Page 1

Print Post Approved PP100003227

THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au June/July 2017

The evolving threat to the US Pacific fleet

Information sharing for critical infrastructure

Latest terror attacks insight: Is London Bridge falling down?

Will Bluetooth5 be IoT's saviour?

Australian budget insight 2017 - Police, security & defence

2017 DDoS activities - the story so far!

Overhaul urged for Australia's Biosecurity

$8.95 INC. GST

The Implications of driverless vehicles

PLUS TechTime, Cyber Security and much more...


7-8 August 2017, Sheraton Imperial Hotel Kuala Lumpur

Developing a Resilient Future Ready Organization

Casey Fleming

Dan Tentler

BLACKOPS PARTNERS CORPORATION

PHOBOS GROUP

Chairman & CEO

Founder

Shahmeer Amir

Nitesh Dhanjani

VEILIUX PAKISTAN

UNITED STATES

Bug Bounty Hunter

Global Head, Information Security Researcher

Niclas Kjellin

Mustafa Al Bassam

SIGMA SWEDEN

SECURE TRADING UNITED KINGDOM

Mobile System Architect & Security Expert

Information Security Advisor,

David Meléndez

Dato’ Dr. Haji Amirudin Abdul Wahab

ALBALÁ INGENIEROS, S.A.

CYBERSECURITY MALAYSIA

CEO

R&D Embedded Software Engineer

Ali Rebaie

Jorge Sebastiao

REBAIE ANALYTICS GROUP

HUAWEI TECHNOLOGIES

Cloud Practice Leader

Data Science Anthropologist,

Michael Wright

Manish Bahl

GRAB

COGNIZANT

Talent Acquisition Director

Senior Director

Brett Williams

Ashutosh Kapse

Sales Engineering Head

Head of Cyber Security,

CARBON BLACK AUSTRALIA

IOOF HOLDINGS LTD

Angel T. Redoble

Chairman and Founding President

Paul Craig

Head of Offensive Security

VANTAGE POINT

PHILIPPINE INSTITUTE OF CYBER SECURITY PROFESSIONAL

Choong - Fook Fong

Dani Michaux

LE GLOBAL SERVICES

KPMG MANAGEMENT & RISK CONSULTING

CEO

Exclusively by:

Platinum Sponsor:

Executive Director

Supporting Organization:

Media Partners:

Book Your Seats: T: +603 22606500 │ E: karen@thomvell.com or admin@thomvell.com


SECURITY EXCELLENCE CALL FOR NOMINATIONS

#SecurityAwards 2017 g By

Natalie Shymko, Marketing and Communications Manager, Australian Security Industry Association Limited (ASIAL)

T

he vital role performed by Australia’s private security industry will be recognised later this year at a special awards ceremony in Melbourne organised by ASIAL. The 2017 Australian Security Industry Awards for Excellence and Outstanding Security Performance Awards will recognise excellence in the security industry. Nominations are open to all and provide an opportunity to recognise individuals, including frontline security personnel who have gone beyond what could reasonably be expected of them in providing a level of service that exceeds client’s expectations. Likewise, organisations and teams who have demonstrated leadership and innovation will also be recognised. Judging of the awards will be undertaken by an independent panel of judges, that includes Kate Hughes, Chief Risk Officer, Telstra; Damian McMeekin, Head of Group Security, Australia & New Zealand Banking Group Ltd (ANZ); John Yates, QPM, Director of Security,

Scentre Group; Chris Beatson, Director, PoliceLink Command, New South Wales Police Force; John Adams, Editor, Security Electronics and Networks Magazine; John Curtis, Director, IPP Consulting Pty Ltd and Vlado Damjanovski, CCTV Specialist and MD, ViDi Labs. Nominations are now open and close on 1 September 2017. Winners will be presented at a special awards ceremony to be held at Crown Melbourne on 19 October 2017.

2017

Award categories include: • Individual Achievement – General • Individual Achievement – Technical • Gender Diversity • Indigenous Employment • Special Security Event or Project • Integrated Security Solution • Product of the Year (Alarm,

Access Control, CCTV – Camera, CCTV-IP System/Solution, Communication/Transmission System, Physical Security (bollard, gate, barrier)

Award categories include: • Outstanding In-house Security Manager • Outstanding In-house Security Team • Outstanding Security Training Initiative • Outstanding Security Partnership • Outstanding Security Officer • Outstanding Guarding Company • Outstanding Security Consultant • Outstanding Security Installer • Outstanding Information Security Companybarrier) For more detailed information on the award nomination criteria and process visit www.asial.com.au/ securityawards2017


RECOGNISING EXCELLENCE

Australian Security Industry Awards Nominations close 1 September www.asial.com.au

2017 EVENT Winners announced - 19 October 2017 The River Room, Crown Melbourne. The Australian Security Awards Ceremony & Dinner The night is an opportunity to celebrate excellence and innovation in the security industry, and network with likeminded security professionals.

Organised by

2017

#securityawards

Lead dinner sponsor

Entertainment and centrepiece sponsor


Contents Editor's Desk 7 International An evolving threat to the U.S. Pacific Fleet Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai

8

Critical Infrastructure The Oil and Gas Industry: An insight into sustainable security

12

2017: Information sharing for critical infrastructure

14

INTERPOL World - Policing Feature

Art Director Stefan Babij

The Australian Border Force perspective on preventing import fraud

15

Page 18 - The Robocop Continuum: Confronting automated policing

Overhaul urged for Australian Biosecurity: The consequences of Correspondents Fiona Edwards Jane Lo Morry Morgan

complacency could be irreparable.

16

Budget Insight 2017

18

The Robocop Continuum: Confronting automated and robotic policing

20

The security implications of driverless vehicles

22

MARKETING AND ADVERTISING T | +61 8 6465 4732

Latest Terror: Is London bridge falling down

24

promoteme@australiansecuritymagazine.com.au

Cyber Security

SUBSCRIPTIONS

www.australiansecuritymagazine.com.au/subscribe/ Copyright © 2015 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E: editor@australiansecuritymagazine.com.au All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.

CONNECT WITH US

Will Bluetooth 5 be IoT’s saviour?

28

State of cyber security 2017

30

DDoS Activities 2017 The story so far!

32

Next generation security intelligence operations

34

Intelligent solutions and strategies at Security 2017

38

Protecting the data centre from cyberattacks

39

Identity is the key to cyber security

40

Cyber security’s balancing act between availability and protection

42

We infected ourselves with ransomware: Here’s what we learned

44

Network vulnerabilities - Get your priorities straight

46

TechTime - the latest news and products

47

Editor's book review

51

www.facebook.com/apsmagazine

www.youtube.com/user/MySecurityAustralia

www.australiancybersecuritymagazine.com.au

Page 28 - Will Bluetooth 5 be IoT’s saviour?

OUR NETWORK

www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about

Page 20 - Latest Terror: Is London bridge falling down

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions. Page 34 - Next generation security intelligence operations

Correspondents* & Contributors

www.asiapacificsecuritymagazine.com

www.malaysiasecuritymagazine.com

www.drasticnews.com

|

Jonathan Lewit

Ben Field

Niall King

Morry Morgan

Chris Gibbs

Michael Shepherd

Debbie Evan

Dr Monique Mann Robert Gibbons

www.chiefit.me

|

www.youtube.com/user/ MySecurityAustralia

www.cctvbuyersguide.com

Fraser Holmes

Additional: Sam Cohen, CF Chui, Jack Pouchet, Fiona Edwards* 6 | Australian Security Magazine

Andrew Macleod

Jane Lo*


Editor's Desk “We believe we are experiencing a new trend in the threat we face, as terrorism breeds terrorism, and perpetrators are inspired to attack not only on the basis of carefully-constructed plots after years of planning and training – and not even as lone attackers radicalised online – but by copying one another and often using the crudest of means of attack. We cannot and must not pretend that things can continue as they are. Things need to change..." - Theresa May, Prime Minister of the United Kingdom, June 4, 2017

T

here is far less value here in dissecting the case by case specifics of each terrorist incident which has occurred over the last couple of months, be those in London, Paris, Jakarta, Bangkok, Manila or Melbourne and elsewhere, when in contrast to dissecting the overall trend of these attacks, collectively. Terrorist bombings, murderous rampages and siege incidents have been occurring at an overwhelming frequency in major cities, around the world. With profound impact and implications. As an avid security observer and practitioner, it is near impossible to stay abreast of all aspects of today’ s global and all-encompassing threat landscape, be it serious physical terrorist attacks, significant cyber-attacks or nation state actors such as the USA withdrawing from the Paris Climate Agreement 2015 or North Korea continuing to fire missiles into the Sea of Japan to progress its nuclear attack capability. Whether the threat is imminent or a slowly imposing and approaching danger, the world appears ‘ stuck in a rut’ - economically, politically and socially. The threats, attacks and challenges in response is remaining ominously sustained and exhaustingly, highly dynamic. The aim of the extremists is to continue to create fear, anxiety, distrust, hatred and violent response in a whirlwind cycle that they hope and intend will only ever get worse and for it to never get better or recover. As practitioners, police and security agencies must operate within 19th century borders and legacy designed structure of government institutions, yet face and combat a 21st century, borderless, global terrorist and cyber threat landscape, shadowed by tectonic shifts in superpower geo-politics and an everdeteriorating global climate. The road to global prosperity and world peace has hardly looked further away. Politically, this is an ideal opportunity and one that must be embraced. Security is such a fundamental human requirement, immediately following our physiological needs, that to provide even just a sense, or promise of security, is sufficient to pass as providing leadership and strength. Yet politicians clearly have no sense of what providing effective security actually entails, only how to promise changes or appoint blame against opponents. It can be very

