Australian Cyber Security Magazine, ISSUE 12, 2022

Page 1


Changing of the guard at AustCyber Calls for greater scrutiny of CI bill Australia’s coordinated cybercrime crackdown Top three malware in Australia revealed

Building a global encryption business Zero-Knowledge proofs for vulnerability disclosure Confidential computing: Enforces the trusted execution environment (TEE)



MySec.TV weekly episode highlights

App now available

on iTunes &


17-19 AUGUST 2022 | ICC SYDNEY

A New Way to Connect

The inaugural Security Industry Forum this 22 September 2022, offers you a unique opportunity to get your brand exclusive exposure to Victoria’s key security buyers and maintain your brand presence year-round. FIND OUT MORE AT: security-industry-forum/

Grow your brand potential at Australia’s leading industry event For over three decades the Security Exhibition & Conference has been the most established and respected trade event for the security industry in Australia, bringing together the full spectrum of manufacturers, distributors, security professionals and end users. Position your business and amplify your brand among the industry’s most powerful influencers. Network with the most established names, discover the latest technology and create profitable opportunities.



CONTACT THE TEAM P 1300 DIVCOM (1300 348 266) E W


Check out our latest Cyber Security Weekly Podcasts Episode 311 – Reforming Electronic Surveillance in Australia – Part 2 – Submission from the Australia National University 00:00



Episode 310 – Reforming Electronic Surveillance in Australia – Part 1 – Submission from the Australia Computer Society 00:00



The Australian Department of Home Affairs is in the process of overhauling Australia’s electronic surveillance framework. We speak with Dr William Stoltz following a public submission authored by Dr. Dominique Dalla-Pozza of the ANU College of Law and Dr. William A. Stoltz of the ANU National Security College and informed by an ANU CoL-NSC Joint Dialogue held in December 2021 during which a number of scholars from across the ANU. To read the submission visit submission_-_electronic_surveillance_reform_-_anu_college_of_law_ and_national_security_college_11.02.22.pdf This follows our interview with Dr Nick Tate, President of the Australian Computer Society – available here

We speak with Dr Nick Tate, President of the Australian Computer Society (ACS). Nick is also President of the South-East Asia Regional Computer Confederation (SEARCC) and an Adjunct Professor of IT and Electrical Engineering at the University of Queensland. The ACS has recommended the Australian Government change the way electronic surveillance is performed by the nation’s law enforcement agencies. In a written response to the Department of Home Affairs’ Reform of Australia’s electronic surveillance framework Discussion Paper last week, ACS called on the government to stop ‘deputising’ IT professionals and technology companies. This follows ACS’ objection to the 2018 Assistance and Access Bill requiring Australian IT companies and professionals to secretly assist in cracking electronic protections when called upon to do so by agencies. To read more visit To view the MySec.TV version visit

Contents Contents Editors Desk

Director & Executive Editor Chris Cubbage Director David Matrai

Calls for Greater Scrutiny of CI Bill

Art Director Stefan Babij

MARKETING AND ADVERTISING Copyright © 2020 - My Security Media Pty Ltd GPO Box 930 SYDNEY N.S.W 2001, AUSTRALIA E:

Australia’s coordinated cybercrime crackdown

All Material appearing in Australian Cyber Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.



Movers and Shakers


Changing of the Guard at AustCyber


Calls for Greater Scrutiny of CI Bill


Australia’s coordinated cybercrime crackdown


Collaborating cyber insights on critical infrastructure act changes


ISACA Singapore Chapter


Chinese interests allegedly behind news corp cyberattack


Top three malware in Australia revealed


Meta pledges additional resources to counter electoral misinformation


Australian small businesses post lowest growth rate


Do no harm – First rule for cyber incident first responders


Building a global encryption business


Zero-Knowledge proofs (ZKPs) for vulnerability disclosure


Confidential Computing: Enforces the Trusted Execution Environment (TEE)


The right DX strategy for getting ahead in the digital economy


The future is computer vision


Web 3.0: Sign-in with Ethereum on its way


In the rush to the multi-cloud, don’t lose sight of visibility


Top three malware in Australia revealed @MSM_Marketplace

Meta pledges additional resources to counter electoral


Zero-Knowledge proofs (ZKPs) for vulnerability disclosure

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.

Correspondents* & Contributors Jane Lo* Andrew Curran* Sarah El-Moselhi*

The right DX strategy for getting ahead in the digital economy

Kenneth Yu Vinoth Venkatesan Guy Matthews Nigel Steyn Jason Baden

Editor's Desk

"This investment in ASD (Australian Signals Directorate) recognises the deteriorating strategic circumstances in our region, characterised by rapid military expansion, growing coercive behaviour and increased cyber-attacks. It acknowledges the nature of conflict has changed, with cyber-attacks now commonly preceding other forms of military intervention – most recently demonstrated by offensive cyber activity against Ukraine" - Australian Defence Minister Peter Dutton, 29 March 2022.


he latest Federal Budget had technology and cybersecurity on the main stage with a broad range of policies and strategies, including the release of the Digital Economy Strategy 2022 Update which supports progress to become a top 10 digital economy by 2030. In addition to 120 per cent business tax concessions for cybersecurity, the Government announced REDSPICE. Nothing like a good acronym - Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers, or ‘REDSPICE’ is the government’s response to increasing threats of global cyberattacks, and is the nation’s largest investment in cybersecurity to date. REDSPICE is funded to substantially increase the ASD offensive cyber capabilities, its ability to detect and respond to cyber-attacks, introduce new intelligence capabilities and supporting approximately 1,900 new ASD jobs throughout the coming decade. Indeed, government sectors will be competing against each other to build a skilled cyber workforce from a limited talent pool. An example is the Joint Policing Cybercrime Coordination Centre (or the ‘JPC3’), based in the AFP’s NSW Headquarters, which has just been established with $89 million in funding allocated in the Cyber Security Strategy. With government efforts to lift their cyber capabilities ramping up, the greatest challenge remains meeting the skills demand for the sector – and it’s a worldwide concern. Interestingly, as a side note, with such a sustained demand on skills, as well as a demanding threat landscape, the mental health and stress management for the existing workforce has also arisen. According to ISACA’s latest global report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, organisations are continuing to struggle with hiring and retaining qualified cybersecurity professionals and managing skills gaps. Sixty-six percent report that their cybersecurity teams are understaffed. Almost 50 percent say it takes three to six months to

find qualified cybersecurity candidates for open positions. The top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (67 percent), a recommendation from a previous employer (32 percent), and credentials (20 percent). Likewise, Amazon Web Services released a research study ‘Unlocking APAC’s Digital Potential: Changing Digital Skill Needs and Policy Approaches’, which found Australia needs an additional 6.5 million newly skilled and reskilled digital workers by 2025 – 79 percent more than we have today. The skills challenge has been and will continue to be with us for some time. Government and industry will be competing for a limited resource and the global demand may make attracting offshore skills harder than what other sectors may experience. They’re at least being creative and proactive. A good example is the Co-Lab Honours grant, opened by the ASD and the Australian National University (ANU) which will bring together ANU academics and ASD’s analysts and technologists to collaborate on research projects and STEM career pathways for students. In this edition, Kenneth Yu of Tesserent highlights the importance of investing in first responder training to enable your cybersecurity or IT team to better respond when an incident inevitably occurs. Skilled incident responders will know how to use tools that can take disk images, memory dumps and other data that can help. This is the equivalent of a digital autopsy, dissecting what happened to learn the cause and prevent a recurrence. In his continued contribution, Vinoth Venkatesan provides some optimism for the Confidential Computing landscape and how this domain continues to evolve quickly. Confidential computing guards data in use by performing the computation in a hardware-based Trusted Execution Environment. These isolated and

secure environments prevent unauthorised access or modification of applications and data while in use, thus increasing the security level of organisations that manage sensitive and regulated data. Our cover feature on digital transformation (DX) comes from a panel session with IDC and regional insights for the Asia Pacific. Although the COVID pandemic sped up many DX plans, many of those plans were already in place before the pandemic hit. Nikhil Batra, Associate Research Director with IDC notes, “There was a new approach to resiliency, where you are not just addressing business challenges but learning to respond rapidly to extreme changes in the external environment.” Digital transformation, he believes, has now evolved into digital resiliency and helping organisations achieve the stature of a future enterprise. Those that have achieve resiliency have treated this pandemic as not just a challenge but also as an opportunity to leapfrog some of their competition. We also include some of the more notable ‘Movers and Shakers’ and provide event takeaways from the inaugural Cyber Risk Meetup in Adelaide and Jane Lo provides her highlights from Singapore’s SheLeadsTech event with ISACA. We continue to take a deep dive into the cybersecurity domain, corporate risk management and throughout we have links through to our Tech & Sec Weekly Series and the latest Cyber Security Weekly podcasts. On that note, as always, there is so much more to touch on and we trust you will enjoy this edition of Australian Cyber Security Magazine. Enjoy the reading, listening and viewing!

Chris Cubbage CPP, CISA, GAICD Executive Editor



Dan Lohrmann and

Shamane Tan

We speak with authors Dan Lohrmann and Shamane Tan following the recent release of Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions. From the Inside Flap Digital transformation and cyber insecurity converged spectacularly in recent years, leading to some of the highest profile network security failures in modern history. From the SolarWinds hack to the Colonial Pipeline ransomware event, these incidents dramatically highlighted the need for impactful and effective leadership through a crisis. In Cyber Mayday and the Day After, a team of veteran cybersecurity leaders delivers an incisive collection of stories, strategies, tactics, lessons, and outlooks from some of the top C-executive leaders around the world. Packed with insights from former FBI agents, NASA professionals, government Chief Information Security Officers, and high-profile executives, this book offers the practical examples and workable solutions that leaders need to succeed in the 21st century.

THE GROWING RANSOMWARE THREAT Ransomware attacks can be devastating - regardless of whether a victim decides to pay. Business disruption, reputational harm, time lost while recovering from the incident, and regulatory/compliance ramifications can lead to higher costs and operational harm over the long term. Palo Alto Networks Unit 42 Security Consulting and Threat Intelligence teams analyzed incident response cases we handled in combination with larger insights on the ransomware threat landscape, such as groups’ activity on the Dark Web, to identify patterns and insights that could help organizations bolster their defenses against ransomware.


Costs Continue to Rise

As new ransomware groups join the fray, past players re-emerge and existing ransomware operators continue to attack – and push their victims to pay more.


Evolving Tactics, Techniques and Procedures (TTPs)

Cybercriminals are constantly updating their tools and attack methods, while finding ways to optimize their business models to maximize profits. Inreased use of Zero-Day Vulnerabilities helps threat actors take victims by surprise

Adoption of prolific ransomware as a service (RaaS) business model lowers the technical bar for attacks and opens the door

Multiple Extortion Techniques pressure victims to pay more and faster


Ransomware Groups are More Active than Ever

As new adversaries emerge, established players keep optimizing malware and building out capabilities to affect more types of systems, widening the scope of possible victims in the process. Conti Emerged in 2020, became most active group in 2021

REvil/Sodinokibi Second most active ransomware group during 2021

BlackCat Surfaced in 2021. Its leak-site quickly jumped to seventh most active


A Significant Global Problem

No region or industry is immune to ransomware attacks, and at least one victim from 90 different countries appeared on ransomware group’s leak sites in 2021. of ransomware victims

60% located in the Americas 31%

of ransomware victims in EMEA


How to Increase Your Ransomware Resilience


As ransomware threats grow and evolve, and groups continue to hone their tactics, it’s more important than ever to bolster your defenses and improve your ransomware resilience. Unit 42 recommends the following steps: 1. Stay up-to-date on the evolving landscape

6. Identify and shut down access to your exposed assets

2. Understand the business impact of losing critical data

7. Prevent known and unknown threats

3. Assess your internal and external readiness

8. Automate where possible

4. Review and test your incident response plan

9. Secure cloud workloads

5. Implement Zero Trust approach to secure your organization

10. Reduce response time with incident response retainers

Get the 2022 Unit 42 Ransomware Threat Report for a deeper dive of the ransomware threat landscape, and gain actionable insights from security experts to help address your ransomware vulnerability.

