Connect with us


Australia has a challenge of scaling defence capabilities for large cyber attacks



Australian Defence Force (ADF) Head of Information Warfare Major General Marcus Thompson is concerned that while the nation has “good” defence capabilities, those capabilities might not be able to scale if Australia was faced with a large-scale attack in a cyber realm.

special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Speaking at the Cyber Storm international conference at the University of New South Wales (UNSW) Canberra Australian Defence Force Academy (ADFA) on Monday, Thompson said it’s what keeps him up at night.

“If we accept that the opening salvos of the next big fight will play out in cyber space, if they’re not already, it’s that capacity of the Australian government to respond … we know we’ve got good capabilities, but when it comes to scale, I’m a bit worried,” he said.

Painting a picture of a table comprised of ministers and agency and departmental heads, Thompson said after probing the Director General of the Australian Signals Directorate on what to do, the next person he believes the Prime Minister will turn to is the chief of the nation’s defence force.

“Sure we’ve got capabilities here, but it is not an environment that someone can parachute into,” he said.

Thompson discussed the ADF’s approach to “cyber” to try and ensure readiness, labelling the word itself as a “frequently used, poorly understood non-word”.

Read more: Cyber blitzkrieg replaces cyber Pearl Harbor

“When I would use that word … I reckon 99 people out of 100, in their head, would go directly to offence. When in fact it’s the defence of our networks and mission systems that is not only our most pressing priority, it’s the greatest challenge — and the more expensive challenge,” he said.

As a result, ADF developed a conceptual framework for ADF cyberspace operations, centred on self-defence, passive defence, active defence, and then offence.

“Three of the four include the word ‘defence’ — we’re trying to drag people away from thinking about offence all the time,” he explained.

He shared an example of an exercise that was conducted in 2016 alongside Blue Force, a major field training operation that was held in South Australia, involving around 4,000 people.

As part of the exercise, ADF had set up a social media monitoring team in south-east Queensland comprised of 12 individuals, five electronic warfare cyber operators, five intelligence analysts, and two lawyers.

It tested the weakest cybersecurity link in any organisation — a human.

“You would think that in an organisation like the ADF where secrecy comes natural to us that we’d have that sorted,” he said.

“[But] that team of 12 people took less than 48 hours to completely unpack the Blue Force unit nomenclature, unit locations through geo-locations that they were posting through social media, and in some cases, unit intent. And they did that using only open source tools.”

Their rules of engagement prevented them from moving past any passwords, Thompson said, and their monitoring ceased the instant that they moved past the ADF member to their family or friends.

Thompson said the team generated 671 individual intelligence files that led directly to actionable, targetable intelligence. 100 of those resulted in interviews of personnel.

Another similar exercise was conducted a year later.

“There was a noticeable improvement, however, an individual still posted to social media [of] a geotagged image from the inside of a command centre,” he added.

Also: CISOs given cyber leadership role in Australia’s new Information Security Manual

Thompson also posed the question of how much of Australia’s critical infrastructure the government should be responsible for.

“How do we defend civilian infrastructure we don’t control? That makes Telstra, Optus, Vodafone the operating environment; makes the banks, other financial institutions, utilities companies, targets,” he asked. “How do we determine what infrastructure will be the government’s responsibility to defend?”

At the same time that Thompson gave his address, 5 kilometres away, Prime Minister Scott Morrison disclosed that the nation’s political parties were also hit in an online attack earlier this month that had forced a password reset of all Australian Parliament House network users, including politicians and all of their staffers.

Regarding the online attack, Morrison said the networks of the Liberals, Labor, and Nationals were affected, but that the nation’s security agencies were securing those systems, and that there was no evidence of electoral interference.

“The Australian government will continue to take a proactive and coordinated approach to protecting Australia’s sovereignty, our economy, and our national security,” Morrison said. “Our political system and our democracy remains strong, vibrant and is protected.

“The government has chosen to be transparent about these matters. This is in itself an expression of faith by our government in our democratic system and our determination to defend it.”


Cyber blitzkrieg replaces cyber Pearl Harbor

The first cyber attack in the war against electricity grids was in 1999, says one of Australia’s leading cyber strategists, but 20 years later we’re still not ready to face ‘multi-vector’ cyber attacks.

At least nine global MSPs hit in APT10 attacks: ACSC

HPE and IBM are reportedly among the managed service providers targeted by China’s APT10 group. Meanwhile, the Australian Cyber Security Centre hasn’t ruled out government agencies being among the end targets.

Cyberwar predictions for 2019: The stakes have been raised

Cybersecurity will define many of the international conflicts of the future. Here’s an overview of the current threat landscape, UK and US policy in this area, and some expert predictions for the coming year.

