Cyber wrap
Posted By
Liam Nevill
on May 10, 2017 @ 12:30
The 2017
Cyber Security Challenge Australia (CySCA) kicks off today. Seventy-nine
teams will compete over 24 hours for trips to cybersecurity conferences including
DEFCON,
Cisco Live, and
RUXCON, as well as the possibility of being headhunted for a cyber security job. CySCA is just part of the Australian government’s push to expand the cybersecurity talent pool in Australia.
Last Friday, the government’s Special Advisor, Alastair MacGibbon, was
talking up the need to start teaching primary school children about cybersecurity. And MacGibbon’s deputy, Sandra Ragg, was also out on the hustings last week pitching the idea of an
Australian cyber alumni network to a conference in Sydney. The network would be a means to transfer skills between the public and private sectors, crowd source new ideas and provide a ‘surge’ capability for major cybersecurity threats to the country.
Also in Canberra last week was the inaugural
Australia-Indonesia Cyber Policy Dialogue, hosted by Australia’s Cyber Ambassador Dr Tobias Feakin. The Dialogue, announced by the
Prime Minister and Indonesian President Widodo in February, reportedly discussed views on international cyber norms, cooperation on cybersecurity and engagement with regional countries to reduce cyber risks. Mirroring the broader bilateral relationship, Australia’s cyber relationship with Indonesia
has been rocky in the
past, but events such as the Dialogue indicate a new positive focus from both countries.
China has launched an ambitious program to
write an online Chinese Encyclopaedia, dubbed a ‘Great Wall of Culture’ by its new editor in chief Yang Muzhi. 20,000 authors have been recruited from Chinese universities to write 300,000 entries. Yang also told the South China Morning Post that the project will directly compete with Wikipedia,
to ‘guide and lead the public and society’. SCMP also notes that access to Wikipedia in China is ‘patchy’, with possibly controversial subjects usually timing out. Gizmodo notes that
Wikipedia access has been a tricky subject for Chinese web-censors, who have variously blocked access to single pages, the Chinese version, and the
whole site at different times.
The French presidential election was marred by the last minute
dump of nine gigabytes of information stolen by hackers from the eventual victor Emmanuel Macron’s campaign. Macron’s campaign headquarters had previously
noted persistent attempts by suspected Russian-linked hacking group APT28 to access campaign information. Just before the 12pm Friday media blackout, Macron’s campaign announced that they had fallen victim to a ‘massive hacking attack’, which resulted in
thousands of emails, internal campaign memos and accounts being posted online late Friday. The material also included some
obviously fake documentation.
While the documents were largely mundane, and the incident didn’t appear to have a noticeable effect on the ultimate outcome, Macron
hasn’t ruled out retaliation against Russia for the incident. His foreign policy adviser said that ‘We will have a doctrine of retaliation when it comes to Russian cyberattacks or any other kind of attacks’. France’s
national cybersecurity agency will also be investigating the incident.
In Germany, Hans-Georg Maasse, the head of domestic security agency
BfV,
has threatened to ‘wipe out’ servers used by threat actors, including
APT28,
APT29 and
APT10, if the owners of the servers aren’t willing to assist authorities to prevent further cyber incidents. BfV has
been investigating hacking incidents that targeted the Bundestag in 2015 and political associations connected with the major parties last month, that have all been linked to Russian cyber actors. And according to the Washington Post, two former officials from the Obama Administration
have called for a comprehensive US/NATO/EU strategy to deter further Russian attempts to ‘subvert’ elections.
The British Army has announced a new recruitment campaign for cyber savvy soldiers after its previous attempts failed to secure the necessary number of recruits.
Payments of £5,000, known as a ‘Golden Hello’, will be provided to communications systems operators and engineers in the Royal Corps of Signals. Meanwhile, the US Marine Corps is reportedly struggling with the concept of
admitting cyber skilled Marines through lateral entry programs that allow personnel to skip basic training in junior ranks. Concerns that the Marines can’t recruit enough of the right people to ensure mission effectiveness are balanced by concerns that lateral entry will undermine the Marine’s
esprit de corps and the ‘every Marine a rifleman’ ethos.
Japan’s Yomiuri Shimbun has learnt that Japan’s Internal Affairs and Communications Ministry
plans to introduce a certification system for IoT devices in 2018. The Ministry plans to devise an index to rate the cybersecurity measures of IoT devices, which will be indicated by a Ministry certification mark. The emergence last year of the
Mirai botnet, which uses infected IoT devices to mount massive denials of service (DDoS) , has further heightened long standing concern among governments and cybersecurity researchers about the security of IoT devices.
And finally, the manager of the .au domain
auDA wants your views on the introduction
of direct registration in Australia. The change to direct registration will allow shorter domains in the .au domain space, e.g. aspistrategist.au instead of aspistrategist.org.au. Tell auDA your thoughts
here before 15 May.