Download the report

Australian Cyber Security Magazine | 43



Interview with

Ches Rafferty Managing Director & Co-founder

Scantek began as a provider of intelligent physical ID scanning solutions to bars and nightclubs in 2011. The system was quickly recognised for its ability to increase patron numbers, reduce antisocial behaviour and therefore increase company profits, and quickly grew to replace existing ID systems at most venues across the country. Today, the hardware can be found in over 700 locations, with clientele including Telstra, Crown Casino Group, Star Casino and AHG Group. We speak with Ches Rafferty, Managing Director and co-Founder about how the company is now incorporating the scanning and management of COVID-19 related vaccination certificates into the platform as state and federal government mandates roll out across workplaces and industry sectors.

10 | Australian Cyber Security Magazine

11 - 12 May 2022 | National Convention Centre Canberra Australia's Most Important Event for ICT in Government returns in 2022.

50% OFF!




Use code ACSM50 to claim your discounted pass Register at | Booking Enquiries (02) 7208 8162

WRITE FOR US! The Australian Cyber Security Magazine is seeking enthusiastic cyber security professionals who are keen on writing for our magazine on any of the following topics: • • • • • • • • •

Digital forensics in Australia Workforce development Security in the development lifecycle Threat management and threat hunting Incident management Operational security Security book reviews Risk management True crime (cybercrime)

If you are interested in writing for us, please send your article pitches (no more than 200 words) to the editors’ desk at:

Interested in Blogging? You may or may not be familiar with our website, which also provides daily infosec news reviews, as well as our weekly newsletters. We’d like to hear from anyone who’d be interested in contributing blog posts for our platform that reaches out over 10,000 industry 12 | Australian Cyber Security Magazine

professionals per month, where you can express your opinions, preferences, or simply rant about the state of the cyber security world. If you stay on topic and stick to the facts, we’ll be happy to publish you. If interested, email the editors at :

You’re invited to the International Space Bridge Series: UK – Australia

Wednesday May 11th 5:30pm – 8:30pm Space Hub, Cicada Innovations


Counterparts Insights Session



UK – Australia Space Bridge: Trade & Investment T H E I N T E R N AT I O N A L S PA C E B R I D G E S E R I E S I S P R O U D LY S U P P O R T E D B Y COMMUNITY SUPPORTER



Build your network, gain knowledge and meet like-minded people, business and policy experts, academic researchers and students interested in the growing Space industry both in Australia and Internationally.

Australian Cyber Security Magazine | 11

Movers and Shakers EY bolsters ranks with appointment of former AustCyber CEO EY is proud to announce Michelle Price will join as Partner in the Oceania cyber security, privacy and trusted technology practice, starting May 2. Michelle joins EY having recently served as CEO for AustCyber since 2018 inception and having been with the company since its inception in 2017. Richard Bergman, EY Oceania cyber security leader: “We are thrilled to have someone of Michelle’s calibre in the cyber security sector join us at EY. “Michelle has a distinguished career as an instrumental figure responsible for the growth of Australia’s cyber security entrepreneurial talent, and assuring a diverse pipeline of people and technology capabilities for the industry and wider economy. “Michelle will be leading the Government and Public Sector team within EY Oceania cyber security, practice and primarily focused on protecting Digital Government and essential services. Michelle will also grow EY’s cyber security ecosystem and the Industry including working with start-up and the private equity community. “EY is really excited Michelle is joining our growing cyber practice to apply and expand her reach and impact with our clients who will benefit from her deep experience. “The depth of cyber talent in the EY ranks continues to ensure that clients across all sectors and service lines are well served by leading professionals who understand the ever-changing threat environment,” said Mr Bergman. Michelle Price said: “I’m very excited to be joining EY; it’s a perfect cultural fit with its transformational approach to tackling cyber security challenges with clients, and a global network of leading practitioners and resources to continue my passion for the cyber security sector and protecting Australia.”

LogRhythm appoints new ANZ country manager LogRhythm has announced the appointment of Michael Bovalino as Australia and New Zealand Country Manager.

Based in Melbourne, Bovalino has more than 20 years of experience in sales, business development and customer account management in the IT industry. He will be responsible for accelerating customer and revenue growth, overseeing account management and working closely with LogRhythm’s channel partners to ensure the delivery of robust security posture for end user enterprise and public sector organisations. Bovalino originally joined LogRhythm more than three years ago as Regional Sales Manager in Melbourne during which time he has been responsible for accelerating LogRhythm’s market presence in Victoria, Western and South Australia. Prior, he worked at CyberArk as Regional Sales Manager and as Finance Services and Insurance Major Account Manager with Check Point Software Technologies. He also previously worked in the telecommunication industry having held account management positions at both Optus and Primus Telecom. Jerry Tng, Vice President of Sales APJ, LogRhythm, said, “LogRhythm has experienced robust growth and demand for our solutions across the region continues to flourish. In order to continue to support ongoing demand and innovation, we are committed to building out a team in APAC with unmatched experience and talent. Michael Bovalino has a proven track record in customer growth and channel partner service excellence, and his experience will be instrumental for our growth in Australia and New Zealand. LogRhythm was recently recognised as a leader in the Gartner 2021 Magic Quadrant for Security Information and Event Management for the ninth consecutive time. The company gives organisations full visibility of their environment in a single pane of glass so SOC teams can efficiently identify potential threats and minimise risk. Bovalino added, “LogRhythm delivers a winning formula for security operations centre solutions in Australia and New Zealand. With the combination of our industry leading portfolio of solutions and the support of our valued partners, LogRhythm is an indispensable partner for organisations requiring optimal detection and response capabilities to manage their daily operations as well as compliance and risk reporting obligations. “LogRhythm is a special place with a strong reputation and culture, and I am looking forward to leading the Australia and New Zealand business through its next phase of growth. We’ve got industry-leading technology and we are focused on continuing to enhance the security analysts

experience through continued product and feature enhancements.”

ACCC Slaps Down Meta The ACCC has instituted Federal Court proceedings against Facebook owner Meta Platforms, Inc. and Meta Platforms Ireland Limited (together: Meta) alleging that they engaged in false, misleading or deceptive conduct by publishing scam advertisements featuring prominent Australian public figures. The ACCC alleges that this conduct was in breach of the Australian Consumer Law (ACL) or the Australian Securities and Investments Commission Act (ASIC Act). It is also alleged that Meta aided and abetted or was knowingly concerned in false or misleading conduct and representations by the advertisers. The ACCC alleges that the ads, which promoted investment in cryptocurrency or money-making schemes, were likely to mislead Facebook users into believing the advertised schemes were associated with well-known people featured in the ads, such as businessman Dick Smith, TV presenter David Koch and former NSW Premier Mike Baird. The schemes were in fact scams, and the people featured in the ads had never approved or endorsed them. The ads contained links which took Facebook users to a fake media article that included quotes attributed to the public figure featured in the ad endorsing a cryptocurrency or money-making scheme. Users were then invited to sign up and were subsequently contacted by scammers who used high pressure tactics, such as repeated phone calls, to convince users to deposit funds into the fake schemes. “The essence of our case is that Meta is responsible for these ads that it publishes on its platform,” ACCC Chair Rod Sims said. “It is a key part of Meta’s business to enable advertisers to target users who are most likely to click on the link in an ad to visit the ad’s landing page, using Facebook algorithms. Those visits to landing pages from ads generate substantial revenue for Facebook.” It is alleged that Meta was aware that the celebrity endorsement cryptocurrency scam ads were being displayed on Facebook but did not take sufficient steps to address the issue. The celebrity endorsement cryptocurrency scam ads were still being displayed on Facebook even after public figures around the world had complained

INDUSTRY UPDATE that their names and images had been used in similar ads without their consent. “We allege that the technology of Meta enabled these ads to be targeted to users most likely to engage with the ads, that Meta assured its users it would detect and prevent spam and promote safety on Facebook, but it failed to prevent the publication of other similar celebrity endorsement cryptocurrency scam ads on its pages or warn users,” Mr Sims said. “Meta should have been doing more to detect and then remove false or misleading ads on Facebook, to prevent consumers from falling victim to ruthless scammers.” “Apart from resulting in untold losses to consumers, these ads also damage the reputation of the public figures falsely associated with the ads. Meta failed to take sufficient steps to stop fake ads featuring public figures, even after those public figures reported to Meta that their name and image were being featured in celebrity endorsement cryptocurrency scam ads,” Mr Sims said. Facebook failed to prevent the publication of fake ads even after the celebrities reported similar false, misleading or deceptive ads to Meta.” “In one shocking instance, we are aware of a consumer who lost more than $650,000 due to one of these scams being falsely advertised as an investment opportunity on Facebook. This is disgraceful,” Mr Sims said. The ACCC is seeking declarations, injunctions, penalties, costs and other orders. What to do if you think you have been scammed People who think they’ve been scammed should contact their bank or financial institution as soon as possible. They can also contact IDCARE on 1800 595 160 or via if they suspect they are a victim of identity theft. IDCARE is a free, government funded service that will support individuals through the process. The ACCC encourages people to report scams on the Scamwatch website, follow @ scamwatch_gov(link is external) on Twitter and subscribe to Scamwatch radar alerts.

ads using his identity onto the platform. He then commenced criminal proceedings against Meta Platforms in February 2022. While these proceedings concern similar advertisements to those in the ACCC’s case, the ACCC’s case is separate and concerns different questions of law. The ACCC’s proceedings have been instituted against Meta Platforms, Inc. (formerly Facebook Inc) and Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (together, Meta Platforms). Meta Platforms generates the majority of its revenue from selling ads displayed to users on its Facebook and Instagram platforms. In 2021, Meta Platform’s global advertising revenue was US$115 billion. Scamwatch figures show that in 2021, consumers reported losses of $99 million to cryptocurrency investment scams.

Cyber Mayday and the Day After, arrives in Australia Two time, cybersecurity author and founder of Cyber Risk Meetup, Shamane Tan proudly launched her latest book in Sydney this week. Cyber Mayday and the Day After, coauthored with the former CSO with the State of Michigan, Dan Lohrmann, provides an important roadmap for C-level executives in preparing and responding to dramatic cybersecurity emergencies. Held at the Hilton Hotel and supported by publisher Wiley, Recorded Future, Cyber

Risk Meetup and MySecurity Media, Shamane provided an important background to her first book, Cyber Risk Leaders and how it lead her to her latest ‘chapter’ in her cybersecurity journey. Shamane continues to gather and encapsulate valuable insights from around the world, from former FBI agents to Chief Information Security Officers, and other leaders who have led their companies and agencies through the worst of times and prepared to share their hands-on wisdom. L-R: Dr. Siva Sivasubramaniam, Prashant Haldankar, Shamane Tan, Brad Busch and Allan Liska Allan Liska, a ransomware specialist provided an entertaining insight into several ransomware case studies and was then joined by a panel of CISOs from Tyro Payments, Sekuro and Optus. Brad Busch, Prashant Haldankar and Dr. Siva Sivasubramaniam, with Allan outlined a number of recommendations, personal experiences and challenges in providing enterprise Cyber-Crisis readiness and leadership programs. The event concluded with a book signing and networking lunch. Available in Australia at local bookstores Dymocks & Kinokuniya, Cyber Mayday and the Day After, published by Wiley, is a must-read experience that offers managers, executives, and other current or aspiring leaders a first-hand look at how to lead others through rapidly evolving crises.