frustrating to watch, be it that seen prior to the UK election or between Australian Federal and State politicians arguing over the sharing and control of intelligence and state judicial systems. The lack of national control concerns is not too dissimilar to why there is a dysfunctional private security sector in Australia, due to misaligned state regulation. The coronial review and near 500 page report delivered on the Lindt Cafe siege, released in May, is sufficient to highlight the amount of detail which can and should be drawn from each terrorist incident when subjected to thorough scrutiny and assessment. However, ultimately this report, like so many others before it, highlighted the most common issue, consistent across nearly all incidents which went awry – it is the lack of communication between agencies and inadequate information sharing which impacted most on decision making. Indeed, the report addresses ‘ communication’ specifically, 99 times. Likewise, in the cyber security domain, a report by the Australian Strategic Policy Institute, Australia’s Cyber Security Strategy: Execution & Evolution, notes “Progress towards a national cyber partnership has been undermined by the ad hoc nature of government’ s communications and insufficient expectation management with industry partners. While some companies could show more initiative, the government also needs to more clearly delineate the division of responsibility within the national cyber partnership”. Not surprisingly, the key recommendations from this report focus on improvements needed with ‘ communication’ , not just with industry stakeholders, but also the public. In this issue, Michael Shepherd, Regional Managing Director, ANZ at BAE Systems Applied Intelligence contributes discussion on how information sharing should become best practice for critical infrastructure,he said, “advanced threat intelligence can only be built through a collaborative information sharing effort at both a government and industry level. It is the best way we can become more proactive about threat detection and react more quickly when attacks occur.” Indeed, Michael is not the only one to raise the issue of information sharing in this edition and makes mention of the use of automated schemes using advanced Artificial

Intelligence capabilities. Importantly, our cover feature is focused on the fast approaching “regulatory tipping point for automated and robotic policing”, writes Dr Monique Mann. Dr. Mann proposes, 'police robots' should be considered as not only the agents, but also the subjects of law. Priority areas requiring attention and new regulatory measures include legal frameworks surrounding robot use of force, processes to ensure the transparency of ‘ black-box’ automated algorithmic enforcement decisionmaking, consideration of how criminal law is converted into algorithm and the admissibility of softbot procured evidence in criminal trials. These issues must be confronted in the futures of automated and robotic policing. We need discussion and communication strategies developed for these challenges.” A good example of the Government trying to communicate is from Erin Dale, Commander, Customs Compliance at Australian Border Force, who wrote in to provide clarification following the recent publication of articles quoting results from the Compliance Monitoring Program. It is this type of insight which is most welcome and we are naturally pleased to facilitate that discussion. As represented with the breadth of the security domain, in this issue, we again provide a broad range of contributions dealing with national security, technology innovation risk, critical infrastructure security, biosecurity and cybersecurity. As these articles highlight throughout, the process of communication will always remain critical when faced with not only today’ s threats, but tomorrow’ s new threats, be they technological, human, natural or a ‘ black swan’ mix. Always be prepared for the unexpected! And on that note, as always, we provide plenty of thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Yours sincerely, Chris Cubbage CPP, RSecP, GAICD Executive Editor

Australian Security Magazine | 7


International

AN EVOLVING THREAT TO THE U.S. PACIFIC FLEET China’s Land-based anti-ship missiles

By Sam Cohen

8 | Australian Security Magazine

O

ver the past two decades China has committed significant resources towards developing an effective Anti-area/Access-Denial capability in its littoral zones and surrounding Seas. Chinese military forces have sought to integrate advancements made in missile technology and intelligence, reconnaissance and surveillance (ISR) systems to create a credible and persistent threat to any adversary seeking access within Chinese waters—claimed or legitimate. This has resulted in significant range and accuracy improvements for the PLA missile force, and particularly, the anti-ship missile force. These long and medium-range antiship missiles, which are deployed across a variety of platforms and augmented by a high-end, high-capacity Naval Ocean Surveillance System (NOSS), pose a legitimate threat to the U.S. Navy’s ability to access and maintain presence in the maritime areas surrounding Taiwan, parts of South Korea and Japan, and those countries bordering the South China Sea. One of the most concerning threats to U.S. and allied naval forces in the Asia-Pacific stems from the Dong Feng ballistic missile family. Within this family, two of the more highly advanced ballistic missiles are the DF-21D, popularly

known as “the carrier-killer”, and the longer-range DF-26. U.S. military officials have recognized the DF-21D as having reached Initial Operating Capability (IOC) in 2010, while the DF-26, has not yet received this status. With IOC status, in addition to continued research and development initiatives and capability testing since 2010, the DF-21D ASBM has become one of the most pressing and real threats to the U.S. Navy in the Asia-Pacific. The missile has an estimated range of 900 miles (1450 km) and travels at high-hypersonic speeds where targets are impacted at velocities between mach 10 and mach 12 (7672—9206 miles/hour). Although not yet field proven, the missile’s advanced internal guidance technologies combined with the PLA’s increasingly effective and pervasive NOSS, likely provides China with the capability to track and hit moving targets at sea—which is an incredibly complex technological achievement. Using a maneuverable reentry vehicle assisted by a terminal guidance system and an electronic countermeasure capacity to overcome missile defense systems and countermeasures, US security analysts have speculated that current defensive systems fielded by the fleet may lack the


International

'The missile has an estimated range of 900 miles (1450 km) and travels at highhypersonic speeds where targets are impacted at velocities between mach 10 and mach 12 (7672—9206 miles/hour).' necessary qualities to protect against such an advanced threat. The DF-21D’s systems allow the missile to track targets locally and without assistance from command and control centers, initial targeting data or initial satellite tracking. It also allows the missile to perform high-G maneuvers during its reentry into the atmosphere and during its terminal targeting phase. The missiles highly maneuverable reentry flight path is what is most concerning, largely because this capability reduces the effectiveness of U.S. missile interceptors targeting

the ASBM in its terminal phase of flight, or, in other words, increases the PLA’s confidence in success in engaging U.S. naval forces. Although the opportunity to penetrate Chinese airspace with long-range stand off weapons and stealth fighters and bombers would present itself at the outbreak of a conflict, actually tracking, targeting and successfully engaging the highly mobile land-based DF-21Ds before a large salvo attack can be launched against US and allied forces is unrealistic. Keeping this in mind, and noting the possibility of U.S. Carrier Strike Groups (CSGs) and Surface Action Groups (SAGs) operating in this highly contested environment, military planners face a considerable strategic dilemma: suffer large numbers of casualties and lost hardware or decline to defend allies in future conflicts. To deconstruct this dilemma, it is imperative that the US Navy improves its current missile defense posture in the Asia-Pacific to meet the threat of a salvo of DF-21Ds and other capability-similar anti-ship missiles. Are there any possible solutions that can be implemented relatively quickly without creating new systems or drastically >>

Australian Security Magazine | 9


International

'Losing the ability to project power in and near China’s sphere of influence leaves U.S. Asia-Pacific strategic interests vulnerable.' augmenting existing platforms? Perhaps Land-Based Defensive Systems on the First/ Second Island Chain can offer a tactical rebalancing that promotes U.S. operational access in the region. As a global military power, the ability to project dominant military forces across the oceans underwrites U.S. conventional deterrence. Losing the ability to project power in and near China’s sphere of influence leaves U.S. Asia-Pacific strategic interests vulnerable. To project power and to remain a credible threat to Chinese aggression, U.S. naval forces stationed in the Pacific must be able to overcome China’s ASBM threat. If they fail to maintain this conventional deterrent, the following developments are likely to occur: a. Political consequences: Regional allies may question the credibility of pledged U.S. military support, resulting in the collapse of alliances and the creation of a power vacuum – one that will surely be filled by an opportunistic China. b. High potential for increased regional Chinese aggression, particularly in its near-shore and littoral areas. This aggression will most adversely affect Taiwan, Vietnam and the Philippines, who all border areas of high strategic importance to long-term Chinese interests. c. Limited ability for the U.S. to influence territorial disputes in China’s maritime zones using naval forces (cessation of Freedom of Navigation Operations and reduced capacity to enforce the United Nation’s Convention on the Law of the Sea). d. Proliferation of ASBM technology and strategy development to other countries as a foundation for an effective A2/AD network. Potential adversaries, including Iran, Russia, and North Korea, might see China’s niche tactical doctrine as attainable, and attempt to copy it. The result would be pockets of no-access zones across global maritime commons for the US and like-minded allies. Although electronic warfare countermeasures offer a feasible and promising approach to overcoming the Chinese ASBM threat in the future, current technological limitations make the approach unreliable and incomplete. In the interim, the U.S. Navy needs to modify and augment its sea-based, kinetic intercept capability to guarantee operational access in contested Asia-Pacific waters until new defensive measures are fielded. More specifically, the Navy needs to ensure that CSG’s - the tip of the spear so to speak - have the ability to operate well inside the range the DF-21D, or where a Taiwan or South China Sea conflict would take place. Currently,

