Cyber wrap
14 May 2014|

The 2014–15 Australian Federal Budget was released last night, and many are still likely digesting its key points. Although criticised for going back on election promises after announcing deep spending cuts and more taxes, the Government did follow through on elevating the issue of cyber safety. According to the budget, the Government will provide $10 million over four years to improve the protection of children online by creating online safety programmes for schools, research and information campaigns on online safety, and establishing the Office of the Children’s e‑Safety Commissioner. However, the National ICT Australia—Australia’s peak ICT research group—will lose its $84.9 million funding after two years. Communications Minister Malcolm Turnbull stated that the organisation would then move to a ‘self-sustaining’ model.

In the US last week, Senator Patrick Leahy and Congressman James Sensenbrenner’s 2013 proposal for the USA Freedom Act, that prevents the NSA from collecting US phone and Internet metadata, passed unanimously in the House Judiciary Committee. According to the bill, ‘data [would remain] with the telephone and Internet companies and the NSA would only be authorised to approach those companies on an individual, case-by-case basis’ said David Cole, Professor of Law at Georgetown University. At an April 2014 debate at Johns Hopkins University on the NSA’s constitutionality, Cole quoted Stewart Baker, the former general counsel of NSA, as saying, ‘metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.’ Former NSA director Michael Hayden responded at the debate saying that was ‘absolutely correct’, and—rather chillingly—‘we kill people based on metadata.’

Australia is having its own mass surveillance debate. ASIO officials will be asked to face a Senate inquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act 1979 later this month. The inquiry was initiated by Greens Senator Scott Ludlam in December last year, to break what Ludlum called the ‘complicity of silence about surveillance in Australia’. News Corp spoke recently with Professor Desmond Ball on the issue and the apparent ease with which phone data can be collected.

Across the Tasman, New Zealand is dealing with the controversial passage into law of its 2013 Telecommunications (Interception Capability and Security) Act. The Government Communications Security Bureau (GCSB) and National Cyber Security Centre released guidance for network operators (PDF) last week. The guidance says that network operators are required to engage with the GCSB about changes to their networks and the ‘design, build or operation of public telecommunications networks and their interconnection to other networks both domestically and overseas’.

In Indonesia this week, the Indonesian military (TNI) has signed an agreement with the Institut Teknologi Del to develop a cyber defence and warfare centre. Army Chief of Staff General Budiman and Dr Roberd Saragih signed the agreement, which covers training and development of new offensive and defensive technologies to be used by the TNI in conducting cyber warfare operations.

Microsoft, through its Cyber Threat Intelligence Program, and the Australian Communication and Media Authority’s Australian Internet Security Initiative (AISI) have struck a new agreement to fight cybercrime. The agreement involves real-time sharing of data on Australian computers identified as being infected with malware. ‘The AISI, which has operated since 2005, is recognised globally for its work in sharing threat information with local Internet Service Providers,’ said Microsoft Australia chief security advisor, James Kavanagh.

The annual AusCERT information security conference began on the Gold Coast this week. Michael Cerny, PwC Australia Partner, will speak today at the conference about cyber security analytics and the need for organisations to build up a team of data scientists to complement their information security team. Broadly speaking, cyber security analytics aggregate security functions and data analytics, making cybersecurity processes more timely, automated and accurate. FireEye, IBM and Symantec have all made recent investments in developing cybersecurity software architecture.

Finally, if you’re a long-time fan of the American TV show CSI: Crime Scene Investigation, and don’t mind the cringe-worthy title, the latest spinoff is CSI: Cyber, and will be aired on CBS this year. The series will follow Avery Ryan, a special agent at the Cyber Crime Division of the FBI, tasked with solving ‘high-octane’ crimes.

Simon Hansen is an intern in ASPI’s International Cyber Policy Centre.