Background The Federal Court may consider that the alleged conduct involved financial services, which are excluded from the scope of the ACL and are dealt with under the ASIC Act. ASIC has delegated certain powers and functions to the ACCC for the purposes of commencing and conducting these proceedings. In November 2019, Andrew Forrest published an open letter to Mark Zuckerberg criticising Facebook for allowing cryptocurrency scam

L-R: Dr. Siva Sivasubramaniam, Prashant Haldankar, Shamane Tan, Brad Busch and Allan Liska

Shamane Tan launching her book – Cyber Mayday and the Day After

Michelle Price

Changing of the Guard at AustCyber UPDATE


ustCyber has announced its CEO of four years, Michelle Price, has left the company to take up an appointment as Partner at EY. Price has been with AustCyber since its inception in January 2017 as Australia’s Cyber Security Industry Growth Centre. Under Michelle’s leadership, AustCyber has nurtured and helped develop a vibrant and growing network of Australian based companies participating in the exciting and burgeoning global cyber security industry. From humble beginnings with only a handful of companies in the network, AustCyber has helped build an Australian industry that now has over 600 companies with more than 350 of these born locally and a strong pipeline of startups growing into scaleups. Commenting on the announcement, AustCyber’s Chair, Doug Elix AO, said, “It is with mixed emotions we received this news. Michelle has done exactly what the Australian Government’s Industry Growth Centre Initiative was designed to do. She led AustCyber to help build a national network of globally competitive companies, to boost Australian employment and provide sovereign capability in the critical area of cyber security. She also led its transition into a more commercial context through our merger with Stone & Chalk.” “Michelle has been an outstanding leader and has earned wide respect in Australian industry, government and research community, and is internationally recognised for her expertise and leadership within the cyber security sector. We are most grateful for her contributions and leadership. In short, Michelle has been the essence of AustCyber for the last five years. “On the other hand, we congratulate Michelle on her new appointment at EY where she will continue to show her leadership. We wish her every success.” Recognising this as the next milestone for AustCyber’s transition to a financially sustainable non profit driver of innovation as part of its integration with Stone & Chalk,

16 | Australian Cyber Security Magazine

Michelle described the company’s impact so far. “It has been a true privilege to lead AustCyber to deliver on our mission to grow a vibrant and globally competitive Australian cyber security sector. From our partnerships with Australian governments and those overseas, to TAFEs and universities, to industry associations and chambers of commerce, to buyers and investors, and especially to the startups and scaleups, I am proud of what we have achieved so far.” “It has been an honour to have worked alongside AustCyber’s Chairs and other Directors and I’m indebted to our creative and committed team in all its machinations over the years, including through our merger with Stone & Chalk and integration of our products, programs and national presence across emerging tech.” “I am most proud that AustCyber has shaped what the economics of cyber security looks like for Australia, with a growing appreciation of the “L” shaped nature of the industry – a sector in its own right, creating jobs and retained benefit, and one that is at the core of the success of every other sector in the economy. Further, that we have helped shape the industry’s competitiveness and its equality and inclusion.” “Now is the right time to pass the reins following the successful completion of the merger with Stone & Chalk. I’m very excited to be joining EY to continue my passion for cyber security and its role in an ever-changing strategic landscape.” When AustCyber and Stone & Chalk merged in February 2021, the two organisations embarked on an integration to gain synergies in the digital economy. With Michelle’s departure, the role of CEO will be assumed by Michael Bromley, also CEO of Stone & Chalk Group, as part of the next phase of AustCyber’s integration within the Group and continued delivery of its vital role in the Australian economy.

Keeping People Safe And Organisations Running. Faster.

What Everbridge Does During public safety threats such as bushfires, earthquakes, terrorist attacks, a global pandemic, or severe weather conditions, as well as critical business events including IT outages, cyber-attacks, supply chain interruptions, all levels of government rely on Everbridge’s SaaS-based Critical Event Management platform.

Everbridge’s Critical Event Management Solutions: Ҵ Business Operations: keeping departments and operations running, faster Ҵ Digital Operations: protecting brand and reputation while providing resilience for IT systems Ҵ People Resilience: fulfilling duty of care for residents, remote and onsite employees, travelers, and field workers Ҵ Public Safety: Everbridge. Everywhere. Every time. Public Safety for every Australian Ҵ Supply Chain Risk: managing and optimising for risk to supply chains Ҵ Smart Security: smart automation, secure IoT management, big data, and advanced analytics


Australian Cyber Security Magazine | 17

Calls for Greater Scrutiny of CI Bill UPDATE


arah Sloan, Head of Government Affairs and Public Policy in Australia and New Zealand for cyber security leader Palo Alto Networks, has called for greater checks and balances on certain powers in the government’s proposed Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022. The Bill, in its current form, is intended to provide an enhanced regulatory framework designed to uplift security and resilience across Australia’s critical infrastructure assets. In the words of the Bill’s explanatory memorandum, the framework, when combined with better identification and sharing of threats, will ensure that Australia’s critical infrastructure assets are more resilient and secure. However, Sloan, who appeared to give evidence at a public hearing of the government committee tasked with reviewing the Bill on 16 March, has cautioned that some of the measures outlined in the proposed legislation could adversely impact the nation’s critical infrastructure operators. When speaking about the software powers, Ms Sloan also said “We are concerned that there is no independent review process articulated in the bill, and we believe this is contrary to some of the approaches taken in like-minded jurisdictions, which ordinarily would see the granting of a warranty or similar process in order to execute on that power” Specifically, Sloan called for stronger checks and balances on powers for issuing ‘System Information Reporting Notices’ and recommended the removal of the Bill’s software installation power, which would see the government able to deploy third party software on private entities’ IT systems. Sloan went on to say “perhaps the most important point we would make is that the provision potentially creates an international precedent that may, if adopted by other global and regional actors, impact Australia’s interests and values. As the Committee knows, we are in a period of geostrategic competition that is inherently linked to issues of technology and values, such as the separation of powers, rule of law – including checks and balances on the execution of Government power. ” “While we understand and appreciate the relevance of

18 | Australian Cyber Security Magazine

system information in detecting and responding to cyber incidents and threats, we would recommend stronger checks and balances on the powers granted by the Bill to issue system information reporting notices (both ‘system information periodic reporting’ and ‘system information event-based reporting’),” Sloan said in her opening statement. “This will ensure that these notices are clear, proportionate, transparent and meet the Government’s needs without unduly burdening industry.” Sloan encouraged the Committee to reconsider the maximum time frame – currently at 12 months under the Bill – for which a system information periodic reporting notice, or a system information event-based reporting notice, can be in force. She also recommended notices be regularly reviewed to see if they are still necessary, proportionate and reasonable, and called for additional detail on the collection of data to be provided to companies likely to be impacted by the legislation, along with other measures to ensure industry is not unduly burdened by the proposed laws. Additionally, Sloan called for the removal of provisions in the Bill that would give the Government the ability to install system information software on infrastructure it believed the respective ‘System of National Significance’ (SoNS) entity would not technically be capable of otherwise provisioning itself. “The installation of what constitutes third-party software has the potential to create vulnerabilities that could adversely impact the security of a SoNS entity as well as, by default, the Government’s systems and client systems,” Sloan told the Parliamentary Joint Committee on Intelligence and Security (PJCIS). “Entities would need to review this software prior to putting it on their networks and this could take considerable time and effort. “It is also unclear who would be responsible for ongoing product support and maintenance – including vulnerability management and patching. Finally, we note that this could expose the Government to liability for any adverse impacts arising from the installation of this software,” she added.

Australia’s coordinated cybercrime crackdown UPDATE


new Australian Federal Police-led centre dedicated to combatting crime online and launching Australia’s National Plan to Combat Cybercrime has opened. Minister for Home Affairs Karen Andrews said the National Plan and the AFP’s new cybercrime centre would bring together the experience, powers, capabilities and intelligence needed to build a strong, multi-faceted response to the problem of cybercrime. “During the pandemic, cybercrime became one of the fastest growing and most prolific forms of crime committed against Australians. The tools and the techniques used to rob or extort Australians became more effective and more freely available than ever before. Using far-reaching Commonwealth legislation and high-end technical capabilities, the AFP’s new cybercrime centre will aggressively target cyber threats, shut them down, and bring offenders to justice.” said Minister Andrews. The new centre – the Joint Policing Cybercrime Coordination Centre (or the ‘JPC3’) – is based in the AFP’s New South Wales Headquarters, and has been established with $89 million in funding provided through the Morrison

Government’s $1.67 billion Cyber Security Strategy. The National Plan to Combat Cyber Crime, a key deliverable under the Cyber Security Strategy, is available for download from the Department of Home Affairs’ website. Both initiatives build on the federal government’s comprehensive cybersecurity measures, including: • Securing landmark reforms to national security legislation to better protect our critical infrastructure; • making all Australians safer through passage of important legislation to revolutionise the way Australian agencies investigate and prosecute cybercrime; • ensuring our law enforcement agencies have much needed powers to combat crime on the dark web; • cracking down and protecting Australians from ransomware through the Ransomware Action Plan; • facilitating the exchange of digital information with US authorities by signing the CLOUD Act Agreement with the United States; and, • launching a public information campaign to increase Australian’s cyber security.







Australian Cyber Security Magazine | 19

Collaborating cyber insights on Critical Infrastructure Act changes By Chris Cubbage CISA, Editor


espite a delay due to border closures, the inaugural South Australian Cyber Risk Meetup was held in Adelaide for the first time. The sold-out event, held at the National Wine Centre of Australia and overlooking Adelaide’s Botanical Gardens, was proudly held with SA AustCyber and ISACA Adelaide. Partners, supporters, and the audience were rewarded with a robust panel session on the latest reform of the Security of Critical Infrastructure Act (SOCI Act). Gaye Deegan, Director, Joint Cyber Security Centre, Adelaide gave an important overview of the legislation and was then joined by Venu Annam, Manager, Cyber Security, Risk and Resilience, SA Water, Debi Ashenden, Joint Chair in Cybersecurity, DSTG-University of Adelaide and Alex Nehmy, Director, Industry 4.0 Strategy - APAC & Japan, Palo Alto Networks. Skilfully moderated by AustCyber SA Node Manager and Principal Advisor Cyber Security & Risk with the Department for Innovation and Skills, Paula Oliver ensured the latest reform of the SOCI Act remained front and centre. With the SOCI Act being applied to 11 industry sectors as part of the reform, there was naturally strong audience interest and an energetic question time. The panel discussed how cyber leaders and executives need to approach the reform, in particular given the threat landscape with the war in Ukraine. Also covered was what are some of the best practices that cybersecurity professionals can share and how will the rest of the industry respond in implementing the requirements, with the reporting regime of most concern. For Paula Oliver, the highlight was to hear the theme of collaboration coming through the conversation. “That sense that we all have a role to play in assisting one another especially those sectors that are new to the scope, to help them with the requirements,” she said. “It makes you feel proud to be South Australian when you get such a

20 | Australian Cyber Security Magazine

strong sense of willingness to support and of community at those events.” Farrell Tirtadinata, WA/SA Meetup Chapter Lead and Business Solutions Director with Avertro confirmed the sense of collaboration. He said “the SOCI Act changes continue to be a hot topic in the cyber and risk community. The amount of industry involvement is a great indicator, but there were some definite gaps and language that needs to be ironed out. The insights from Gaye and Debi from their point of view were entertainingly succinct and informational, and the industry insights from Alex and Venu were a great roundup of the topic at hand.” Alex Nehmy also noted the diverse perspectives offered by the panellists, bringing together industry, government, and academia. “The panellists agreed that cyber maturity across critical infrastructure needs to improve, however the varying maturity between sectors led to a healthy discussion on the scale of the challenge this legislation poses for many organisations,” he said. “My key takeaway is the central nature that risk management plays in this new regulation. Whether it's cyber, personnel, physical or supply chain risk, the need for a mature, all hazards approach to risk management is imperative. Maturing the risk management process is a no regrets activity that all critical infrastructure organisations can begin immediately. The organisations that form the supply chain to critical infrastructure should start focussing on improving their cyber maturity and risk management processes too. Even though this legislation doesn't specifically apply to them, the regulated critical infrastructure entities will expect their key suppliers to demonstrate a minimum level of cyber maturity. Organisations shouldn't have a singular focus on compliance with the legislation. The ultimate goal is an appropriately robust and resilient cyber posture for Australia's critical infrastructure and the level of cyber maturity should be commensurate to the risk faced,

rather than meeting baseline compliance.” In addition to the importance of this legislation and the impacts on industry, is also the importance of industry networking. Paula Oliver commented, “The past two years of the pandemic have left everyone feeling the fatigue from online meetings and events so it was great to be able to have the event face-toface after postponing in November 2021. The in-person events stimulate so much connectedness and organic conversations things just start happening and ideas flow. For example, from the networking after the event, one of SA’s cyber professionals volunteered to lead the SA cyber riskers chapter meet ups which is amazing! To be able to foster an environment bringing everyone together which sparks new activity and growth is such a rewarding feeling. Farrell concluded, “I can't thank the team enough for bringing what's arguably already the most successful launch we've had in a while. The collaboration, effort and support from everyone involved were world-class and set such a high benchmark! Massive kudos goes out to Paula and Jasmine from the SA AustCyber Innovation Node for their support throughout. Big thanks to our esteemed panellists, as well as our sponsors Palo Alto Networks and AWS Adelaide - and lastly, to the Adelaide community for making the event such a success, we can't wait to bring in the next one!”

