This week has seen the release of two government papers on the issue of cybercrime. On Monday The Attorney General’s Department launched the National Plan to Combat Cybercrime, the key policy announcement of which was the creation of the Australian Cybercrime Online Reporting Network, or ACORN. The paper also lays out sensible foundations for further discussion and collaboration on cybercrime issues with both government and the private sector.
Yesterday the Australian Crime Commission’s released the Organised Crime in Australia 2013 report. The cyber and technologically-enabled crime section of the paper goes into detail on the economic cost of cybercrime, estimated to be around US$1.7 billion per year to Australia. The paper also has contains some intriguing analysis on how organised crime groups conduct their activities online.
Kevin Mandia, CEO of Mandiant, has spoken about his company’s rapid growth following the release of their highly publicised report exposing China’s PLA Unit 61398 cyber espionage group. He also spoke about the prevalence of human-targeting-human cyber-attacks such as spearphishing.
Over at the Economist, Mandiant’s chief security advisor Richard Bejtlich is involved in a lively debate with Thomas Rid; ‘is the Risk of Cyber-warfare overrated‘?
The Guardian has delved into the issue of human error in private sector cyber security breaches. Two thirds of data breaches globally in 2012 were due to systems glitches and human error. The article presents a strong case for holistic cyber security policies led by board members and senior leadership as a means to affect cultural change in information security practices.
Singapore has released a new five-year National Cyber Security Masterplan. The plan, released by the Infocomm Development Authority, adopts an expansive, whole of government approach to cyber security. It outlines plans to engage private industry and civil society in the goal of boosting the country’s cyber resilience. Key tenets of the plan include strategies to protect critical infrastructure, boost end user awareness and build the cyber security expert pool by collaborating with universities.
Nigeria is set to introduce the latest iteration of its Cyber Security Bill to the National Assembly by the end of the year. This marks the country’s third attempt to pass the much needed legislation after failed attempts in 2005 and 2008. It’s hoped that a new coordinated approach to the Bill will see it pass into law and help abate the high levels cybercrime within the country.
Tobias Feakin is the Director of ASPI’s International Cyber Policy Centre. Jessica Woodall is an analyst at ASPI.