10 | Australian Security Magazine

the Navy deploys carrier-based defenses and longer-range defenses stationed on auxiliary platforms that operate alongside the carrier (i.e. destroyers, cruisers, etc.). The fleet’s long-range kinetic defensive systems are comprised of the SM-3 Interceptor, an exo-atmospheric kill vehicle, and the SM-2 Block IV and SM-6 interceptor, which are both endo-atmospheric kill vehicles. The SM-3 is used by the U.S. Navy to destroy short- to intermediate-range ballistic missile threats. It uses an exo-atmospheric "kill instrument," to collide with targets in space. It has been produced in multiple variants, with the most recent and most advanced missile being the SM-3 Block IIA. The DF-21D, launched from a Chinese land-based facility, would travel for a short time period in space to reach nearby U.S. naval forces. This leaves the Navy’s fire control systems very little time to target, acquire and launch an exo-atmospheric intercept considering the proximity of the missile’s launching site relative to the targeted ships. Considering these circumstances, it is fair to suggest that the SM-3 is unlikely to provide a high degree of defense assurance for U.S. naval forces engaged by the DF-21D. The SM-2 interceptor is used for endo-atmospheric engagement of small, high-speed ballistic missiles during their terminal phases of flight (after atmospheric reentry). The SM-6, essentially, is an enhanced SM-2 Block IV missile. It has a greater capacity to engage an agile, anti-ship missile and can be launched at an incoming threat at an earlier stage during the targeting process. Since both missiles have a relatively low flight ceiling when compared to the SM-3, incoming threats not initially destroyed by the SM-3 have a high (or even absolute) chance of survivability until they reach the engagement range of the SM-6 or SM-2. This engagement gap represents a critical defect in the Navy’s layered defense approach to ballistic missiles. The zone between effective SM-3 intercept range and effective SM-2/ SM-6 intercept range allows for an ASBM to face no kinetic threats during a portion of its flight path. It represents a weak-point in U.S. sea-based, long-range missile defense. The fleet’s short- to medium-range kinetic defenses consist of the Evolved Sea Sparrow Missile (ESSM), Rolling Airframe (RIM-116), and Phalanx CIWS (goalkeeper, ‘sea whiz’). The ESSM has been designed to counter supersonic maneuvering anti-ship missiles like the DF-21D, in addition to countering attacking aircraft and cruise missiles. The issue is that if this system is to be relied on as a primary defense against the DF-21D, the Navy is increasing the risk of CSGs or SAGs becoming overwhelmed or saturated during an attack. ESSM’s operational range is about 50km, meaning a large salvo of DF-21D’s, which would likely be combined with other, less advanced missiles, would only be engaged at very close-in distances to U.S. ships. For fire control systems to engage multiple, high-speed targets from multiple directions at such short distances means a successful intercept of (nearly) all threats is unlikely. RIM-116 is used primarily as a point-defense weapon against anti-ship cruise missiles. It has an operational range of about 9km. RIM-116 platforms are used to support close-in engagements and augment ESSM platforms—together they close the gap between the short- to medium-range intercept capability and the medium- to long-range intercept capability


for the U.S. Navy. The platform can rapidly launch several interceptors at once, which allows for multiple, simultaneous engagements. However, due to the threats’ proximity once being engaged by Rolling Airframe, upwards of three or four missiles would be used on one target to guarantee an intercept. This makes the saturation limit for this one system relatively low. Phalanx CIWS is a close-in weapon system, last line of missile defense platform. Alike the ESSM and Rolling Airframe, it is a system that is directly deployed aboard U.S. aircraft carriers in addition to other surface ships, including destroyers, cruisers and Littoral Combat Ships. Due to the high-speeds of missiles like the DF-21D, combined with the 3.5km effective firing range of Phalanx, this gun-system cannot be expected to defend against multiple supersonic weapons simultaneously - rather, it is a ‘cleanup weapon’ for those (very) few missiles that ESSM and Rolling Airframe fail to destroy. The short-term solution for the fleet’s missile defense capability deficit is the deployment of land-based defensive systems on the First/ Second Island Chain. This entails the deployment of Terminal High-altitude Area Defense (THAAD) and Patriot Battery systems, which would not only greatly enhance the fleet’s overall defensive posture, but also their offensive posture. THAAD has the ability to intercept short, intermediate and long-range ballistic missiles both inside and outside the atmosphere. The deployment of this platform to the first and second Island chain could provide a short-term, quick capability increase for U.S. naval forces stationed in the Pacific. If these platforms were to be clustered near predicted critical areas of operation, CSG and SAG could maneuver within the covered areas of THAAD and face a reduced threat from DF-21D and other anti-ship missiles (the SM-3 to SM-2/SM-6 engagement gap would be closed). Combined with THAAD deployments, stationing Patriot batteries in similar cluster-based positions would significantly increase the amount of interceptors the U.S. has in theater. Although the Patriot system does not directly reduce the DF-21D threat, it could effectively engage slower, less advanced ballistic missiles. This could allow for the more advanced missiles aboard destroyers and cruisers (i.e. SM-3, SM-2 Blk4) to be reserved for China’s most advanced threats, like the DF-21D. These land-based defensive systems also increase the saturation levels of U.S. naval forces stationed in the region - reducing the threat of a low interceptor to missile threat ratio. The missile payloads of current U.S. surface combatants largely reflect a defensive orientation, with the majority of missile space being occupied by interceptors. Officials in the Navy have largely criticized this orientation as it represents low levels of lethality for the surface fleet, or, in other words, a weak warfighting capacity. Considering the required amount of interceptors aboard U.S. vessels would decrease when land-based interceptors are deployed, the lethality of the surface fleet could be substantially improved. There would be more room in Vertical Launch Systems (VLS) for offensive (anti-ship, anti-land) missiles, thereby increasing the fleet's capacity to engage in surface warfare operations within China’s A2/AD zone. Also, this is a relatively inexpensive

"Due to the high-speeds of missiles like the DF-21D, combined with the 3.5km effective firing range of Phalanx, this gun-system cannot be expected to defend against multiple supersonic weapons simultaneously"

solution compared to redesigning the Pacific Fleet’s force structure or developing a new platform procurement strategy to accommodate both large amounts of interceptors and offensive missiles aboard surface vessels. Ultimately, land-based defensive missile deployments could allow the surface fleet to regain assured access and presence to the highly contested maritime environments surrounding U.S. Asia-Pacific allies. It would also successfully improve the US Navy’s current missile defense posture in region, and would wholesome meet the threat of a salvo of DF-21Ds and other capability-similar anti- ship missiles currently fielded by the Chinese missile force. However, with the diffusion of A2/AD strategic technologies, the US is facing denied access in multiple regions throughout the world, mainly from Russia in the Black Sea, Baltic Sea, and even the Norwegian Sea, and Iran in the Persian Gulf. Although the land-based missile deployments offer a promising short-term solution for area missile defense in the Asia-Pacific, the same strategy may not necessarily work in other contested environments. About the Author Sam Cohen is completed his B.A. in Political Science at Western University in Canada. He is beginning his M.S. in Defense and Strategic Studies at Missouri State University’s Graduate Campus in Washington, D.C. in Fall 2017. His interests are in the fields of national security policy, international law and defense procurement strategy. Sam has completed internships with the Center for International Maritime Security, Crestview Strategy and Israeli Red Cross.

Australian Security Magazine | 11


Critical Infrastructure

The Oil and Gas Industry: An insight into sustainable security management of critical infrastructure Critical infrastructure is defined by the Australian Government as:

By Fraser Holmes SCEC

“…physical facilities, supply chains, information technologies and communication networks, which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic well-being of the nation. It could also affect Australia’s ability to conduct national defence and ensure national security”.

W

ith many Australian oil and gas assets considered critical infrastructure, the oil and gas industry is subject to a myriad of safety and security requirements when it comes to the protection of critical infrastructure. There is an incessant (and legislative) need to implement measures to prevent obstructions to critical infrastructure as well as protect critical infrastructure once an obstruction occurs. The attention placed on these assets is driven by the fact that potential attacks can have devastating consequences and lead to widespread disruption of services and extensive losses beyond physical damage. However, often we see a greater emphasis being placed on reactive safety measures versus preventative security measures, leaving industry players exposed to risk. Unfortunately, general industry attitudes often view security as a “cost item” versus an asset.

12 | Australian Security Magazine

To effectively minimise risks to critical infrastructure, a holistic approach needs to be adopted that places emphasis on legislative and sound security and safety principles. Identifying Industry Threats to Critical Infrastructure: Major threats to oil and gas assets can be broken down into upstream and downstream operations, including: Upstream • offshore drilling, wellhead, production or export facilities • onshore wellhead, gathering, separation, processing, compression or loading facilities Downstream • processing plants • oil refineries • bulk refined product storage areas • shipping facilities • pipelines • corporate oil and gas infrastructure (corporate computer systems, and buildings etc.) CASE STUDY: Manned and unmanned offshore oil platforms and rigs The volatile nature of manned and unmanned offshore oil platforms and rigs places an inherent emphasis on safety


Critical Infrastructure

"The economic value of platforms and rigs has made them global targets. A

• •

hostile takeover of a manned rig would

not only be frightening for the persons

involved, but the economic loss and

political unrest could be devastating." challenges. As such, when these assets are configured, the design features are frequently focused upon safety and redundancy aspects, as opposed to security measures. However, over the last decade there has been an increased focus on security principals to physically protect the infrastructure as well maintain operations from a variety of threats, including terrorism. The economic value of platforms and rigs has made them global targets. A hostile takeover of a manned rig would not only be frightening for the persons involved, but the economic loss and political unrest could be devastating. Among oil and gas production facilities, offshore drilling platforms can potentially present a major threat to the environment surface. The facilities themselves face underwater threats coupled with salt water, corrosion and harsh weather conditions. Fishing vessels operated in close proximity vandalism and unauthorised persons are other threats that may impact upstream assets. One could argue that these concerns may in turn affect marine ecosystems, tourism and the commercial fishing industry. In response to these issues, an increased focus can be placed on security principles to ensure that in the event of an incident, there are the appropriate processes and policies in place to assist in the reduction of impact and time required to effectively respond and recover from incidents. This focus on security extends beyond simply the ‘use of technology’ on platforms, and instead seeks to provide a ‘sound security measure’ through the integrated use of intrusion detection, public address, access control, video surveillance, fire alarms, evacuation systems, process control systems and sound cyber security practises. Through effective and sustainable security measures, organisations can minimise the risks to their critical infrastructure asset and set themselves up for better response and recovery procedures in the case of an incident.