Australian Cyber Security Magazine | 21

ISACA Singapore Chapter

“SheLeadsTech 3rd Anniversary Celebration” Digital Resilience - How can we maintain its balance? By Jane Lo Singapore Correspondent


he recent OCBC phishing incident in Singapore where spoofed SMSes incited victims to click on malicious links prompted a wave of concern. Questions arose over how victims fall for the scam and how organisations could have prevented such incidents. According to reports, victims lost about 80% of the $13.7 million during the year-end festive period from Dec 23 to Dec 30. The ensuing weeks saw a flurry of articles that informed readers on the tactics deployed by the attackers (using legitimate looking SMS headers, exploiting the fear of losing banking access - one of the emotional triggers in social engineering campaigns) and the ease of such deployment (such as availability of spoofing-as-a-service). Without a doubt, raising our awareness help to strengthen our defenses against such future attacks.

22 | Australian Cyber Security Magazine

In building such awareness to boost digital resiliency, communication is key, said Ms Rahayu Mahzam (Parliamentary Secretary, Ministry of Communications and Information and Ministry of Health), at the panel discussion organised by ISACA Singapore Chapter as part of the “SheLeadsTech 3rd Anniversary Celebration Conference”. Held on 4th March 2022 to celebrate International Women’s Day, the panel, “Digital resilience – how can we maintain its balance?” brought women leaders from the private sector (Mandana Javaheri - Microsoft Asia, Head of Security Solutions; Camellia Chan - Flexxon, CEO; Karen Toh Koh - E&Y Consulting, Partner), together with the government sector (Ms Rahayu Mahzam – Parliamentary Secretary, Ministry of Communications and Information and Ministry of Health).

Moderated by Jenny Tan (Vice President, ISACA Singapore), the panelists explored the many aspects of “digital resilience” in the way we live, work and play in cyber space. Highlighting how Covid-19 pandemic has “accelerated” digital transformations, the panelists discussed how attackers exploit our security lapses while working from home, and that digital resiliency encompass the capabilities to “adapt” to the rapid evolution of technology, as well as to “respond well” to these changes. “We use technology everyday”, and empowering people to feel confident in using technology is key to building digital savviness and resiliency, said Ms Rahayu. Establishing balanced regulations, public-private sector collaborations, and programs such as “Media

Literacy Council”, “Digital For Life Movement”, are some examples of the government’s approach to build digital resiliency, she elaborated. Referring to ISACA Singapore Chapter’s SheLeadsTech “SLT Conversion program” [*] and “Mentorship program”, the panelists also highlighted raising awareness as critical to strengthening digital resiliency. This includes developing an understanding of the risks and exposures in cyber space, preventative measures and responses when incidents arise, according to the panelists. In addition, besides communication, building “digital trust” with our stakeholders in cyber space is also a way of growing our digital resiliency. The panelists also pointed to how cyber attacks (such as phishing, ransomware) could undermine “cyber wellness” - our emotional well-being when interacting in cyber space. In this regard, the panelists advised that, while we remind our communities on the safe use of cyber space, it is also important not to overlook the need for educating our young, as well as our elderly. As part of empowering everyone with such knowledge, one consideration for organisations is to introduce “safety by design” as part of ethics, Ms Rahayu said. The panel also stressed how as we continue to adapt to technological advances and become more aware of how they could be exploited for harmful intent, attackers are also growing more sophisticated. Hence, building our digital resiliency – to be aware, to prepare and respond to digital transformations – has to be a continuous learning experience. As Jenny Tan concluded at the closing of the panel, this process of gaining new skills and knowledge to be digitally resilient “is a journey” [*] For interested non-IT professional females, please register for ISACA Singapore Chapter’s SLT 11th March 2022 briefing at "" to find out more.

From Left: Mandana Javaheri Microsoft Asia, Head of Security Solutions; Camellia Chan - Flexxon, CEO; Karen Toh - E&Y Consulting, Partner, Ms Rahayu Mahzam Parliamentary Secretary, Ministry of Communications and Information and Ministry of Health. Moderated by Jenny Tan (Vice President, ISACA Singapore Chapter)

Australian Cyber Security Magazine | 23

Cover Feature

Chinese interests allegedly behind news corp cyberattack UPDATE


hina-based hackers have successfully accessed business email accounts and documents used by News Corp journalists at News Technology Services, Dow Jones, News UK, and the New York Post. The global media organisation confirmed the cyberattack in an SEC filing. The intrusion was discovered on January 20, 2022. However, the attack is reported to date back to early 2020 and targeted scores of journalists and other employees. “The company’s preliminary analysis indicates that foreign government involvement may be associated with this activity and that data was taken, the SEC filing said. The cybersecurity company News Corp brought in to investigate the attack went further. David Wong, vice president of incident response at Mandiant, said, “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” News Corp says its systems holding customer and financial data were unaffected. The attackers did not target other News Corp business units that include News Corp Australia, Foxtel, and REA. In its SEC filing, News Corp said it uses third-party providers for some technology and cloud-based systems and services to support its business operations. It was there they found the intrusion. “The Company is conducting an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts,” the SEC filing noted “The company is remediating the issue, and to date has not experienced any related interruptions to its business operations or systems. Based on its investigation to date,

24 | Australian Cyber Security Magazine

the company believes the activity is contained.” One of the high-profile media brands targeted, The Wall Street Journal (WSJ), has a fraught recent history with the Chinese Government. In early 2020, Beijing cancelled the credentials of three Beijing-based WSJ journalists after the Government took issue with an opinion piece published by the newspaper. WSJ journalists were among multiple journalists working for US media organisation later forced to leave China. The Chinese Government later allowed some journalists to return. “Groups associated with the Chinese gov have long been accused of targeting journalists – often those that report on human rights,” says Toby Lewis, Global Head of Threat Analysis at Darktrace. “However, from my experience, when attacks against media corporations are purely for espionage purposes, the real target is not the journalist but their in-country sources.” Lewis says media organisations can expect to be under continual low and slow attacks from threat actors keen to access high quality and reliable information. He says the attackers are agile, switching from one attack method to another if the first proves unsuccessful. “The problem is the methods used by these groups are always changing. Traditional defences that have been used by many media corporations, newspapers, online magazines and broadcasters for the last 20 years can only stop known attacks – attack techniques that have been seen before,” Lewis adds. The Chinese Embassy in Washington has denied knowledge of the cyberattack and called for a considered investigation instead of “allegations based on speculations.”



This initiative has been established to recognize women who have advanced the security industry within the ten countries of the Association of Southeast Asia Nations (ASEAN). This initiative has been established to recognize women who have advanced the security Women’s Day. Nominations opened Tuesdayof March 8th, 2022, coordinating industrywere within the tenoncountries the Association of Southeastwith AsiaInternational Nations (ASEAN). Nominations were opened on Tuesday March 8th, 2022, coordinating with International Women’s Day. SPONSORS SPONSORS








Top three malware in Australia revealed UPDATE


heck Point Research has published its latest Global Threat Index for February 2022. Researchers report that Emotet is still the most prevalent malware, impacting 2.69% of Australian organisations, with Formbook and Trickbot remaining in second and third place. Trickbot is a botnet and banking trojan that can steal financial details, account credentials, and personally identifiable information, as well as spread laterally within a network and drop ransomware. During 2021, it appeared at the top of the most prevalent malwares list seven times. During the past few weeks, however, Check Point Research, has noted no new Trickbot campaigns and the malware now remains in third spot in the index. This could be due in part to some Trickbot members joining the Conti ransomware group, as suggested in the recent Conti data leak. This month, CPR witnessed cybercriminals taking advantage of the Russia/Ukraine conflict in order to lure people to download malicious attachments, and February’s most prevalent malware, Emotet, has indeed been doing just this, with emails that contain malicious files and the subject “Recall: Ukraine -Russia Military conflict: Welfare of our Ukrainian Crew member”. “Currently we are seeing a number of malwares, including Emotet, take advantage of the public interest around the Russia/Ukraine conflict by creating email campaigns on the topic that lure people into downloading malicious attachments. It’s important to always check that a sender’s email address is authentic, look out for any

26 | Australian Cyber Security Magazine

misspellings in emails and don’t open attachments or click on links unless you are certain that the email is safe.” said Maya Horowitz, VP Research at Check Point Software. CPR revealed this month that Government/Military is the most attacked industry in Australia, followed by Hardware vendors and Education/Research.

Top Malware Families *The arrows relate to the change in rank compared to the previous month. This month, Emotet is still the most prevalent malware impacting 2.69% of organisations worldwide, closely followed by Formbook which is impacting 2.13% of organisations and Trickbot which is impacting 1.12%. 1. Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet, once used as a banking Trojan, has recently been used as a distributer to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links. 2. Formbook – Formbook is an Info Stealer that harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C orders.

“Currently we are seeing a number of malwares, including Emotet, take advantage of the public interest around the Russia/ Ukraine conflict by creating email campaigns on the topic that"lure people into downloading malicious attachments. 2. Apache Log4j Remote Code Execution (CVE-202144228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. 3. Trickbot – Trickbot is a modular banking Trojan, attributed to the WizardSpider cybercrime gang. Mostly delivered via spam campaigns or other malware families such as Emotet and BazarLoader.

Top Attacked Industries Globally This month Education/Research is the most attacked industry globally, followed by Government/Military and ISP/ MSP. 1. 2. 3. 4.

Government/Military Hardware vendor Education/Research Top Exploited Vulnerabilities This month “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, impacting 46% of organisations globally, followed by “Apache Log4j Remote Code Execution” which has dropped from first place to second and impacts 44% of organisations worldwide. “HTTP Headers Remote Code Execution” is the third most exploited vulnerability, with a global impact of 41%. 1. Web Server Exposed Git Repository Information Disclosure – An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.

3. HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-202010828,CVE-2020-13756) – HTTP headers let the client and the server pass additional information with a HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim’s machine.

Top Mobile Malwares This month XLoader is the most prevalent mobile malware, followed by xHelper and AlienBot. 1. XLoader – XLoader is an Android Spyware and banking Trojan developed by the Yanbian Gang, a Chinese hacker group. This malware uses DNS spoofing to distribute infected Android apps to collect personal and financial information. 2.xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement. The application can hide itself from the user and reinstalling itself in case it was uninstalled. 3. AlienBot – AlienBot malware family is a Malware-as-aService (MaaS) for Android devices that allows a remote attacker to firstly inject malicious code into legitimate financial applications then allows the attacker to obtain access to the victims’ accounts, and eventually completely control their device.

