Cyber wrap
5 Aug 2015|

Security lock console background.

As we await the release of Government’s Cyber Security Strategy, the Australian Cyber Security Centre’s first unclassified threat report has provided an indication of the challenges the Strategy is seeking to overcome. The high rate of incidents reported by the energy and telecommunications sector in the ACSC report correlates with a leaked NSA map that shows Chinese cyber espionage attempts in the US, with notable concentrations on US electricity grid and telecommunications targets. Cisco has released its submission to the Cyber Security Review calling for a national cyber strategy, stronger leadership at the CEO and Board level of cyber security issues, and the development and promotion of Australia as a safe house for digital business in the region.

Following its submission to the Cyber Security Review back in May, the Australian Industry Group has also released a position paper developed as part of the B20 Coalition, calling on G20 leaders to do more to fight cybercrime and reduce international regulatory inconsistencies that prevent the growth of the global digital economy. Digital business is thriving in Israel, where the cyber security industry has surpassed the arms industry as the country’s biggest export earner, netting $6 billion and holding 10%of the world market. Capitalising on the opportunities that cybersecurity services provide, British PM David Cameron has been touring Southeast Asia this week with a British trade delegation seeking to drum up business for Britain, including an agreement to work with Singapore on cybersecurity incident response and talent development.

While global efforts to reduce cybercrime continue unabated, even the most resolute efforts continue to be challenged by determined and skillful cyber criminals. Two weeks after being taken down in a multinational police sting, the online cybercrime marketplace Darkode has re-emerged in a new and more secure format, operating through Tor and by invite only. Despite the arrest of 28 users and admins, the current administrator told the Register that the site has retained most of its staff as the international police raids mainly netted new or inactive users.

David Sangar has reported in The New York Times that the US is considering options to retaliate against China for the OPM hack. Over at CFR, Adam Segal has evaluated one of the options which is to undermine the Great Firewall, demonstrating to the Chinese Communist Party that its ability to control information within China is put at risk by its cyber espionage. However, Segal surmises that this is a disproportionate response with significant escalatory risks. It has been suggested that the Pentagon needs to develop a ‘cyber deterrent’ equal to the nuclear deterrent, but this implies that a cyber response is the only way to respond to cyber attack.  Steve Metz considers this argument in his article on the principles of cyberwar, countering that you must demonstrate the ability to respond symmetrically and asymmetrically both physically and in cyberspace to deter cyberattacks. ICPC international fellow Jim Lewis has pointed out that the US already has the most sophisticated offensive cyber capability in the world but at the moment it has zero deterrent value as discussion of its capability is closely guarded.

On Sunday, the Indian Government moved to block access to 857 porn sites under Rule 12 of the country’s IT Act, under which Government can force ISPs to block websites. Indian privacy advocates have been critical of the move, which they believe is unconstitutional intrusion into the private lives of Indians and part of a broader campaign by Government to enforce conservative Hindu mores. Last month, the Indian Supreme Court criticised Government for inaction on preventing access to child pornography. Talking to the BBC, an unnamed Indian official said that the current blockages were temporary until a technical means to restrict access to explicit material to adults could be implemented.

And if you were waiting until the last minute to submit your suggestions for the WSIS+10 review, submissions closed on 31 July. Input will be released as a non-paper in August and then evolve into the outcomes paper of the General Assembly High Level meeting in December 2015, completing the review of the 2005 Tunis Agenda for the Information Society.