Culture the missing link for cybersecurity’s weakest link

Whether people are your weakest link and falling for phishing attacks, or your strongest link and looking out for anything suspicious, is down to your organisation’s culture.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Managing Vulnerabilities in a Cloud Native World



This free 1-hour webinar from GigaOm Research brings together experts in Cloud Native Vulnerability Management, featuring analyst Iben Rodriguez and special guest from Palo Alto Networks, John Morello. The discussion will focus on optimizing cloud security posture and integration with enterprise tool sets.

We will review platforms delivering Security Posture Management and Workload Protection for Microservice based and Hybrid Cloud Workloads.

Registrants will learn how new customers can benefit from Prisma Cloud to better secure their complex multi-cloud environments. Existing customers will learn about new features they can take advantage of and how to optimize their limited resources.

Register now to join GigaOm and Palo Alto Networks for this free expert webinar.

The post Managing Vulnerabilities in a Cloud Native World appeared first on Gigaom.

Continue Reading


Security Tools Help Bring Dev and Security Teams Together



Software development teams are increasingly focused on identifying and mitigating any issues as quickly and completely as possible. This relates not only to software quality but also software security. Different organizations are at different levels when it comes to having their development teams and security teams working in concert, but the simple fact remains that there are far more developers out there than security engineers.

Those factors are leading organizations to consider security tooling and automation to proactively discover and resolve any software security issues throughout the development process. In the recent report, “GigaOm Radar for Developer Security Tools,” Shea Stewart examines a roundup of security tools aimed at software development teams.

Stewart identified three critical criteria to bear in mind when evaluating developer security tools. These include:

  • Vendors providing tools to improve application security can and should also enhance an organization’s overall security posture.
  • The prevailing “shift-left” mindset doesn’t necessarily mean the responsibility for reducing risk should shift to development, but instead focusing on security earlier in the process and continuing to do so throughout the development process will reduce risk and the need for extensive rework.
  • Security throughout the entire software development lifecycle (SDLC) is critical for any organization focused on reducing risk.

Figure 1. How Cybersecurity Applies Across Each Stage of the Software Development Lifecycle *Note: This report focuses only on the Developer Security Tooling area

Individual vendors have made varying levels of progress and innovation toward enhancing developer security. Following several acquisitions, Red Hat, Palo Alto Networks, and Rapid7 have all added tooling for developer security to their platforms. Stewart sees a couple of the smaller vendors like JFrog and Sonatype as continuing to innovate to remain ahead of the market.

Vendors delving into this category and moving deeper into “DevSecOps” all seem to be taking different approaches to their enhanced security tooling. While they are involving security in every aspect of the development process, some tend to be moving more quickly to match the pace of the SDLC. Others are trying to shore up existing platforms by adding functionality through acquisition. Both infrastructure and software developers are now sharing toolsets and processes, so these development security tools must account for the requirements of both groups.

While none of the 12 vendors evaluated in this report can provide comprehensive security throughout the entire SDLC, they all have their particular strengths and areas of focus. It is therefore incumbent upon the organization to fully and accurately assess its SDLC, involve the development and security teams, and match the unique requirements with the functionality provided by these tools. Even if it involves using more than one at different points throughout the process, focus on striking a balance between stringent security and simplifying the development process.

Read more: Key Criteria for Evaluating Developer Security Tools, and the Gigaom Radar for Developer Security Tool Companies.

The post Security Tools Help Bring Dev and Security Teams Together appeared first on Gigaom.

Continue Reading


Key Criteria for Evaluating User and Entity Behavior Analytics (UEBA)



Cybersecurity is a multidisciplinary practice that not only grows in complexity annually but evolves nearly as quickly. A survey of the security landscape today would reveal concerns ranging from the classic compromised servers to the relatively new DevSecOps practices aimed at securing the rapid deployment of new code and infrastructure. However, some things remain constant no matter how much change is introduced. While technology evolves and complexity varies, there is almost always a human component in
risks presented to an organization.

User Behavior Analysis (UBA) was designed to analyze the actions of users in an organization and attempt to identify normal and abnormal behaviors. From this analysis, malicious or risky behaviors can be detected. UBA solutions identify events that are not detectable using other methods because, unlike classic security tools (an IDS or SIEM for example), UBA does not simply pattern match or apply rule sets to data to identify security events. Instead, it looks for any and all deviations from baseline user activity.

As technology advanced and evolved, and the scope of what is connected to the network grew, the need to analyze entities other than users emerged. In response, entity analysis has been added to UBA to create UEBA or User and Entity Behavior Analysis. The strategy remains the same, but the scope of analysis has expanded to include entities involving things like daemons, processes, infrastructure, and so on.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

The post Key Criteria for Evaluating User and Entity Behavior Analytics (UEBA) appeared first on Gigaom.

Continue Reading