Australian Cyber Security Magazine | 27

Meta pledges additional resources to counter electoral misinformation UPDATE


eta Australia’s public policy director Mia Garlick has flagged increased content monitoring across its social media platforms as Australia’s federal election looms. The social media giant says it takes a hardline approach on misrepresentation and misinformation that could result in electoral interference. Meta is the owner and operator of the Facebook and Instagram social media platforms. There are approximately 2.9 billion Facebook users worldwide, including 16 million in Australia. Instagram users globally number around 1.4 billion, with 9.5 million users locally. Both platforms have attracted considerable criticism for misinformation, trolling, and defamatory content and the difficulties that arise when trying to remove that content. With a federal election imminent, concerns are growing that online misinformation campaigns will increase. It’s something Mia Garlick says Meta is trying to counter. “This is certainly something that we have been trying to evolve, both our policies, but also our tool offering, giving people in public life greater protections, and obviously if there are any serious concerns, we work closely with law enforcement to address that as well,” the Australian Broadcasting Corporation reports Ms Garlick saying. “We have seen an increase in abusive commentary in relation to them that’s not really related to the issue of the day.” Meta says it already prohibits the misrepresentation of election dates, locations, times, and methods of voting or voter registration. Also on Meta’s radar is inaccurate information about who can vote, how to vote, qualifications for voting and whether a vote will be counted. These aren’t Australia-specific policies. Instead, they are global standards which Meta says reflects their commitment

28 | Australian Cyber Security Magazine

to voting and the democratic process. As Meta’s public face in Australia, Mia Garlick is frequently called upon to defend the company and its failure to take down incorrect and offensive content. Prime Minister Scott Morrison has called social media a refuge for anonymous cowards who “can bully, harass and ruin lives without consequence”.” The Australian Government wants to legislate to hold such people to account, forcing platforms like Facebook to hand over identifying details. But Meta has queried the effectiveness of the proposed legislation. In response to incidents overseas, Meta recently added brigading and mass reporting to its list of serious online misbehaviours. Both online behaviours involve a collective push of incorrect, defamatory, or offensive information and come to the fore during electoral campaigns. According to the ABC, Meta is drawing on its experience handling misinformation during electoral campaigns overseas to better manage content during the upcoming Australian campaign. In addition to Meta’s own fact-checkers and content monitors, the company is funding third-party fact-checkers, including the Australian Associated Press and RMIT’s Fact Lab. But Meta won’t automatically take down all potentially misleading content during the election campaign. Meta argues if the information is already published and widely disseminated, it is already under the microscope and, if incorrect, likely to be called out, saying; “Inserting ourselves as part of that process, trying to arbitrate over the truthfulness of different political sides, is not an area where we think it’s appropriate for a company like us to have that particular role.”



Agenda for change 2022: shaping a different future for our nation, like the

Gill Savage

agendas ASPI published in 2016 and 2019, is being released in anticipation of

Deputy Director of the ASPI

This agenda acknowledges that what might have served us well in the past

Senior Fellow with ASPI’s Northern Australia Strategic Policy Centre Professional Development Centre.

policy plan jam-packed with initiatives is one of those things we took for

a federal election. But there are differences this time around.

won’t serve us well in this world of disruption and rolling crises. A public granted in the past. While those initiatives may have been useful, they tended to perpetuate siloed thinking and actions and downplayed interconnectivity. One example is the adverse impact that just-in-time supply-chain management is having on national resilience during the Covid pandemic. And if that wasn’t enough to open our eyes, we had limited understanding of the reach and traceability of those supply chains, which in large part were revealed only when we experienced the consequences: manufacturing bottlenecks and single points of failure.

52 | Australian Cyber Security Magazine


Australian small businesses post lowest growth rate UPDATE


ustralian small businesses achieved the lowest rate of growth in the Asia-Pacific in 2021, according to CPA Australia’s Asia-Pacific Small Business Survey. The organisation says the results point to the need for governments at all levels to do more to support Australia’s digital future. CPA Australia is urging the major political parties to commit to more ambitious programs to hasten small business digital transformation as part of their federal election promises. The survey shows that more Australian small businesses shrank in 2021 than grew. Only 32.2 per cent of Australian respondents responded that their business grew last year (survey average 47.3 per cent), while 35.5 per cent reported that they shrank. Not only did Australian small businesses record the lowest rate of revenue growth, at 33.7 per cent (survey average 50.2 per cent), only 7.1 per cent increased employee numbers (survey average 28.7 per cent). Senior Manager Business Policy, Gavan Ord, says the below par results are a wake-up call. “Small businesses are incredibly important to Australia’s economy. They make up around 98 per cent of all Australian businesses, employ over 40 per cent of the domestic workforce and contribute the equivalent of one-third of our country’s GDP. “I take my hat off to small businesses in Indonesia, the Philippines and India, which led the region by growth. Those markets have also had a tough ride from COVID-19 and yet their small business sectors have proven remarkably

30 | Australian Cyber Security Magazine

resilient. This begs the question, ‘Why are small businesses in Australia being out-performed by their regional peers?’ “Our survey shows that part of the answer lies in their inability to participate in the digital economy. There is positive correlation between digital adoption and business growth. But when it comes to Australian small businesses, technology is their weak link.” Two years after the pandemic began, Australian small businesses are significantly less likely to conduct business online than their regional peers. 44.7 per cent of Australian small businesses did not earn any revenue from online sales in 2021 (survey average 19 per cent). They are also the most likely not to offer digital payment options (39.4 per cent; compared to only 0.1 per cent of Chinese small businesses) or use social media for business (36.7 per cent; survey average 17.2 per cent). This situation appears unlikely to change any time soon. Australian small businesses were the least likely to make any investment in technology in 2021 (35.1 per cent did not make any investment in technology compared to only four per cent of small businesses from India). Only 5.9 per cent per cent of Australian small businesses expect to innovate in 2022 (survey average 27 per cent). Ord says the results are evidence that Australia’s small business sector needs more help. “These are clear signs that current government digital support and incentive programs aren’t delivering for enough small businesses. The economic and social benefits of the shift to a digital

economy will never be fully realised while significant numbers of small businesses are left on the sidelines. It’s in the national interest for governments to facilitate their inclusion and participation.” CPA Australia is also concerned about the cyber security implications of the survey’s findings, given the current geo-political climate. Only 35.3 per cent of Australian small businesses have reviewed their cyber security in the past six months (survey average 46.7 per cent). “Cyber security is a national security issue. According to the government’s Australian Cyber Security Centre, Russia’s invasion of the Ukraine has increased the likelihood of cyberattacks on Australian businesses. Our survey suggests that Australian small businesses under-estimate the prevalence of, and are under-prepared for, cyberattacks. This makes them one of the most vulnerable sectors of our economy, and hence most attractive targets, for cyberattacks.” There are lots of ways to help small businesses improve their digital capability. However, they typically require a substantial investment, which overseas governments have so far proven more willing to make. For example, Singapore’s Productivity Solutions Grant (one of many in that country) includes S$600 million (A$605 million) to help small to medium-sized enterprises to digitalise and automate their processes. With a federal election looming, CPA Australia is calling on the major political parties to make a meaningful

commitment to small business digital transformation. We think this is a key to Australia becoming a leading digital economy and society by 2030, and to driving Australia’s future prosperity. “Whichever party forms government, we want them to ensure Australia’s Digital Economy Strategy reflects the importance of small business and supports them to succeed in the digital economy.” One of the predictors of small business success is access to professional advice. 96.1 per cent of the high growth businesses we surveyed sought professional advice in 2021. However, Australian small businesses were the least likely to seek professional advice. CPA Australia recommends giving small businesses financial incentives to seek professional advice, including about digital transformation.

Australian Cyber Security Magazine | 31

Do no harm – First rule for cyber incident first responders By Kenneth Yu, Consulting Partner, Tesserent.


ith so much attention placed on defence and protection, effective incident response can sometimes be overlooked. But it’s a critical element of your cybersecurity strategy and one that requires specialist skills and tools that, without training, your team may not have. The first task of the first responder at a cybersecurity incident is just like that of an emergency services worker. A well-prepared responder can identify the threat, contain it, make things safe and then help you learn what happened to prevent a repeat. When a first responder is unprepared their first actions may exacerbate a situation rather than contain the damage and aid recovery. While there is a temptation to respond quickly, particularly in a highly stressful and unexpected situation, knowing what not to do is just as important as knowing what to do first. Cybersecurity first responder training helps teams learn about the tools, procedures and practices that are critical to ensuring those first moments lead to a solution and not to more problems. Thorough training involves understanding the following elements.

WHO ARE THE THREAT ACTORS? Understanding how to respond to an incident starts by understanding the nature of threat actors and how they operate. The most common threat actors are APT groups or cyber gangs. These are coalitions of hackers whose primary motivation is financial gain. They will steal what they can sell, such as privileged corporate account credentials and

32 | Australian Cyber Security Magazine

personally identifiable information. They might attempt to defraud you through phishing, compromise the mailboxes of corporate users, use ransomware or attempt to trick you into paying fake invoices or by some other means. Insider threats are perhaps the next most common type of threat actor. However, not all insider attacks are malicious. Many data losses caused by insiders are the result of errors rather than a specific desire to cause trouble. Hacktivists typically carry out attacks to further some sort of political agenda while state sponsored threat actors are looking to further the national interests of their country of origin. Incident response starts with preparation and ensuring that the organisation has up-to-date incident response plans and playbooks in place. Regularly performing tabletop exercises is also a very useful activity to ensure that incident response plans and playbooks are constantly updated to cater to the latest threats. While it can be tempting to try and jump to attribution when an attack has occurred, this shouldn’t be your priority. Frameworks prepared by experts from NIST, SANS and others place incident identification and containment as higher priorities. That means it’s critical to understand the tools and methods used by attackers. Threat actors use technical tools and social engineering to infiltrate systems, gain intelligence and execute their malicious actions. By investing time into understanding these tools and methods, it’s possible to radically improve the way you respond to incidents. For example, while phishing scams are well known, understanding what happens after the email is opened is critical. That means

Microsoft Azure, AWS and Google Cloud Services all provide tools to assist with detection, containment, eradication, and recovery to learn in order to prevent, detect, and respond to similar incidents in the future. But extracting data to carry out your own analysis requires different tools and methods. CLOUD COMPLEXITY With businesses increasingly dependent on cloud services, gathering this kind of intelligence following an incident can be challenging. Collecting disk images and memory dumps on cloud services requires different tools and methods to those used with on-prem systems. Microsoft Azure, AWS and Google Cloud Services all provide tools to assist with detection, containment, eradication, and recovery to learn in order to prevent, detect, and respond to similar incidents in the future. But extracting data to carry out your own analysis requires different tools and methods. understanding what vulnerability is being exploited, what tools are being used and how it is being controlled. This allows first responders to identify what systems are affected and to take steps to contain the damage and mitigate the risk to the business.

THE EVIDENCE CHAIN Once an incident is contained, it’s time to carry out an investigation. While it may be tempting to take a scorched earth approach after the breach is contained and destroy all data, the business loses the ability to examine what happened forensically. While there is a chance of attribution, the main objective is to learn from the attack and ensure sufficient controls are in place through all layers of the security infrastructure to prevent the attacker from returning. While the effects of an attack can be swift and devastating, many attacks take weeks or months to execute. Some of the most damaging attacks in recent years, ranging from the Target breach in 2013 through to the recent attack on News Corp started days, weeks or even months before the impact was felt. Many threat actors spend considerable time probing systems in order to find vulnerabilities and valuable data to steal. While they might be imperceptible before the attack is complete, they form a vital trail of evidence that can be used later. Skilled incident responders will know how to use tools that can take disk images, memory dumps and other data that can help. This is the equivalent of a digital autopsy, dissecting what happened to learn the cause and prevent a recurrence.

DON’T FORGET SEARCH ENGINES Open-source intelligence (OSINT) is also a powerful tool. Knowing what to search for can reveal plenty of useful information on the public internet. While popular tools such as haveibeenpwned are useful, many criminals use publicly accessible but somewhat obfuscated websites and underground forums to share stolen information such as usernames and hashed passwords. When investigating an attack, public data can be extremely helpful. Prioritising and investing in first responder training enables your cybersecurity or IT team to better respond when an incident inevitably occurs – equipping them to know who should be involved, what tools they’ll need, where to start and, critically, how to avoid making things worse.

