out’ servers used by threat actors, including APT28, APT29 and APT10, if the owners of the servers aren’t willing to assist authorities to prevent further cyber incidents. BfV has been investigating hacking incidents that targeted the Bundestag in 2015 and political associations connected with the major parties last month, that have all been linked to Russian cyber actors. And according to the Washington Post, two former officials from the Obama Administration have called for a comprehensive US/NATO/EU strategy to deter further Russian attempts to ‘subvert’ elections.

The British Army has announced a new recruitment campaign for cyber savvy soldiers after its previous attempts failed to secure the necessary number of recruits. Payments of £5,000, known as a ‘Golden Hello’, will be provided to communications systems operators and engineers in the Royal Corps of Signals. Meanwhile, the US Marine Corps is reportedly struggling with the concept of admitting cyber skilled Marines through lateral entry programs that allow personnel to skip basic training in junior ranks. Concerns that the Marines can’t recruit enough of the right people to ensure mission effectiveness are balanced by concerns that lateral entry will undermine the Marine’s esprit de corps and the ‘every Marine a rifleman’ ethos.

Japan’s Yomiuri Shimbun has learnt that Japan’s Internal Affairs and Communications Ministry plans to introduce a certification system for IoT devices in 2018. The Ministry plans to devise an index to rate the cybersecurity measures of IoT devices, which will be indicated by a Ministry certification mark. The emergence last year of the Mirai botnet, which uses infected IoT devices to mount massive denials of service (DDoS) , has further heightened long standing concern among governments and cybersecurity researchers about the security of IoT devices.

And finally, the manager of the .au domain auDA wants your views on the introduction of direct registration in Australia. The change to direct registration will allow shorter domains in the .au domain space, e.g. aspistrategist.au instead of aspistrategist.org.au. Tell auDA your thoughts here before 15 May.