Development of a security risk management framework that includes risk and vulnerability assessments A holistic approach to security management and operations, acknowledging and including safety and cyber requirements Incorporating security architectural planning and design principles The use of security technologies to aid in the management and protection of an asset Implementation resilience and business continuity methodologies providing a framework to manage the resilience of an organisation against identified probable events.

Each of these elements must be given due consideration to provide a balanced and practical approach to security management. If too much emphasis is placed upon a single element then the balance will alter. Conclusion A sustainable approach to the protection of critical assets provides a basis for planning and to provide long-term sustainability following a disruptive event such as natural disasters, crime or equipment failures. Security has had the propensity to be seen as a cost item. The objective is to illustrate how a greater return on investment can be achieved through the introduction of sound security principles, thereby challenging the perception that security is merely a cost item.

Sustainable Security Management A sustainable security management approach to the protection of critical assets can be realised when a balanced and practical approach to security is employed, incorporating the following measures: • Implementation of Cyber security strategies incorporating both Information Communications Technology (ICT) and Operational Technology (OT) security principles

Australian Security Magazine | 13


Critical Infrastructure

Smart City Series

2017: Information sharing for critical infrastructure

A By Michael Shepherd Regional Managing Director, ANZ at BAE Systems Applied Intelligence

ustralian critical infrastructure, from telecommunications networks to energy and water, are becoming first line targets for cyber hackers. They face daily malicious cyber-attacks from increasingly organised and ambitious criminal groups and activist hackers. It’s important we change the way we build cyber resiliency for our most important service and utility assets. The Australian Security Centre’s most recent survey revealed 90 per cent of Australian organisations faced a cybersecurity compromise in the past financial year, with over half admitting they were usually alerted to possible breaches by external parties before they detect it themselves. This is very worrying. Think about all the critical information transiting via our telecom networks, the confidential data in the possession of our banks, or the increasing number of internet-connected devices and applications used to make our hospitals and transportation systems work. These networks are increasingly the focus of hackers of all shapes and sizes. Just recently, the Wannacry ransomware attack affected networks including more than 150,000 machines across the globe, including critical medical services in the United Kingdom. Confusion reigned during this event and important lessons need to be learned so that industry and government are better prepared next time. Fortunately, the Federal Government is proactively trying to address the issue, with the recent launch of the Critical Infrastructure Centre (CIC), aimed at providing a coordinated and cohesive approach to the security of Australia's critical infrastructure. With a strong belief that only through Government and industry working together can we hope to maintain an edge in cyber defence, our response to the CIC’s discussion paper looked at how we can better secure our critical infrastructure, including through: A proactive and collaborative approach Increased partnership between and amongst private enterprises and governments is vital. Only a multi-channel provision of reliable and timely information can help mitigate potential threats to critical infrastructure. By sharing knowledge the industry will start building a national threat intelligence bank. It is important to first build up an understanding of best practice and common threats in an appropriate and user friendly network architecture. There are a number of important considerations that need to be addressed, including: • Reciprocal flow of information: One consistent criticism of regulatory-led threat disclosure schemes is that the flow of information is a one-way street. It is

14 | Australian Security Magazine

important that the federal government and third party security providers have a clear set approach to sharing information with industry. Confidentiality of information: Concerns range from general privacy issues, disclosure to third parties via Freedom of Information requests, potential anti-trust and other liability issues. Information provided by critical infrastructure providers and their partners must be provided with the understanding that it will be kept in the strict confidence. A network must be designed with information security, and anonymity if necessary, the highest priority, and in the case that information is hacked or leaked, organisations should first let their counterparts in the industry know about the breach and potential information in jeopardy. Cost of compliance: Compliance generally comes at a cost and regulatory bodies must consider the motivation of shareholders, stakeholders and partners in engaging in substantial business defence endeavours not directly connected to their own networks. It is important that regulatory bodies design compliance requirements that are fit for purpose, and enable every owner of critical infrastructure to meet compliance measures in as cost effective a manner as possible.

A more robust approach to information collection and management Another vital discussion is around the provision and dissemination of technical information that can help better secure critical infrastructure assets. Information such as cataloguing the security attributes of individual assets, cyber security maturity and capability, threat response strategies and audit and compliance data would help industry and security providers act more quickly and proactively to threats, with the government acting as an information sharing facilitator. Our national strategy should include approaches to manage such information, including how to collect, analyse, and act on it. Developing and sharing better threat intelligence will help build proactive cyber security strategies and incident response plans, and eventually lead to smart and automated schemes thanks to advanced Artificial Intelligence capabilities. As critical infrastructure receives more attention from cyber hackers, a collective response will help keep up with the evolving threat landscape. Advanced threat intelligence can only be built through a collaborative information sharing effort at both a government and industry level. It is the best way we can become more proactive about threat detection and react more quickly when attacks occur.


Opinion editorial in response to Australia ‘bleeding revenue’ through petty fraud article in Lloyd’s List and Australian Security Magazine

The Australian Border Force perspective on preventing import fraud

T

he Australian Border Force (ABF) would like to provide clarification following the recent publication of articles quoting results from the Compliance Monitoring Program (CMP). The CMP is a statistically valid and random sampling program, designed to test the overall compliance with customs and border laws. It also provides an additional measure to capture revenue leakage and is used to inform targeted compliance activity. The Department of Immigration and Border Protection, which includes the ABF, continues to be the second largest revenue raising agency for the Australian Government— second only to the Australian Taxation Office. As part of the ABF’s compliance role, we engage with entities across the whole supply chain to address potential risks and to optimise the collection of border revenue. As at 30 April 2017, the ABF undertook more than 500,000 preclearance and post-transactional checks, including targeted audit activities on both cargo reports and import declarations. As a result of these compliance activities, the ABF collected more than $73.5 million in revenue, representing an increase of 18.7 per cent compared to the same period in 2015-16. The CMP is one of many layered mechanisms available to the ABF to monitor compliance in relation to cargo reports and import declarations. Our compliance controls and mechanisms are designed to deliver on Government intent. Our activities are focussed on addressing non-compliance and increasing voluntary compliance. We provide the results of the CMP to industry to show where compliance needs to improve. We constantly monitor and evaluate the effectiveness of our tools and activities. We use multiple intelligence and information sources to establish a comprehensive understanding of compliance risk areas and vulnerabilities. Of course, we cannot inspect all of the millions of goods that cross our border every year, and we don’t want to delay the vast majority of importers who do the right thing. That is why we use a range of tools and activities ahead of, at and after the border, work with our partner agencies, and use intelligence to target high risk shipments. We are continuously working to improve our ability to prevent and detect fraud and to work with industry in maintaining the integrity of the supply chain. Ahead of the border We engage with industry, partner government agencies and our overseas counterparts to raise awareness of Australia’s border laws and share intelligence. Treating risks ahead of the border is less resource intensive for us and industry, and provides the ultimate protection to the economy and community. We provide valuation, origin, and tariff advice to Australian importers and their representatives. This is a free service and allows private, binding rulings that give certainty to importers before importation.

the goods and the associated documents allows us to treat risks before they are imported or exported in or out of Australia. We undertake overt and covert examinations of goods before they enter home consumption. We also check that reporting requirements have been met, and perform physical inspections of depots, warehouses, and air and sea ports, to ensure compliance with licensing and legislated obligations. We assess a sample of all import and export declarations and cargo reports to monitor the accuracy of data entered in the Integrated Cargo System. Cargo reports are regularly examined at the border to confirm the accuracy of the information being reported and the value of goods is correct. Information and analysis from this work is used to assess overall compliance, measure revenue leakage, and identify emerging compliance issues. The ABF then acts on this to, where appropriate, conduct operations and tailor our processes to address any issues. After the border We perform post-clearance assessments of import and export declarations and associated records. We are also responsible for ensuring compliance with the legislated requirements for the following schemes and arrangements: • Refunds—we assess targeted refund applications to ensure compliance with regulations and rules of trade. This includes ensuring compliance with concession schemes and free trade agreements. • Drawbacks—we assess applications for the Duty Drawback Scheme, which allows exporters to get a refund of customs duty paid on imported goods where those goods are exported unused, or treated, processed, or incorporated into other goods that are then exported. • Temporary imports—we determine whether goods qualify for temporary import status. For some goods it is necessary that a security is paid— usually equivalent to the taxes applicable to the good—until the goods are re-exported.

If you see something suspicious, report it to Border Watch at: www.border.gov.au/borderwatch For more information about our approach to trade and goods compliance visit www.border.gov.au Erin Dale Commander, Customs Compliance, Australian Border Force

At the border We risk assess all goods at the time a declaration or cargo report is submitted, and before the goods are delivered or clearance is given. This assessment of

Australian Security Magazine | 15


INTERPOL World - Policing Feature

Overhaul urged for Australian Biosecurity: The consequences of complacency could be irreparable.