Australian Cyber Security Magazine | 33

Building a global encryption business UPDATE


ueensland’s leading technology entrepreneurs attended an all-day summit exploring the state’s digital future at Fortitude Valley’s Cloudland in

March. The Australian Computer Society’s Queensland State Tech Summit will feature some of the state’s recent success stories at the event discussing technology opportunities and IT career prospects along how tech can drive Queensland’s post-pandemic economy. During the day, speakers and panellists will discuss the different generations’ perspectives of IT careers, how Queensland can attract more digital talent, leadership challenges raised by new technologies, and the direction of cybersecurity in the current global political climate. Keynote speakers at the event will include Jamie Wilson, founder of Brisbane based Cryptoloc, named as one the world’s top cybersecurity startups to watch in 2020 by Forbes Magazine. The company’s global operations now boasts clients in twenty countries with offices in US, Japan, the UK and South Africa. Beau Tydd, ACS Queensland Branch Chair, said: “the State Tech Summit is a great opportunity for Queenslanders to explore the opportunities our sector offers in the postCovid world.” “In addition to highly-relevant technical, leadership and business content we’re looking at engaging leaders across the Queensland political, business and technology community along with emerging professionals and students looking to enter the field. Also speaking will be Bob Tisdall, Executive Director of the Dialog Group which was acquired this year by Singtel’s NCS for $325 million.

34 | Australian Cyber Security Magazine

Originally founded as a mining technology services consultancy in 1979, the Queensland based business now employs over 1200 information technology specialists across operations in Brisbane, Sydney, Canberra, Melbourne, Adelaide, Perth, and Darwin. Queensland technology leader Bevan Slattery will also be giving an update on the HyperOne Project, the largest private, independent digital infrastructure project in Australia’s history, and what this means for in terms of jobs, regional connectivity, and investment.



Jo Stewart Rattray Information Advisory Group ISACA

Interview with

Safia Kazi

ISACA Privacy Professional Practice Advisor

New research from ISACA explores the latest trends in enterprise privacy— from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust. The report, which examines responses from the global ISACA State of Privacy survey conducted in the third quarter of 2021, highlights the persistent understaffing that is impacting enterprise privacy teams. Respondents indicate that both legal/compliance (46 percent of respondents) and technical privacy roles (55 percent of respondents) at enterprises are understaffed, and the issue has only worsened since last year. Forty-one percent also report that the biggest challenge in forming a privacy program is a lack of competent resources. We speak with Jo Stewart-Rattray, Information Security Advisory Group, ISACA and Safia Kazi, ISACA Privacy Professional Practice Advisor.

Australian Cyber Security Magazine | 35

Zero-Knowledge proofs (ZKPs) for vulnerability disclosure By Vinoth Venkatesan


ew relationships in cybersecurity are more delicate than the one between a security researcher who discovers a vulnerability in a product and the company they notify. The company may not care about the vulnerability or impact on customers or downplay the severity to avoid media attention. On its potential for harm, the researcher believes that a timelier public disclosure will incentivise the business to develop a quick patch to protect end-users. While the industry has managed some of these difficulties through coordinated vulnerability disclosure policies, there’s still a fair amount of disagreement and mismatched motivations that can mistrust the two parties. One of the trickier problems is ethically disclosing a bug to the broader public and putting pressure on an organisation without revealing technical information that might allow malicious hackers to exploit it before a patch becomes available.

Here come the Zero-Knowledge Proofs (ZKPs) from DARPA. The research and development arm for the Department of Defense has successfully demonstrated zero-knowledge proofs to the software vulnerability disclosure process using the limited set of use cases. A zero-knowledge proof is a cryptographic protocol that allows one entity to create mathematical evidence to demonstrate to another

36 | Australian Cyber Security Magazine

entity that they can answer a question without disclosing their underlying work. In this case, it would allow a cyber researcher to prove that the vulnerability can be exploited without displaying proof of concept exploit, which might provide a road map to bad actors. This was made possible because of the ongoing cryptocurrency community’s work on developing more efficient zero-knowledge proofs. A paper called “Snarks for C” helped to inspire DARPA researchers to explore ideas for similar applications in other fields that aren’t necessarily connected to the blockchain.

How does it work? Imagine a graph with several different points, and there are lines between each, and each point is assigned a colour: green, red, yellow, etc. The question here is whether you can conclusively prove that each point is different from the adjacent points without displaying them on the graph. The answer is yes. It is possible to interpret much of the relevant information about those points, their colours and their connection to each other into numerical values or equations that can be calculated without viewing the original graph. Moreover, this same fundamental model can be expanded and applied to many other situations, usually involving more “points” or relevant variables that interact in predictable ways — like different parts of a software system

— to emulate the same mathematical certainties. The real-world problem DARPA was looking to address in this case is discovering a way for security researchers to alert the public on an ongoing software vulnerability without having to rely on the host organisation’s goodwill or risk tipping off malicious hackers. Last year, DARPA called outside research proposals, and two companies — Galois and Trail of Bits — have already used this framework to create zero-knowledge proofs of their own. Galois proved proof for a previously disclosed memory safety vulnerability in a Game Boy Advance console. More importantly, they could use that proof to convince another party of the vulnerability’s existence in about eight minutes. In addition, the Trail of Bits developed an innovative model based on Boolean circuitry that creates a binary imitation of systems at the architectural level. It essentially provides a yes or no answer as to whether it’s been compromised/ exploited by code injection, buffer overflows, memory bypass flaws, and format string vulnerabilities. Right now, these use cases are just the tip of the iceberg, limited to a handful of essential IT hardware and software vulnerabilities. There is also a question about how accurate any particular model may be to its real-life counterpart. Evolving better models that apply to the vulnerability process more generally will require “orders of magnitude more complexity.” Still, DARPA believes it’s only a matter of time before they can be accepted much more

widely, both in vulnerability disclosure and other research work areas. The most significant limitation to more widespread adoption is not technical details. Instead, it’s figuring out a way to interpret the complex mathematical process behind such proofs in a way that doesn’t entail an advanced mathematics degree to comprehend. After all, it does no good to go through all the work of creating an accurate zero-knowledge proof if the person or organisation doesn’t know what that is or why it means they have to believe you. As more and more ZKP based adoptions are growing in the industry, I’m sure we will eventually find a middle ground to make it easy to demonstrate and communicate. About the Author: Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.

Australian Cyber Security Magazine | 37

Confidential Computing: Enforces the Trusted Execution Environment (TEE) By Vinoth Venkatesan

What is Confidential Computing? Organizations that manage sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to alleviate threats that target the confidentiality and integrity of either the data in system memory or the application itself. Data is most often encrypted at rest in storage and transit across the network, but not while in use in memory. In addition, the ability to protect data and code while in use is limited in conventional computing infrastructure. Confidential computing guards data in use by performing the computation in a hardware-based Trusted Execution Environment. These isolated and secure environments prevent unauthorized access or modification of applications and data while in use, thus increasing the security level of organizations that manage sensitive and regulated data. Confidential computing is defined and managed by

the Confidential Computing Consortium(CCC) under the umbrella of The Linux Foundation. “CCC is a project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It will embody open governance and open collaboration that has aided the success of similarly ambitious efforts. The effort includes commitments from numerous member organizations and contributions from several open-source projects.”

How can confidential computing help? Confidential computing protects data in use using hardware-based Trusted Execution Environments. Through Confidential Computing, we can now protect against many known threats.

The entry of Trusted Execution Environments (TEE) A Trusted Execution Environment (TEE) is an environment that offers a level of assurance of data integrity, data confidentiality, and code integrity. A hardware-based TEE uses the techniques to provide increased security guarantees for code execution and data protection within that environment. In the framework of confidential computing,

38 | Australian Cyber Security Magazine

unauthorized entities could mean anything that interfaces like other applications on the host, the host operating system or hypervisor, system administrators, service providers, the infrastructure owner or anyone that has physical access to the hardware. Data confidentiality is that those unauthorized entities cannot view data while it is in use within the TEE, even with physical access to the system/ hardware. Data integrity — prevents unauthorized entities from altering data when any entity outside the TEE processes data. Code integrity — the code in the TEE cannot be replaced or modified by unauthorized entities. Together, these attributes assure that the data is kept confidential and that the computations performed are correct, allowing one to trust the results. This assurance is often missing in methods that do not use a hardware-based TEE. The table below compares a typical TEE implementation with two other emerging solutions that protect data in use, Homomorphic Encryption (HE) and Trusted Platform Modules (TPM).

Confidential Computing – Hardware-Based Approach Security is only as durable as the layers below it. Since protection in any compute stack layer gets circumvented by a breach at an underlying layer. This fundamental issue drives the need for security solutions at the lowest layers possible, down to the silicon components of the hardware. Hardware-based TEE provides security through the lower hardware layers with a minimum of dependencies to the operating system and other areas like device drivers, platform, peripheral, and cloud service providers.

High-level use cases of Confidential Computing There are multiple ways hardware-based TEEs are applied today to deliver the efficient defence-in-depth mechanisms and security boundaries sought by confidential computing. The significant uses of TEE: 1. 2. 3. 4. 5.

Portable hardware-TEE-based application SDKs consumed across various TEEs Keys, Secrets, Credentials and Tokens Storage and Processing Multi-Party Computing Blockchain Data integrity on Mobile and Personal Computing devices

6. 7. 8.

Processing network traffic in Edge and IoT devices Point of Sale devices/payment processing Confidential AI

Confidential Computing - Future of the Cloud Confidential computing delivers strong security assurances in the cloud by empowering tenants to control the Trusted Computing Base for their workloads remotely. As well offers solid technical protection against any attacks from the rest, preventing potential attacks from other tenants or the cloud provider itself. In turn, this enables tenants to develop and deploy their confidential applications for their most sensitive data. Imagine a future in which users have complete and authentic control over how cloud service uses their data. Think of a wide variety of use cases like organization’s documents to be indexed. A confidential indexing service could guarantee that no one outside their organization ever sees that data and the output sent to a confidential file-sharing service. At the same time, it makes sure the unencrypted data never appear anywhere other than the organization’s authorized devices or confidential VMs. Similarly, a confidential email system could protect privacy without compromising functionality such as searching or authoring assistance. Ultimately, confidential computing will enable many innovative cloud services while allowing users to retain complete control over their data.

Final Thoughts The Confidential Computing landscape is evolving quickly to provide new tools to businesses and end-users that protect sensitive data and code against a class of threats occurring during data execution that were previously difficult, if not impossible, to defend. As confidential computing evolves, more approaches may emerge, or evolutions of these approaches may occur. I’m personally super optimistic about the innovation that lies ahead in this field. About the Author: Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.

Australian Cyber Security Magazine | 39

The right DX strategy Getting ahead in the digital economy By Guy Matthews, Editor of NetReporter


here has been C-level discussion of digital transformation for a number of years now. Although the COVID pandemic sped up many people’s DX plans, many of those plans were already in place before the pandemic hit. “We noted organizations doing many different things to get themselves ready for transformation, and then the pandemic was thrown upon and suddenly it was a different sort of journey,” observes Nikhil Batra, Associate Research Director with independent research firm IDC. “There was a new approach to resiliency, where you are not just addressing business challenges but learning to respond rapidly to extreme changes in the external environment.” Digital transformation, he believes, has now evolved into digital resiliency: “Digital adaptation was the early

40 | Australian Cyber Security Magazine

stage where you were adopting digital technologies to help you transform – with cloud technologies, IoT, along with workplace transformation. We noted technology being a critical component here as we moved to remote work. But now comes district resiliency, helping organizations achieve the stature of a future enterprise.” Talking specifically of IDC’s research in the Asia Pacific region, where he is based, Batra found there were only about 5% of organizations who had no resiliency plans in place pre-pandemic and had no intention of investing to build those capabilities. “About 16% had some basic business continuity planning, prior to COVID-19. But they did not plan to expand on that, because they felt whatever they were doing was good enough for them. About 29% of organizations felt that they needed to expand their resiliency

Moving from business continuity to digital resiliency

Figure 1: Moving to digital resiliency

Asia Pacific ICT spending outlook

Figure 2: Asia Pacific ICT spending

plans and as a result, with some of them moving some workloads to cloud so that they could be accessed from outside of the company's VPN and intranet in certain cases.” Some, he said, never dreamed that they would go beyond the pandemic with such plans: “A band-aid kind of situation makes up about 50% of organizations,” he notes. “The remaining 50% of organizations are expanding with a future approach in mind, seeking to respond to future business disruptions which could arise and working towards addressing those challenges. Some 34% of them mentioned that they've started working on their resiliency plans, and 16% were even further advanced along that journey, prepared for any future business disruptions. They treated this pandemic as not just a challenge but also as an opportunity to leapfrog some of their competition.”

