Cyber wrap
24 Jun 2015|


It’s ConnectSmart week across the Tasman, an event that seeks to raise awareness of cyber security in the New Zealand community. National Cyber Policy Office director Paul Ash has encouraged Kiwis to come up with unique and complex passwords for all of their online accounts and to change them regularly; and Communications Minister Amy Adams noted the need for greater awareness of cyber security threats among small-to-medium sized enterprises, asking them to improve their online security through a few simple measures like securing work tablets and smartphones with passwords. To assist in reducing cyber security incidents, and as part of their contribution to ConnectSmart week, Auckland’s Unitec Institute of Technology and Japan’s National Institute of Information and Communications Technology launched a ‘Red Alert‘ service back in March. The subscription service will help protect any network that’s connected and subscribed to the service by issuing an alert as soon as an intrusion takes place. It’s also National Cyber Week in Israel.

Across the Pacific, the fallout from the Office of Personnel Management (OPM) breach continues. While the US has been careful to not officially name China as the source of the hack, others have pointed towards a Chinese group possibly named Shell Crew, PinkPanther, KungFu Kittens, Group 72 or Deep Panda. Cyber security incidents have had dramatic effects on the US-China relationship in the past, principally the suspension of the bilateral cybersecurity working group after the US indicted five PLA officers for cyber espionage.

Cyber security was reportedly discussed in ‘direct terms’ by Deputy Secretary of State Antony Blinken and China’s Executive Vice Foreign Minister, Zhang Yesui, at Monday’s Strategic Security Dialogue in Washington DC. Treasury Secretary Jack Lew was similarly direct on US concerns about Chinese support for economic cyber espionage at the bilateral Strategic and Economic Dialogue on Tuesday. Those talks precede the visit of Chinese president Xi Jinping to Washington DC in September this year.

Also in DC, the House approved the 2016 Intelligence Authorization Bill that sets requirements for the new Cyber Threat Intelligence Centre, and would compel the administration to provide detail to Congress on the breach at OPM. Several senators have also begun to lobby for cybersecurity information sharing legislation to progress quickly.

Further afield, June marks the one year anniversary of the African Union’s (AU) Convention on Cyber security and Personal Data Convention. The convention established a standard legal framework for conducting electronic commerce, protecting personal data, promoting cybersecurity, and addressing cybercrime. While no AU members have ratified the convention, Kenya, Madagascar, Mauritania, Morocco, Tanzania, Tunisia and Uganda are in the process of adopting national cybersecurity legislation, although these laws may be more damaging to human rights than the AU convention. Overall the future for cyber security in Africa appears to remain dim.

And finally in Australia, the intergovernmental Financial Action Task Force met in Brisbane this week, where discussions on terrorist networks using the internet for fund raising took place, as well as the use of BitCoin and other online currencies to hide terrorist financing. FATF head and former Secretary of the Attorney-General’s Department Roger Wilkins noted that further research on the use of cyberspace to finance groups including Boko Haram and Jemaah Islamiyah was needed, and that exchanges that turned virtual currencies into hard cash should be required to report suspicious transactions in the same way as banks do. In Canberra last week, Defence Minister Kevin Andrews previewed  what’s in store for cyber security in the forthcoming Defence White Paper. At the same conference, other senior Defence leaders spoke about the need for innovative non-traditional recruitment techniques to attract cyber expertise to Defence—and keep it there.