T By Debbie Evan

16 | Australian Security Magazine

he term ‘biosecurity’ often conjures images of biological decontamination units, letters containing Anthrax spores, remnants of State sponsored biowarfare programs, and laboratory created super viruses that have the potential to infect millions of people across the globe. Global discourse, along with some of the world’s most educated and influential people such as Bill Gates, warn of scenarios where terrorists or bio-criminals with malicious intent obtain deadly pathogens from synthetic genomics companies, unsecured laboratories or from naturally occurring pathogens found in the environment. The potential for biological weapons to be developed and delivered into overpopulated cities with relative ease is a frightening but realistic prospect. The global biosecurity literature therefore takes a multidimensional, layered approach to the threats which pose a security risk. Of specific note is the Danish biosecurity system which addresses modern biosecurity threats evolving and emerging from the global environment. The legislative framework operates under a single, national biosecurity agency – The Centre for Biosecurity and Preparedness (CBB). In Denmark, biosecurity is understood as ‘the prevention of malicious use of biological substances and related materials’ and the biosecurity effort aims to secure biological agents and related materials from potential theft, loss, accidental release or malicious use. The contemporary Danish operating model is reflective of the multidimensional concept of global biosecurity, and is pre-emptive in nature, rather than reactive. In Australia however, the term ‘Biosecurity’ is often

synonymous with quarantine. Biosecurity is frequently understood in an agricultural context and on a practical level, is mostly an extended quarantine function – addressing the risks of pests, weeds and diseases contaminating our environment, impacting on Australia’s agricultural sector and economy as well as human health. In the Australian context, the Biosecurity Act 2015 (Cth) provides for the legislative administration of biosecurity in Australia, however its focus is predominantly centred on border control and administrative functions, along with powers relating to biosecurity response, post event. Consequently, it is very much a quarantine model, albeit an extended one. So why is there such disparity between the global framework of reference and biosecurity in Australia? At an international level, the Biological Weapons Convention (BWC) came into force in 1975, however there remains no international organisation responsible for biosecurity governance or oversight for the implementation of the BWC. Similarly, although the United Nations Security Council Resolution 1540 (UNSCR 1540) contains legally binding obligations on member states, the 1540 Committee (the Security Council Committee established pursuant to resolution 1540) is not a sanctions committee, and does not prosecute or investigate alleged violations of obligations. The flow on effect for biosecurity policy developing out of international governance essentially does not exist and as a result, Australia has developed its own model of biosecurity. Over time, the Australian model has remained aligned with principles of quarantine, rather than principles of security as seen in other sectors with international


INTERPOL World - Policing Feature

implications. For example, Maritime Security and Aviation Security, through various treaties, have specialised intragovernmental direction to ensure standardised minimum security controls. These include the International Maritime Organisation (IMO) established in 1948, with its Safety of Life at Sea convention (SOLAS). Chapter XI-2 of the SOLAS convention (special measures to enhance maritime security), embodies the International Ship and Port Facility Security Code (ISPS). For aviation security, the International Civil Aviation Organisation (ICAO) sets the consensus direction security standards, embodied with Annex 17, under the United Nations. The influence of these international organisations on national development ensures consistency across countries and regions. Biosecurity has not yet reached this milestone. While the Australian biosecurity framework has provided us with possibly the best quarantine system in the world and cemented a clean, green image for our agricultural sector, it is arguably economics based within the context of international trade, rather than considering malicious centred actions. The current biosecurity focus in Australia is about controlling the introduction of pathogens through non-malicious means, that is; accidental contamination of materials and equipment being imported, the inadvertent importation of high risk items into the country, unintentional introduction of pathogens from the import of plants and animals, and other modes of introduction such as vector borne diseases or pathogens emerging from natural or environmental conditions or sources. These are only a few examples of biosecurity risks and modes of introduction. The broad spectrum of risks seems to have one common theme - the component of malicious intent is at best lacking, if not almost entirely absent. From this, it would appear Australia has deviated from current global concepts of biosecurity risk and as a result, is potentially lacking in fundamental principles of security. In the global threat environment, biosecurity is more than an issue of agricultural quarantine and likewise, Australia cannot afford to be complacent. The implications of a biosecurity system lacking in fundamental principles of security are enormous and the potential impact could be devastating not only to our economy from agricultural losses, but to human health in the event of malicious introduction of disease. In agriculture alone, the potential impact on the economy from the introduction of a pathogen such as Foot and Mouth Disease could reach $50 billion, a 2013 estimate from the Federal Government. The 2001 Foot and Mouth outbreak in the U.K. affected approximately 10 million animals and cost an estimated £8.6 billion (approximately $15 billion AUD). On a much smaller scale, the economic impact of a biosecurity breach is currently evident in Western Australia due to the detection of Tomato Potato Psyllid, a pest which affects tomatoes, potatoes, eggplant, capsicum and other plants in the Solanaceae family. The government has implemented a Quarantine Area Notice (QAN) and emergency interstate movement controls are in force. The impact on the WA economy is estimated to run into the tens of millions, not to mention the impact on the lifelong efforts and livelihoods of vegetable farmers. The detrimental effect on WA vegetable producers is relatively small in proportion to the potential

impact of a major biosecurity event in the cattle or wheat sectors. The National Farmers Federation (2012) estimates the gross value of Australian farm production to be $48.7 billion a year with Cattle, Wheat and Milk being the top three agricultural commodities with an estimated combined annual production of $15.5 billion. As devastating as the impact of Tomato Potato Psyllid is on WA vegetable producers, it is nowhere near as catastrophic as the impact of a deliberately and strategically introduced pathogen on one of our major agricultural sectors. To address this potential catastrophic outcome, agriculture must arguably be re-evaluated and regulated as part of Australian critical infrastructure. Currently, the agricultural sector is not considered high priority critical infrastructure, rather food and grocery is included as a sector group of the 2015 Critical Infrastructure Resilience Strategy – a non-regulatory business-government partnership. However, forward thinking policy developers should be cognisant that the vulnerability of the entire agricultural and food producing sector and regulatory security requirements should be further developed in line with critical infrastructure and national security policy. Regulation of the security of farms, farming assets and infrastructure is key to addressing threats of a malicious nature, consistent with that of the aviation and maritime sectors. Current biosecurity strategy, such as border security and on-farm surveillance training, will certainly aid in the prevention of the introduction of plant and animal weeds, pests and diseases - however, it will not address the risk of deliberate and malicious destabilisation of the agricultural sector. The Beale Review (2008), highlighted that Australia would benefit from a single agency responsible for Biosecurity. Such an approach is arguably necessary if the Biological Weapons Convention as the international legislative framework (until such time as an international biosecurity organisation is established), is to be adopted, and broader biosecurity policy should be driven by collaborative global assessments of biosecurity risks. In the agricultural sector, risk mitigation needs to start at the farming level through the implementation of security regulations developed for the protection of farms – not reliance on biosecurity officers at the border or farm workers as part of the ‘shared responsibility’ strategy. In the interests of long term national preparedness, Biosecurity in Australia needs to be redeveloped into a broader, more threat driven holistic approach with security as the underlying methodology rather than purely being an extension of a quarantine framework.

"The 2001 Foot and Mouth outbreak in the U.K. affected approximately 10 million animals and cost an estimated £8.6 billion (approximately $15 billion AUD)."

About the Author Debbie Evans BSc (Security) is currently undertaking a research based Master of Science (MSc) through the Security Science program at Edith Cowan University, under the supervision of Associate Professor David Brooks and Dr Michael Coole. Her research focus is on Biosecurity in agriculture, and aims to promote a global threat perspective within the Australian biosecurity landscape. Debbie has extensive experience working cross-culturally (South East Asia) and is currently the Director of an agricultural business in Western Australia with an interest in sustainable farming.

Australian Security Magazine | 17


INTERPOL World - Policing Feature

Budget Insight 2017

By Fiona Edwards Canberra Correspondent

18 | Australian Security Magazine

R

egaining the trust of the voters was clearly Treasurer Scott Morrison’s key objective for the 2017-18 Federal Budget. In delivering what can only be called a defensive document, the Government has cast aside surplus in favour of delivering a political statement that has cut off nearly all avenues of attack used by Labor. And the good news stories emerged from Treasury even before the official budget release, with the announcement that the Australian Federal Police (AFP) were to be recipients of – according to the PM - “the largest single funding investment in the AFP for over a decade”. $321million will be poured into the AFP over four years to boost the country’s specialist response capabilities, covert physical and technical capabilities as well as forensics and intelligence capabilities. This will involve employing more police negotiators, tactical response officers, bomb response technicians and canine resources specialising in drug, cash and explosive detection. The AFP will also be increasing the number of physical surveillance teams, covert online investigators, undercover operation members and police technical teams, digital forensic specialists, crime scene investigators, firearms and armoury specialists, biometric experts, forensic intelligence analysts, and operational intelligence professionals. It is anticipated that as many as 300 new staff will be recruited. According to the Minister for Justice, Michael Keenan, "This is a very significant investment, the largest single investment in the past decade and it goes over and above what we have already done to ensure the AFP has the resources that it needs to do its job.” He added that the AFP has been facing increasingly sophisticated threats, with the nature of crime changing in

the digital age. In a statement that ran along the same lines, the Turnbull government said the cash would "equip the AFP with new capabilities and greater flexibility to respond rapidly to emerging crimes today, and into the future". According to the government, "The additional experts will fast-track investigations and lock up criminals sooner, targeting areas of priority including terrorism, criminal gangs, drugs, organised crime, cybercrime, fraud and anticorruption.” The funding boost is the "first step in the AFP’s 10year plan to deliver a new vision for the organisation", the government said, making “the AFP a more responsive and robust organisation, with expert skills and world-leading technology at its core." Stakeholders in the cyber security space are clearly impressed with the government’s move to invest in the industry. Says Director of Sales ANZ for LogRhythm Simon Howe, "As major security breaches in Australia continue to dominate headlines, it has become critical that government take the threats to business and the country’s key infrastructure installations seriously.” He adds, “Robust security initiatives need to be developed and implemented urgently and the government’s interest and investment in this space is to be applauded.” Jim Cook, ANZ Regional Director for Malwarebytes agrees. “Cyber security continues to be a major issue for businesses and consumers alike. Australia is the sixth most targeted country for ransomware and the seventh most targeted country for banking Trojans. The number of attacks is growing at an alarming rate with a potentially devastating impact on daily life, productivity, brand reputation and