Among the findings recorded by IDC over the last couple of years is that almost 80% of organizations across Asia Pacific say revenues have been significantly impacted: “But only about 17% of organizations said that their ICT spend has declined,” observes Batra. “A really large percentage of organizations, about 53%, said that they're spending more versus pre pandemic. So what does that mean? A lot more organizations are looking at this not just as a challenge that they have to get through but they're looking at an opportunity to get ahead.” To broaden the conversation, Batra involves an expert panel with direct experience of implementing transformation in the face of crisis. Rajasegaran Subramaniam is Assistant Director for Global Delivery APAC with food and agriculture giant Cargill, based in Singapore. “A lot of our digital transformation started four to five years ago,” he says. “With the pandemic we are just speeding up some of the things that we already thought about. Our customers are also changing how they're engaging with us.”

Australian Cyber Security Magazine | 41

Featured speakers: Nikhil Batra Associate Research Director, Telecom, IDC Rajasegaran Subramaniam, Assistant Director for Global Delivery APAC, Cargill Raman Mehta SVP & Chief Information Officer, Johnson Electric Thiagaraja Manikandan, President & Group CIO Olam Amitabh Sarkar Vice President & Head of Asia Pacific, TATA Communications

He breaks future planning into three main areas: “One is to digitize our supply chain. We have a program to implement smart manufacturing, and use the data to make sure that we can maximize production yield and make sure that we optimize power and water consumption. How can we use the digital twins when we change some of the parameters in the production line? We also look at the intelligent supply chain, at where food is coming from. For example, using blockchain to make sure that the chocolate that we are eating is coming from the right farm, and that we can take care of the welfare of the people so production is sustainable in the long term.” He says Cargill is also focussed on transforming its approach to the customers and the market: “We are not just selling a traditional agriculture product, we are also getting into digital service and how we use technology to engage our customers. We are creating digital products, and mobile apps to provide information to farmers in various parts of India. We try to cut the middle people out so that we can give much better prices to those farmers.” Cargill’s third transformational push is ERP modernization: “For non-ERP systems, we try to modernize by moving it into the cloud,” claims Subramaniam. “We are already in the last phase of deploying a software-defined, wide area network as well as focusing on cybersecurity.” In the opinion of Raman Mehta, SVP & Chief Information Officer with electro-mechanical manufacturer Johnson Electric, digital resiliency is becoming a CEO-level discussion. “We grew out of automotive,” he says. “We are a tier one or tier two supplier, to automotive OEMs throughout the world. We have 35,000 employees in 23 countries and deal with the whole automotive supply chain, as manufacturing for markets like home automation and robotics.” He agrees that when it is time to leapfrog the competition, this can only happen at speed with the right digital platform: “The ERP journey takes time, and we had a lot of fragmented systems,” he explains. “We needed to connect these systems and take people out of their comfort zones. Because otherwise you’re looking at a long modernization roadmap. But if I bring in innovative business intelligence solutions, that can really speed things up. Things that used to take weeks now we can do in minutes. We can look at our demand patterns and find out which are the long lead item semiconductors by connecting the ERP system in the cloud. People are getting more empowered, and making decisions based on data. Before they would spend 80% of their time going through spreadsheets, PowerPoints, emails. We want to turn that on its head so you spend less than 20% of your time collecting information, and over 80% analysing it.” Thiagaraja Manikandan is President & Group CIO at Olam International, a $30 billion company active in around 60 countries in the agricultural and food space. He says Olam’s digitization journey started back in 2016: “It wasn't a pandemic response, because we recognized early that digitalization was the only way to go,” he explains. “Digitalization has the ability not only to transform your internal business operations and business model, it can transcend beyond those boundaries to

42 | Australian Cyber Security Magazine

transform an entire ecosystem.” Olam has launched several digital platforms, starting with one for assessing a farmer's land for traceability and sustainability, looking at fertilizers and carbon footprints. Another platform was about providing services for farmers with a poor livelihood. In India alone, there are over six million farmers on that platform. A digital warehousing platform and smart factory initiative followed: “We can visualise factories as a digital twin, as well as view millions of hectares of land with a combination of smartphones, drones, image analytics and IoT devices,” he notes. Adding to the depth of the discussion is Amitabh Sarkar, Vice President & Head of Asia Pacific with TATA Communications, an enabler of the sort of transformation the others are mapping out. He says TATA’s reach covers extreme automation, digital resilience and hyperconnected ecosystems embedded with strong AI, ML and deep data analytics. “If I look at TATA Communications, the question during pandemic was, how do we enable our employees to collaborate using tools and technologies to deliver a seamless experience to our customers in the hybrid world. This at a time when 98% of our employees were working from home in geographically dispersed locations – a huge challenge. But I think the result was stronger customer centricity through formation of customer success teams. There was an added sharpness as the focus shifted to digital platforms and solutions, bringing efficiencies globally through automation and with the right operating model.” Sarkar says that TATA’s future aim is to continue on its own transformation journey and also play a solid role as a digital ecosystem enabler: “We will be building a digital fabric on which our customers, regardless of industry can build secure, connected, digital experiences. We see huge opportunities, and driving growth in Asia Pacific is a top priority.” Cargill’s Subramaniam acknowledges that efforts to create a software-defined wide area network owe a lot to Tata Communications as a key part of that journey: “We have been working together with TATA for past two years now, and have completed about 200 sites across Asia,” he notes. “Cyber security continues to become another investment area. But most important is smart manufacturing.” Mehta of Johnson Electric agrees that networks are the lifeline of any company: “The MPLS networks of the old days with their fixed costs are not going to cut it in the modern workplace,” he concludes. “The Internet is becoming the corporate network. Now with built-in resiliency and multipath selections, you can dynamically select which application you put into which cloud, all driven by machine learning and optimized traffic routing.”

Next issue coming soon

The future is computer vision – Real-time situational awareness, better quality and faster insights By Nigel Steyn, Sales CTO, Computer Vision Edge IoT, Dell Technologies


ears ago, computer vision was just a clever science fiction innovation, but now it’s a reality that is quickly becoming a part of the enterprise landscape. In essence, computer vision uses AI and machine learning to make sense of digital video, images, audio and even biometric data, and provides insights and conclusions. With data gathered from both cameras and edge based IoT sensors dotted around a building, campus or an entire city, for example, computer vision technology applies algorithmic models to learn about visual data and turn it into information for decision making. According to Forrester, 80% of organizations expect the number of AI use cases to increase in the next two years.[1] These data-driven organizations are implementing computer vision to improve the customer experience, gain operational efficiencies and ultimately drive new revenue streams. Indeed, IDC says that organizations that are considered data analytics innovators are two times more profitable than their peers.[2] It all makes sense. Reliable, accessible data helps business and operational leaders make better decisions, strengthens security, gives companies a competitive edge and can transform how organizations deliver products and services.

The missing link: a real-time federated approach Video intelligence is not new. Most companies, public

44 | Australian Cyber Security Magazine

spaces and even today’s schools are outfitted with video camera systems. What’s standing in the way of translating video into real-time actionable insights, however, is managing the volume, velocity and variety of data, as well as connecting the dots on that data. While common approaches to data curation and analytics send data to a central platform for processing, doing so can create tremendous amounts of traffic across a network. There’s also latency involved with large data flows traveling back and forth, which is a significant issue if timesensitive decisions must be made based on the data. In order to overcome these challenges, some organizations are implementing real-time federated learning models (Figure 1) which allow for the data to be more efficiently processed and stored, for the most part, at the network edge. The idea is to build algorithmic models on a central server, which is often in the cloud, and keep data at the edge where it’s used. Send a model to the edge, train it with the local data, and then send back only the results to the central server for aggregation. In turn, the central model can be improved and sent back to the edge for enhanced local inferencing. Today’s visual data models are also designed with typical end users – at the edge – in mind. Having data scientists on hand to perform analyses has largely been replaced with standardized models and drag-and-drop workflows for a “create your own” analytics package. An analytics model marketplace has emerged where companies that are investing in computer vision technology

but don’t have in-house AI or data science expertise can incorporate models into their operations. There are significant advantages to the real-time federated approach: • You ingest visual data once and can allow multiple applications access to the information. • The model that remains on the central server is not tied to specific data; models can be shared with others without security risks. • Because training takes place at the edge, network costs are lower and there’s no need to maintain a centralized data lake. • The data marketplace democratizes computer vision for the masses, enabling the sharing and monetization of pre-trained models aligned with specific use cases.

Computer vision’s impact today Computer vision touches our everyday lives. You probably use computer vision without realizing it. Does your smartphone have facial recognition that lets you unlock the device or authenticate to online banking sites? That’s computer vision. Consider modern cars with embedded cameras. Visual data used from the cameras as well as other sensors gives modern cars the ability to parallel park themselves. Adaptive cruise control regulates a car’s speed while leaving a safe gap between itself and other vehicles, and the accident avoidance system applies the brakes when

a car is too close to an object in front of it. From a business perspective, you can find applications of computer vision across nearly every vertical – retail, transportation, healthcare, manufacturing and energy, to name a few. And you can apply computer vision across those verticals to achieve substantial outcomes, such as personal and facility safety, improved customer experience, operational efficiencies, sustainability and revenue generation. With good visual data and constantly improved models, airports can be run more efficiently, stadium customer service can be customized for each spectator and the healthcare industry can detect tumors more accurately and quickly.

Figure 1. A Federated Learning Model: The flow of information in a federated model keeps data in place froam each edge device while enabling secure data sharing of metadata, results and models across users, devices, data centers, and the cloud.

Australian Cyber Security Magazine | 45

Figure 2. Analytics Maturity Curve Data-driven organizations are now deploying prescriptive solutions that are driving tangible benefits, outcomes and near real-time actionable insights. As these solutions become more adaptive, they will bring dramatic improvements to the performance of systems and automated processes, as well as decision making. And that’s when a real-time continuous improvement loop will be possible, where a model is constantly retraining itself. The later stages of the analytics maturity curve will see processes occur with little or no human interaction or decision making, with resources reaching their destination proactively. The computer-vision-enabled car will automatically integrate with smart city traffic control systems to avoid and help alleviate traffic congestion, and it will connect with parking information to be guided to the most efficient spot based on its destination. With real-time computing at the edge and an updated model being pushed to the car, your car will “know” how to drive safely whether it’s in a senior community neighborhood or on a high-speed freeway.

Where is computer vision heading? To answer this question, let’s look at Figure 2, which depicts the maturity curve of analytics. Over the past few years, many organizations have moved from using Computer Vision as a means to retrieve just descriptive and diagnostic results to being able to be more predictive in their approach, where the models help to predict likely outcomes.

Moving forward with a computer vision strategy Adopting a computer vision solution requires proper testing and validation. Anyone can run compatibility tests and validate an application on a platform in a silo. The trick is to validate multiple applications that are working together on a platform at scale, which support the “ingest once, work on many” concept, and that span the full solution architecture from edge to core to cloud. A computer vision model design should be validated to ensure the models work properly with specific real-world computer vision applications. Validated design solutions are tested and optimized for each use case. They’re also right-sized to the environment in which they will run, which takes the guesswork out of how much storage, compute and other specs you’ll need for proper purchasing. Opting to conduct real-world testing in-house can put a strain on resources but there are third-party options available. Dell Technologies, for example, offers lab-validated solutions from a curated pool of more than a hundred technology, AI and service partners. Where validation addresses the technical elements,

46 | Australian Cyber Security Magazine

computer vision is also about the business. Each organization looking to adopt computer vision technology or bring their current implementation to the next level should focus on the insights they want to gain in order to run their business and improve processes. With computing done at the edge, previous boundaries and limitations are lifted. We can now deliver better quality insights, faster and at scale, so organizations should first focus on the outcomes they want to achieve in the areas of safety, customer experience, operational efficiencies, sustainability and generating additional revenue Computer vision technology provides deeper insights than you can get just from data. Now you can complement that data with visual information, making the data much richer and more useful, and maintain a competitive edge in this new era of how organizations operate and serve customers.