Liam Nevill is the principal analyst in ASPI’s International Cyber Policy Centre. Image courtesy of Pixabay user Magnascan.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-163/
[1] Cyber Security Challenge Australia (CySCA): https://www.cyberchallenge.com.au/
[2] teams will compete: https://www.dpmc.gov.au/news-centre/cyber-security/we-have-our-teams-let-training-begin-cysca-2017
[3] DEFCON: https://www.defcon.org/
[4] Cisco Live: https://www.ciscolive.com/global/
[5] RUXCON: https://ruxcon.org.au/
[6] talking up the need to start teaching primary school children about cybersecurity: http://www.zdnet.com/article/cyber-education-needs-to-start-in-primary-school-macgibbon/
[7] Australian cyber alumni network: http://www.innovationaus.com/2017/05/Govt-taps-new-cyber-alumni-plan/
[8] Australia-Indonesia Cyber Policy Dialogue: http://dfat.gov.au/international-relations/themes/cyber-affairs/Pages/australia-indonesia-cyber-policy-dialogue.aspx
[9] Prime Minister and Indonesian President Widodo in February: http://jakartaglobe.id/news/indonesia-australia-join-hands-to-strengthen-cybersecurity/
[10] has been rocky: http://www.abc.net.au/news/2013-11-18/australia-spied-on-indonesian-president,-leaked-documents-reveal/5098860
[11] past: http://www.abc.net.au/7.30/content/2015/s4394903.htm
[12] write an online Chinese Encyclopaedia: http://en.people.cn/n3/2017/0508/c90000-9212437.html
[13] to ‘guide and lead the public and society’: http://www.scmp.com/news/china/policies-politics/article/2091140/china-taking-wikipedia-its-own-online-encyclopaedia
[14] Wikipedia access has been a tricky subject for Chinese web-censors: https://www.gizmodo.com.au/2017/05/chinas-shot-at-wikipedia-aims-to-be-a-great-wall-of-culture/
[15] whole site: http://www.ibtimes.co.uk/chinas-government-has-blocked-wikipedia-its-entirety-again-1532138
[16] dump of nine gigabytes of information stolen by hackers: http://www.aljazeera.com/news/2017/05/emmanuel-macron-campaign-massive-email-hack-170505232002764.html
[17] noted persistent attempts: https://www.washingtonpost.com/opinions/the-kremlin-turns-its-electoral-meddling-to-western-europe/2017/04/30/c937c2cc-2ab1-11e7-a616-d7c8a68c1a66_story.html?utm_term=.8a0c0b033aad&tid=a_inl
[18] thousands of emails, internal campaign memos and accounts being posted online late: https://www.dawn.com/news/1331546
[19] obviously fake documentation: https://www.bloomberg.com/news/articles/2017-05-08/macron-hack-attack-clumsy-and-ignored-is-met-with-gallic-shrug
[20] hasn’t ruled out retaliation: http://www.telegraph.co.uk/news/2017/05/08/emmanuel-macron-prepared-use-force-retaliate-russian-cyber-attacks/
[21] national cybersecurity agency: http://www.sfgate.com/news/politics/article/French-watchdog-large-amount-of-Macron-data-11126211.php
[22] BfV: https://en.wikipedia.org/wiki/Federal_Office_for_the_Protection_of_the_Constitution
[23] has threatened to ‘wipe out’ servers: https://www.itnews.com.au/news/germany-challenges-russia-over-alleged-cyber-attacks-460542
[24] APT28: https://en.wikipedia.org/wiki/Fancy_Bear
[25] APT29: https://en.wikipedia.org/wiki/Cozy_Bear
[26] APT10: http://baesystemsai.blogspot.com.au/2017/04/apt10-operation-cloud-hopper_3.html
[27] been investigating hacking incidents: http://mashable.com/2017/05/05/cyber-war-russia-germany/#_mo15XffWkqp
[28] have called for a comprehensive US/NATO/EU strategy: https://www.washingtonpost.com/news/democracy-post/wp/2017/05/08/russia-is-still-waging-cyberwar-against-western-democracy-its-time-to-push-back/
[29] Payments of £5,000, known as a ‘Golden Hello’, will be provided: https://www.thesun.co.uk/news/3498364/army-recruits-offered-5000-to-become-cyber-soldiers-after-the-mod-fail-to-attract-enough-volunteers/
[30] admitting cyber skilled Marines through lateral entry programs: https://www.marinecorpstimes.com/articles/future-of-the-marine-corps
[31] plans to introduce a certification system for IoT devices: http://www.the-japan-news.com/news/article/0003672638
[32] Mirai botnet: https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/
[33] auDA: https://www.auda.org.au/about-auda/
[34] of direct registration in Australia: https://www.auda.org.au/policies/policy-reviews/au-direct-registration/
[35] here: http://survey.confirmit.com.au/wix/p1793193.aspx