INTERPOL World - Policing Feature

While its “a blatant lie” according to Shadow Minister for Justice Clare O’Neil, who tweeted that where the PM said there would be a $321million funding “boost” and 300 extra police, the reality was that the was a $184million funding cut across the four year projections and 150 fewer police in the first year. revenue. The government has made a significant investment in cyber security and it is now critical that funding for robust cyber security initiatives including education are developed and implemented as soon as possible to ensure people and businesses are protected.” He said. 300 new jobs? Big investment in the AFP? But it has to be asked….is it all as it seems? Speaking on radio, Labor’s Shayne Neumann, the Federal Member for the Queensland seat of Blair said the $321 million dollar package was a “con job”. While its “a blatant lie” according to Shadow Minister for Justice Clare O’Neil, who tweeted that where the PM said there would be a $321million funding “boost” and 300 extra police, the reality was that the was a $184million funding cut across the four year projections and 150 fewer police in the first year. The Australian Federal Police Association is also yet to be convinced the package is actually what it appears. While welcoming the injection of funding AFPA Vice President Graeme Cooper says the announcement should be examined closely to understand what this investment really means for AFP resourcing into the future. “The AFPA welcomes the funding boost announced, but it should be acknowledged that in real terms, this investment will be used to stabilise staffing levels in the AFP, which have been declining for some time. It will not see the size of the AFP expanding, as reported,” said Mr Cooper. “Given the staffing reductions we have seen over recent years, we expect when this funding runs out in 2021, the AFP will still be smaller than it was in July 2015. While investing in specialist personnel is important, redeploying existing resources into specialist roles will do nothing to solve the staffing problems already being felt within the AFP,” He said. All this comes at a time when AFP staff, who have not had a pay increase in over two years, will soon be asked by the Government and the AFP to accept an enterprise agreement that will see them worse off by slashing their pay and conditions. Earlier this year, the Parliamentary Joint Committee on Intelligence and Security recommended national security

agencies — such as the AFP — be exempt from the annual funding cuts referred to as efficiency dividends. Perhaps the $321 million suggests that there is tacit agreement within government; this is despite Minister Keenan saying that there are no plans to withdraw the efficiency dividend requirement. Minister Keenan has denied suggestions the new funding indicates that the AFP has been under resourced up until now. Instead, speaking on ABC AM, Minister Keenan said the funding will ensure the AFP has adequate personnel and resources to deal with the multiple threats facing Australia. "We are living in a very difficult national security environment and we're also living in an environment where organised criminals, particularly those involved in the drug trade, continue to enhance the sophistication of their operations," he told AM. "And we need the AFP to be a high-tech organisation, with the skills sets available to it, to meet these threats." There is little doubt that the new financial injection is needed. Counter Terrorism was a growth industry in the aftermath of the 2002 Bali bombings and the AFP benefited. This included the building of critical investigative and technical capability as well as further developing its prominent international role. But such financing has declined in recent years, despite the increased terrorist threat, and the growth of organised crime and new crime types such as online fraud. At a recent Senate Committee, AFP Commissioner Andrew Colvin is quoted as saying that without increased funding, critical capabilities would be cut. The budget announcement directing additional funding to enhance technical capabilities such as forensics and surveillance, tactical response elements and intelligence serves to go a little way to meet current and emerging threats and crime types. ANZ Regional Director for WatchGuard Technologies, David Higgins, believes that government should be applauded for its significant investment in cyber security. He says that, “Cyber security continues to be a major issue for business as ransomware and financial fraud attacks grow in Australia at an alarming rate with a potentially devastating impact on productivity, brand reputation and revenue. It is now critical that funding for robust cyber security initiatives and education are developed and implemented as soon as possible to ensure data is protected.” Meanwhile there were no shocks or surprises for Defence, as they continue to receive the funding promised in its 2016 Defence White Paper. Next financial year, the Defence budget will grow by over 6% in real terms, to reach $34.7 billion—equivalent to 1.9% of GDP. Further strong growth is planned over the next three years, with defence spending scheduled to reach 2% of GDP in 2020-21. On the personnel front, over the next four years the Navy will grow by around 540 positions, Army by 760, and Air Force by 400. Over the same period the number of civilians will increase by around 850, from 17,350 to 18,200. The planned new civilian and military positions—all initially announced in the White paper—reflect the additional demands flowing from the expanded scale and range of capabilities to be operated by the ADF.

Australian Security Magazine | 19


INTERPOL World - Policing Feature

The

Robocop Continuum Confronting automated and robotic policing

I By Dr Monique Mann

n July 2016, Dallas police deployed and detonated a remote controlled robot laden with explosives, resulting in the death of a sniper. This event drew widespread attention to robotics in policing, as this was the first time a robot had been used to kill outside the battlefield. However the use of robots to slay suspects, as in the Dallas case, represents but one extreme example of robotics in policing. There is a more nuanced continuum of police technologies being widely implemented in Australia, and around the world. Two opposing axes of hardware-software and autonomydependence define the continuum of police robots. This produces a typology of automated and robotic police technologies, including dependent (or human operated) robotic hardware, autonomous robotic hardware, dependent software and autonomous software. From dependent hardware police robots through to autonomous softbots, the social, legal and ethical issues become increasingly more complex and appreciation of this continuum of technologies precipitates important considerations concerning human rights, due process protections and regulatory approaches. Human Operated Police Robots Robots are increasingly part of law enforcement operations, and most robotic devices currently in use are human-operated. That is, the robot or machine complete tasks under human

20 | Australian Security Magazine

control and supervision. This may include functions ranging from bomb defusal to crowd dispersal (via the use of Long Range Acoustic Devices, LRADs). The actions of these robots can be attributed to human decision-making, however this is not to say these technologies are unproblematic or do not raise important ethical, social and legal concerns. One major unresolved issue concerns the use of both lethal and non-lethal force by human operated robots, as was the case in the Dallas incident. Yet when decision-making becomes increasingly abstracted from human actors, further issues emerge. Autonomous Deception Detection and Robot Enhanced Interrogation Police have historically used the polygraph for lie detection; however, a modern alternative is evolving in the form of the Automated Virtual Agent for Truth Assessments in Real-Time (AVATAR), currently under development by the University of Arizona and United States (US) Customs and Border Protection. Further, the US Department of Homeland Security is working towards Future Attribute Screening Technology (FAST) where a robotic interviewer asks questions while assessing biometric information such as facial expressions, voice intonation and inflection to detect deception. Combining this technology with predictive questioning and access to large and ever expanding police


INTERPOL World - Policing Feature

databases enables robot-enhanced interrogation. There are concerns about an individual’s right to silence and to not self-incriminate, as well as questions around the parameters of legitimate search. Here, ‘black-box’ decision-making creates the potential for limited transparency in how policing decisions are made by machines. Automated and Area Wide Surveillance Automated systems of surveillance including Automated Facial Recognition Technology (AFRT) and Automated Number Plate Recognition (ANPR) have the potential to completely remove humans from decision-making processes associated with surveillance and access control. The integration of this technology with widely implemented existing surveillance systems such as CCTV has enabled automated detection and decision-making. For example, some businesses in the UK are using a system known as Facewatch that scans and cross-references faces with police databases to alert store owners when suspected shoplifters enter their store. In addition to automated surveillance, there have been recent revelations about programs of area wide surveillance by drones and aircraft, such as by the Baltimore Police Department. Together, these programs have the potential to create a world of near ‘perfect’ surveillance with obvious implications for individual rights to privacy.

‘black-box’ decision-making creates the potential for limited transparency in how policing decisions are made by machines. Conclusion The regulatory tipping point for automated and robotic policing has past. Certainly police robots should be considered as not only the agents, but also the subjects of law. Priority areas requiring attention and new regulatory measures include legal frameworks surrounding robot use of force, processes to ensure the transparency of ‘blackbox’ automated algorithmic enforcement decision-making, consideration of how criminal law is converted into algorithm and the admissibility of softbot procured evidence in criminal trials. These issues must be confronted in the futures of automated and robotic policing.

Autonomous Robot Patrol Autonomous patrol by robots is perhaps the clearest example of both automation and robotics technology in policing and uptake is readily expanding across the world. The Knightscope K5 Robot is a popular choice in the US for patrolling shopping centres, car parks and schools. Robotic prison guards have been used to patrol prisons in South Korea, and the ‘Reborg-Q’ patrols public areas in Japan. From May this year autonomous police robots will patrol in Dubai, where officials have set a target that a quarter of all police will be robotic by 2030. Questions remain about the capacity for human decision-makers to override autonomous agents when on patrol making independent policing decisions. Who is responsible for the actions of autonomous robots? How do we translate criminal law into algorithm? What parameters are set to operate? What is the impact of machine learning? And how do we factor in error? Softbots, Information System Security and Cyber Policing Finally, ‘softbots’ (autonomous software) must be considered following last year’s Defence Advanced Research Projects Agency’s (DARPA) grand cyber challenge with programmers competing to develop and deploy autonomous software that both defends and attacks information systems. There are numerous possible applications of autonomous softbots in cyber security and law enforcement contexts. One example is the ‘Sweetie’ softbot, a computer generated 10-year-old Filipino girl created specifically to lure online child sex predators. As these cases proceed to trial, it is unclear whether this use of technology will be considered entrapment.