EXCLUSIVE SECURITY & TECHNOLOGY OFFERINGS register as an industry professional to gain access to our exclusive content or promote your brand to feature your content to a global market across all our channels. REGISTER FOR ACCESS PROMOTE YOUR BRAND

www. myse cu r itym ar ke tp lace . co m

Web 3.0: Sign-in with Ethereum on its way By Vinoth Venkatesan


hen signing in to popular internet services today (particularly non-blockchain services), users typically use the identity providers (IdPs), which are centralized entities with ultimate control over users’ identifiers, such as giant internet companies and email providers. Often the incentives are misaligned between these parties. Sign-In with Ethereum (SIWE) offers a new self-custodial option for users who wish to assume more control and responsibility for their own digital identity. Since Ethereum has been in use for some time now, many services have started supporting workflows to authenticate Ethereum accounts using message signing. Such as establishing a cookie-based web session that can manage privileged metadata about the authenticating address. SIWE is an opportunity to standardize the sign-in workflow and improve interoperability across existing services while also providing wallet vendors with a reliable method to identify signing requests as SIWE requests for improved UX.

Who is behind this initiative? Ethereum Foundation and Ethereum Name Service (ENS) sponsored this work. Spruce Systems will develop the SIWE standard, and it was co-founded by former ConsenSys staffers that won a recent development proposal from the

48 | Australian Cyber Security Magazine

Ethereum Foundation and Ethereum Name Service. The initial goals are modest, which is a good sign for a new initiative like this. The idea is to go beyond the sign-in process and turn existing Web2 accounts into an opportunity for crypto adoption more generally.

What are the expected benefits? Users will sign in with their Ethereum wallet supporting WalletConnect to a Web2 service installed with Sign-in With Ethereum Server SDK. Understand what information the Web2 service needs to verify and from which sources to complete the sign-in process. Select which claims to present to the server from within the Sign-in with Ethereum Client SDK to retrieve and verify the information from various sources, including Ethereum Name Service (ENS), Interplanetary File System (IPFS), HTTPS, and more.

While Web2 service hosts will be able to: Integrate the Sign-in with Ethereum Server SDK or specification into popular web frameworks and authorization libraries to support Sign-in with Ethereum, either directly

or through an authentication method aggregator such as Auth0 or Passport.js. Specify Sign-in with Ethereum requirements. As part of the sign-in process, services can retrieve and verify claims presented by the user and aggregated by ENS, such as Web3 account balances, NFT ownership, W3C Verifiable Credentials, and more. Link Web2 accounts to Ethereum addresses. Services can retrieve and verify claims presented by the user and ENS to augment their Web2 accounts with new functionality. This will be like special portals or downloads for NFT owners only, private off-chain admin panels for DAO members, or other determinations made from on-chain data or off-chain signed Credentials. Integrate the Sign-in with Ethereum workflow to an existing OAuth 2.0/OpenID Connect relying party using configuration only. This workflow relies on a trusted Identity Provider, which supports the Sign-in With Ethereum authentication method and can establish an OAuth 2.0/ OpenID Connect session.

Final Words The initial release will likely include lower-security uses like-gating content for non-fungible token (NFT) holders. But, eventually, by integrating secure off-chain storage,

SIWE could also offer “strong” options such as government ID. Users will control access to that data on a case to case basis and remove or disassociate it at will. One crucial hurdle for SIWE is the inherent risk of reusing any identifier, particularly an address that can likely get linked to wallets used for financial transactions. While the idea of using many or disposable wallets as a security measure is accustomed to crypto users, it’s possibly a bridge too far for traditional users, at least for now — one more reason SIWE is starting with baby steps. About the Author: Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.

In the rush to the multi-cloud, don’t lose sight of visibility By Jason Baden, Regional VP ANZ, F5


ulti-cloud environments are on the rise across enterprises in Australia; whether this phenomenon was caused by the pandemic and a need to shift remotely and fast, or whether it’s just a natural evolution, enterprises are adopting multiple clouds to cater to the quick ramp up of business productivity applications, the implementation of IaaS offerings, remote access and compute for data analytics, and more. Some research estimates 39 per cent of Australian enterprises have adopted multi-cloud technologies, while across the APAC region its estimated a whopping 93 per cent of companies are embracing a multi-cloud strategy – so the trajectory of multi-cloud adoption is, quite clearly, on the up. The use cases in doing so make sense, hence the rush to the multi-cloud. Yet many organisations, are unwittingly creating a complex system of clouds in doing so, which leads to challenges post-adoption. With organisations expanding their cloud environments with disparate providers and applications, suddenly the perimeter companies need to protect has exponentially grown. While these challenges are unlikely to stop the shift to multiple cloud environments, there are some key considerations any organisations should take before adding another cloud.

50 | Australian Cyber Security Magazine

Visibility or lack thereof With so many cloud environments, each with their own operating platform, it’s easy to lose sight of the applications each is hosting. Research estimates an average of 3.4 public clouds and 3.9 private clouds are being deployed or tested per organisation, each with the potential to be hosting multiple applications at any one time. At any point, that’s over seven cloud environments the IT and security team need visibility over, as well as any noncloud environments. End-to-end visibility and policy control across all apps, for many organisations, is rarely considered at the time of sign-up, but it poses risks if not addressed. Finding a single dashboard to attain and maintain visibility over these environments is paramount to understanding the level of activity across the entire network – as well as the additional security required to protect it.

Batting Back the Bots Bots are relentless. They don’t fatigue, and they can retool their attacks to overcome many common defence mechanisms, which puts security teams under strain and draws on additional resources. And that’s if you only rely on one cloud or one application. Add more and the risk surface widens with them.

on average, enterprises deploy 45 cybersecurityrelated tools on their networks; enterprises that deploy over 50 tools ranked themselves eight per cent lower in their ability to detect threats, and seven per cent lower in their defensive capabilities, than companies employing fewer toolsets. and conventional servers. Yet security of these is often forgotten and it’s increasingly becoming a common threat vector. The most common incidents we see at the API level include no authentication at API endpoints (in an API world many are web-accessible, making them an end point), broken API authentication, and broken API authorisation. Organisations need to consider security controls to protect at the API level, through: • established libraries and best practices for API authentication, such as OpenID Connect; • an API gateway to manage API authentication and authorisation; • conducting frequent inventories to maintain awareness of attack surface; and • undertaking external scans of the environment to identify vulnerabilities in practice, especially in complex environments.

Complex Cloud, Complex Security?

With an average of seven cloud environments used or in testing by businesses, there are suddenly more applications, more users, and more room for a bot army to swarm those applications at any one time. This can have an impact on the typical business, its application performance, and customer experience. And because of the distributed nature of the multi-cloud, it can happen more regularly. Having visibility across applications is one thing but protecting all of those applications – from IaaS services to payment applications – from relentless bot swarms is another thing entirely. Artificial Intelligence (AI) needs to be considered to ensure that the security can go where the eyes and nonautomated defences can’t. AI has evolved and is now more than capable of detecting anomalies, no matter the network size, at the point of attack.

Protecting the Application Comms Channels Most organisations will find a way to at least enable applications to communicate with one another, usually through API development. However, since APIs are designed for machine-tomachine communications, many represent a direct route to sensitive data, meaning that most API endpoints need at least the same degree of risk control as end-user machines

Distributed, multiple clouds often lead to distributed security, which in turn also brings challenges. Distributed security has traditionally meant different technologies, stacks, and controls for different environments. But widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Recent research found that, on average, enterprises deploy 45 cybersecurity-related tools on their networks; enterprises that deploy over 50 tools ranked themselves eight per cent lower in their ability to detect threats, and seven per cent lower in their defensive capabilities, than companies employing fewer toolsets. Ideally, security can be deployed in a uniform stack wherever possible. The stack needs to be suitable for modern environments, and support rapid deploy and decommission. It should also include security controls that are enterprise grade and mature. Multi-cloud environments are going to become more commonplace as the years progress. With applications, services and analytics moving to the cloud at an exponential pace, the move to take advantage of the ease of access to these services will increase in kind. But ease of access should not come at the cost of security and visibility, so when adding another cloud, organisations would do well to concurrently consider how they’re going to secure and maintain visibility over it, and everything else it touches. Australian Cyber Security Magazine | 51



Linda Jackson Founding Director, Deputy Chair

The fourteenth issue of Australian Foreign Affairs examines the rising tensions over the future of Taiwan, as China’s pursuit of “unification” pits it against the United States and US allies such as Australia. The Taiwan Choice looks at the growing risk of a catastrophic war and the outlook for Australia as it faces a strategic choice that could reshape its future in Asia. Published on 21 February, Issue 14 examines the rising tensions over the future of Taiwan and Linda Jakobson, Deputy Chair of China Matters, discusses the China Dream of unification with Taiwan and offers an avenue to achieve a Greater Chinese Union.

Australian Cyber Security Magazine | 29



Hugh White Emeritus Professor of Strategic Studies School of International Polotical & Strategic Studies.

The fourteenth issue of Australian Foreign Affairs examines the rising tensions over the future of Taiwan, as China’s pursuit of “unification” pits it against the United States and US allies such as Australia. The Taiwan Choice looks at the growing risk of a catastrophic war and the outlook for Australia as it faces a strategic choice that could reshape its future in Asia. Published on 21 February, Issue 14 examines the rising tensions over the future of Taiwan and Hugh White discusses why war over Taiwan is the gravest danger Australia has faced. Hugh White AO is Emeritus Professor of Strategic Studies at the Australian National University. His work focuses primarily on Australian strategic and defence policy, AsiaPacific security issues, and global strategic affairs especially as they influence Australia and the Asia-Pacific.

54 | Australian Cyber Security Magazine



David Maunsell CEO of Haventec

Haventec, a Sydney-based award-wining cyber security company founded in 2015, has secured US$10M in capital and launched their expansion into the US market after tremendous demand for their passwordless authentication and data storage solutions. Macquarie Group and Future Now Capital led the raise which will predominantly fund Haventec’s growth plans in the financial services, government and health sectors handling sensitive data. We speak with CEO of Haventec David Maunsell who outlines the recent hires in the US and the strategy for the next couple of years as the company continues to grow and expand beyond Australian shores.

Australian Cyber Security Magazine | 53


Join us for a selection of curated online educational seminars covering the latest topics and trends from the smart city world. Check out some of the listed topics below. Build your network, gain knowledge, and meet like-minded people, business and policy experts, academic researchers, and decision makers from the smart city community

TOPICS IoT & Industry 4.0 City command centres & integration opportunities Emergency management & comminications REGISTER INTEREST

Sustainability & Net Zero Mobility & 5G Networks Policy & Governance Smart Buildings Video Analytics & Sensors



Australian Cyber Security Magazine | 55

Interview with

Sarah Fayad

Deputy Lead for the AECOM Global Cities initiative

Sarah holds a master’s degree in Urban Design (with distinction) from Harvard University. Upon completion, she received the “Award for Excellence in Urban Design” and was named an Innovation Fellow. Sarah brings her experience having worked nationally and internationally (United States, Middle East, and China) to draw on her interest in turning local crises into opportunities by implementing technological solutions at various scales to drive equity, liveability, and sustainability across diverse geographies. Her current work focuses on using data and technology to fuse cities and the digital towards more equitable and sustainable outcomes. Sarah is the Smart Cities and Urban Transformation Lead and is the Deputy Lead for the AECOM Global Cities initiative representing Sydney. She is working across the various market sectors to develop strategies to enhance technological innovations in precincts while ensuring the focus remains on community outcomes and stakeholder benefits. Sarah also serves as the content writer for an executive course on “Digital and Cities” at the Harvard Vice Provost for Advances in Learning (VPAL).

56 | Australian Cyber Security Magazine

Search and find all upcoming featured security events

Plus many more! Australian Cyber Security Magazine | 57