The Knightscope K5 Robot Australian Security Magazine | 21


INTERPOL World - Policing Feature

The security implications of driverless vehicles

T By Keith Suter Managing Director Global Directions

his article is designed to help us think about the unthinkable. Mass produced motor vehicles have transformed our life in the past century or so. We are now apparently only a few years away from another dramatic transformation. But there is little public discussion in readiness for the new era. Henry Ford’s revolutionary method of mass production (which we now take for granted) not only changed our methods of transportation but also created its own economic and social eco-system. Thus, cars and trucks could travel long distances; gas stations were needed for refuelling; road side café’s refuelled the passengers; fast food outlets increased the delivery of food. A whole new consumer culture emerged. Healthcare experts might also complain about the increased costs, such as road accidents and the risks of a sedentary way of life. The Next Big Disruption The next big digital disruption will be self-driving vehicles: vehicles that do not need a human driver. They eventually will not even have a driving wheel or “front seat”. The consumer will call up a car via their app. The vehicle will take them to their destination, debit their bank account, and drive off to the next consumer. Uber, which is an investor in this new technology, is already getting users accustomed to not needing their own

22 | Australian Security Magazine

personal vehicle. Acquiring one’s own first motor vehicle used to be a rite of passage for young people; now that is ending. Uber is getting people used to not owning cars. Instead a customer may now call up a human driver to take them from one point to another. The next stage will be to remove the human driver. The driverless revolution contains a number of promises. Self-driving vehicles will provide: safety (most current accidents involve human error such as texting while driving or driving under the influence of alcohol), convenience (no need to worry about where to park a car) and efficiency (people will have more time to work in their vehicles). The cars will also communicate with each other and so they can work together to reduce traffic jams; the passenger will decide on the destination and leave it to the car to go via the best available route. A new industry will emerge to cater for what goes inside the vehicle: entertainment systems will be built into the vehicle to occupy time while the vehicle is moving. Two demographic groups that may urge greater attention to this revolution are: people with disabilities, and older people who can no longer hold a driver’s licence. Both groups will see the potential for their increased mobility. Currently an average car spends only two per cent of its life on active service; the other 98 per cent is spent being parked somewhere. Self-driving cars will mean less space needed to be reserved for car parks (which are storage


INTERPOL World - Policing Feature

spaces for empty cars). Laws are already being changed in some American states and parts of Europe to permit vehicles to travel “without the active physical control or monitoring of a natural person”. These vehicles (cars, buses and trucks) will be widespread by 2030 or even 2025. Today’s players (notably Google, Tesla, Mercedes, GM and Uber) are expecting the gradual introduction of the vehicles. For example, insurance companies may decide to penalize car owners who wish to drive their own vehicles, and so gradually car owners will opt for driverless vehicles. Human-driven cars will not suddenly disappear; there will be some years notice of the new era emerging. There will also need to be major infrastructure reforms: the creation of “driverless roads” and having vastly increased bandwidth for the sensors to operate. New infrastructure employment opportunities will therefore also be created. Motor accidents in developed countries is one of the most common ways of dying. Driverless vehicles hold out the promise of much safer travelling. How will parents in the future explain to their children that they once had to risk their lives by driving cars? The Wider Security Implications There is, therefore, much to be said about the driverless vehicle revolution. However we also need to go into this new era with an awareness of the security implications. There is a tendency to plunge optimistically into new technology looking only at the presumed benefits without also thinking about some of the possible security risks. Modern societies run on wheels. The risk of disruption cuts across all economic activities: travel to school and work, transportation of goods, marketing of vehicles, medical and legal work on traffic accidents. Here are three issues worth monitoring. First, all discussions involving the Internet need to factor in the vulnerability of the spinal column so to speak. Danny Hillis is one of the Internet’s pioneers (he had one of the world’s first Internet addresses). In a 2013 TED talk The Internet Could Crash: We Need a Plan B he warned about the Internet’s vulnerability to disruption. The Internet is now an “emergent system”. It is constantly changing and so no one person or organization now has a complete understanding of the entire system. A comparison could be could be made with the 2008 Global Financial Crisis: this was triggered by a disruption in a small part of a complex web (a sector of the US housing mortgage segment) which had a contagious impact on the entire system. An obvious point of vulnerability with the Internet is the array of aerial communication satellites. An attack (say by North Korea) on a part of that system could disrupt much of that system. As with terrorism, the North Koreans could rely on the mass media to spread alarm. Depending on the duration of the Internet crash, people could be stranded on motorways long distances away from help. Second, it is impossible to predict extent of the impact on employment. Some new jobs will be created to cater for these vehicles. But a major incentive for innovation is the prospect of reducing labour (and therefore costs). There is bound to be

increased unemployment as the years roll by. In August 2016 Uber bought Otto a California start-up specialising in self-driving cargo trucks. Two months later Uber’s first self-driving truck made its first delivery: 50,000 beers transported without problems across the state of Colorado. While driverless cars may get the publicity, the trucking industry is where major strides are also taking place. A by-product of the decline in retail shopping centres, is an increase in parcel delivery because people buy online. Driverless trucks increase the opportunity for “platooning”, whereby a series of trucks can drive at high speed close to each other, thereby reducing air pressure (and so gaining greater fuel efficiency). The vehicles communicate with each other on how each is travelling. However, trucking is an important source of American employment. It is one of the best-paid sources of employment for people without university education. It is the most common occupation in 29 American states (out of 50). The drivers are at risk of losing their jobs. Trucking is also a key part of an economic and social ecosystem. That ecosystem evolved from the Interstate Highway network created in the 1950s, 1960s, and 1970s. That network replaced an older ecosystem of small towns and villages along such routes as those on the legendary Route 66 (which is now becoming a form of heritage trail). Driverless trucks will not need roadside cafes and diners. Long-term structural unemployment is one of a country’s gravest security threats. At the very least, there is an anger that can be mobilized by populist politicians. The German experience of the 1930s showed that such populism can result in extremist politics. Some unemployed people may turn to physical violence. What could be the employment implications for industries based on coping with road accidents (ambulance, police, trial lawyers, insurance companies)? There is a lot more to driverless vehicles than just the disappearing drivers – many other occupations will also change (and possibly disappear). Third, every new technological development brings new opportunities for crime. Car-jacking has already been identified as a risk. In July 2015 Fiat Chrysler Automobiles recalled 1.4 million US vehicles to install software after a report raised concerns about hacking. The authors of that report, IT researchers Charlie Miller and Chris Valasek, also showed that it was possible to car-jack a Jeep Cherokee by remotely taking control of the jeep’s IT systems. Even before the onset of the driverless vehicles revolution, modern vehicles are already heavily IT-dependent. Like all other forms of IT, these vehicle software systems can be hacked. Looking to the future, will there be car-jacking of important people? Will they be kidnapped off the roads, or their vehicles deliberately crashed to kill them? Or explosiveladen driverless vehicles used for terrorist attacks? To conclude, when I give talks on digital disruption (including the rise of driverless vehicles) and there are politicians in the room, the politicians tell me privately that they are worried about the issues I have raised. But they will not raise them in their own speeches because the voters are more concerned about short-term issues and the issues I deal with are years in the future. Thus, we remain an unprepared society unwilling to think about the unthinkable.

"...gradually car owners will opt for driverless vehicles. Humandriven cars will not suddenly disappear; there will be some years notice of the new era emerging."

Australian Security Magazine | 23


INTERPOL World - Policing Feature

I By Andrew Macleod

24 | Australian Security Magazine

live between, and only a kilometre or so from, the last two terrorist attacks in London. I was also in Liverpool Street station about to board a tube when the 7/7 bombings took place in 2005. On the 9th of February 1996, I was around the corner when the IRA set off their huge bomb in Canary Wharf, London. I have been less than a kilometre from four terrorist attacks in London. In Islamabad, while I worked there for the United Nations, the windows of my apartment shook when, in 2008, terrorists threw a hand-grenade into the garden of the Italian restaurant I was about to go to for dinner. I know terrorism well. I have seen its impacts and consequences. I have felt the shock waves of its bombs. I have spoken to people who have been tempted to cross into the path of terrorism (see Lessons From A Would-be Suicide Bomber, here: https://theconversation.com/lessonsfrom-a-would-be-suicide-bomber-on-how-to-defeatterrorism-52540). I know terrorism better than most, but not as well as some. I have written and spoken before on terrorism and counter-terrorism for some time. I have a view on how we defeat this menace, but it will not be easy.

My main arguments run this way: We need to embrace an alliance with 'moderate' and 'normal' people of Islamic faith and understand that they are our most powerful ally to counter extremism. However, at times 'we' often undermine the moderate and normal people of Islamic faith, when our community choses incendiary and inflammatory discourse in place of an embracing language. I call this part 'getting the 'us' vs 'them' concentric circles right and spoke on ABC’s Q and A on this following the Paris attacks. Following Q and A the Islamic Council of Victoria asked me to speak on concrete steps to defeat terrorism, where I listed three steps to defeat terror. These three steps are concurrent and sometimes in conflict, requiring a fine balance. The three steps are: 1. Make life worth living for the people who may be tempted to 'take a short-cut to god'. This is hard and takes a long-term focus on economic growth, inclusiveness and extremely careful public dialogue. 2. Counter the extremists' messages that say 'killing people provides a short-cut to heaven'. This has a strong education and theological side that really can only be done by other people of deep religious faith.


INTERPOL World - Policing Feature

3. Have a strong security apparatus to respond to people who still decide they want to kill people in a mistaken belief that they will gain a 'short-cut to heaven'. Point one and point three are often in conflict with the language of security and the language of inclusiveness often coming into conflict. However, allow me to say a couple of words about point three, security, following the latest attack on London Bridge. Firstly, Britain has an incredibly well trained, well organised and incredibly effective response. Police officers were on the ground within two minutes. For this they must be congratulated. Secondly, Britain was on high alert after Manchester, with urgent reviews and focus on searching for potential new terror attacks over the past couple of weeks. Thirdly, last night's attack was planned, involved multiple perpetrators and would have taken some time to organise. Fourthly, either the perpetrators had incredible communications discipline to make them effectively undetectable, or, there was a failing in intelligence gathering. Both options are frightening. Intelligence failings will, without doubt, be examined in detail. The challenge highlights how hard the third step (security) in counter terrorism is to achieve. It is well known

in intelligence circles that the Security forces need to be lucky all the time. The terrorists only need to be lucky once. The third step, security, happens only after people have decided they will or have launched an attack. Security is our 'last line' of defence. Often though we talk of security as if it were to be our ‘first line’ of defence. The first line of defence is not stopping people who are attacking. The first line of defence is stopping people wanting to attack in the first place. That is step one and step two of my three step process – education and inclusiveness. While I recognise that steps one and two are hard, offer no easy headline nor a politician’s photo opportunity, these first two steps are vital. The great risk I see it is, in our community, when an attack happens, we focus on step three - security, our last line of defence, at the cost of our first line of defence. When an attack happens, our community is tempted to forget steps one and two; the need to reach out, economically empower and educate vulnerable people with inclusive language. In the light of the latest attacks, while we can and must examine security, let's not forget steps one and two. Let's not forget who is the 'us' and who is the 'them' as we try and defeat terror. But above all, lets not succumb to fear. >>

Australian Security Magazine | 25


INTERPOL World - Policing Feature

During the Westminster attack I sat in my apartment 300 meters away as the scene unfolded, knowing that I was about to walk across that very bridge myself. Was I 'lucky' not to have been there 60 seconds earlier? Many people have said that I am lucky that I have not been injured in a terrorist attack, particularly living in London where the latest crazy, evil murderer took innocent lives, presumably following a distorted ideology. But luck should not be cited for those who just missed the tragedy and nor should the terrorists be allowed to succeed by us succumbing to fear. The sirens blared, the people rushed. The emergency services did an exceptional job as their heroism and training dictates. Social media sparked up and Facebook asked people to mark themselves as ‘safe’ – which I did. Many people responded saying ‘glad you are ok, ‘hope all is well’ and all those kind notes that remind one that friends exist. The most common response I received was ‘you are lucky you weren’t there’. During the Westminster attack I sat in my apartment 300 meters away as the scene unfolded, knowing that I was about to walk across that very bridge myself. Was I 'lucky' not to have been there 60 seconds earlier? I am not ‘lucky’ I wasn’t there. Yes, I live 300 meters from where people tragically died and yes, I cross that bridge on foot at least twice a day. Yes, I was just about to leave my apartment and cross that very bridge and missed being there by a handful of seconds. But, and I hate to get finicky, I cross the bridge using the eastern footpath which is the shortest route from my apartment to Westminster tube station. For every 100 times I cross that bridge 99 of them I would be on the eastern side. The murderer killed people on the western footpath. Even if I had left my apartment earlier, even if I had have been on the bridge as I often am, even then I would not have been on the fatal side. Should I let the terrorists win by now being fearful? I can not let these murders scare me because even though I live right there, which so few people do, even though I use that bridge every day, and even though I was about to set foot across that very bridge and the chance on any given day that I would be on the bridge at that exact 60 seconds, is around one in 1,440 - the number of minutes in a day. Given that 99 out of a hundred times I cross that bridge the odds escalate to one in 144,000. How can I possibly succumb to fear and let the terrorists win, when the odds of me being caught, even with such proximity, are so small? How can we let terrorists achieve their objectives by being terrorised, even if the odds of them ‘getting us’ is so small?

26 | Australian Security Magazine

I recognise that none of this helps the families of the dead or those who still lie in hospital from their injuries. Little of this will console the people who will be traumatised by what they have seen. But as a community we need to be strong when we are confronted with such evil. We need to reject the evil and reject both fear and hatred. One thing did frighten me the day of the incident. I still had to go to my meeting I was about to join. I took a longer route to get to where I was going. Most people in London continued as normal, even with the helicopters overhead and the sirens screaming their warnings. Most people showed that terrorism will not win. But some succumbed. As I walked down Regency Street toward my meeting, a large thug with a Union Jack bandana cowardly covering his face hurled abuse at any ‘Muslim looking’ people. And this did scare me. This is what the terrorists want. The terrorists want thugs like that to divide our society. But we must not allow this fear the terrorists want us to feel grow into division. We must unite in our grief for the victims and unite to defeat the terrorists by doing as the Prime Minister here in the UK has suggested. We must continue as normal, must not succumb to fear and must not allow the thugs to do the work of the terrorists. About the Author Professor Andrew MacLeod is Non-Executive Chairman of British based Griffin Law, Non-Executive Director at New York based Cornerstone Capital, and a Visiting Professor at Kings College London amongst other activities. MacLeod is a recognised global leader, negotiator and communicator in the business, diplomatic and humanitarian field. He has a track record of leading organisations through challenge, crisis and change. Professor MacLeod is additionally part of the Chatham House/ICRC Expert Panel on Humanitarian Negotiations with Non-State Armed Groups, an Affiliate Senior Associate to the Center for Strategic International Studies in Washington DC, served on the Advisory Boards of the World Economic Forum’s Future of Civil Society Project Advisory Board, Kings College Humanitarian Futures Project and the UN Expert Group on Responsible Business and Investment in High-Risk Areas. Andrew has received the Humanitarian Overseas Service Medal by Australia for work in the Balkans and was awarded a second time for work in Rwanda. He received the Australian Defence Medal for service as an officer in the Australian Infantry. He was awarded the Silver Medal for Humanity from the Montenegrin Red Cross and was recognised by the Australian Government for his work in East Timor. MacLeod was awarded as a Vice Chancellor’s Distinguished Fellow at Deakin University in 2016, the 2014 University of Tasmania Foundation distinguished Graduate Award, the 2013 Young Britons Foundation Global Leadership for Freedom Award and the 2008 Australian Davos Connection Leadership Award, amongst others.


EVERYTHING CYBERSECURITY. ALL IN ONE PLACE. RSA Conference 2017 Asia Pacific & Japan is the only event you need to stay at the forefront of global and regional issues. Learn from the best and brightest minds in expert-led sessions covering all aspects of cybersecurity. Experience visionary keynotes and discover where the industry is headed. Fine tune your skills in immersive tutorials. And demo the most advanced products and solutions. Register now for the chance to save! Be one of the first 50 registrants to use discount code 5A7MYSECFCD and you’ll save S$100 off a Full Conference Pass. Go to www.rsaconference.com/ACSM and register today!

Follow us on: #RSAC Stay up to date on the latest news, special offers and updates about our worldwide events. Sign up at https://go.rsaconference.com/emailsignup Australian Security Magazine | 27


Cyber Security

Will Bluetooth 5 be IoT’s saviour?

W By Morry Morgan IoT & Technology Correspondent

28 | Australian Security Magazine

e’ve had Bluetooth since the mid 1990s. The oddly-sharp ‘B’ icon on our desktop and blue light on our peripherals have seeped into our digital décor over time, but ultimately the technology has been unremarkable. It has connected our computer to our phone, and phone to our wireless speakers, but beyond home use, Bluetooth, or more specifically, Bluetooth 4, hasn’t done much more than what WiFi was already doing. The ‘Classic’ version was used in keyboards, mice and wireless speakers, and the ‘Low Energy’ version, in health care, fitness bands and beacons – but again, nothing to write home about, and in no way an enabler for the Internet of Things (IoT). Then along came Bluetooth 5. “Citius, Altius, Fortius” - Latin for "Faster, Higher, Stronger”. This is the Olympic motto, but it could also be that of Bluetooth 5, because this generation of wireless transfer is likely to change the way we live and work - faster, higher and stronger. What’s more, the biggest gains have been made in the Low Energy (LE) version, which will catapult Industrial IoT and home use. Here’s how.

FASTER Bluetooth 4, the one that is currently sitting within your PC, Mac and smartphone, is about half the speed of its successor, Bluetooth 5. This means that assuming there are no physical barriers, the Bluetooth 4 is roughly 1 Mbps. Bluetooth 5 is double that. This latest version is therefore faster to sync, while also transferring video and audio twice as fast. Better still, that speed doesn’t come at a cost. In ideal situations, Bluetooth 5 uses two and a half times lower power. Possible new use cases: Battery and/or solar charged video surveillance cameras, both for home and commercial use. HIGHER Sure Bluetooth 5 is faster, but more importantly, especially for the Internet of Things (IoT), it is by far more practical. That’s because it offers something that Bluetooth 4 doesn’t – Bluetooth Mesh. Bluetooth 4 requires a hub, to which all of the connected devices can communicate directly, like spokes in a wheel. In a


Cyber Security

data is only stored locally on the device. Possible new use cases: Parking meters lining streets in a city, stocktaking sensors in a warehouse, and long perimeter fence surveillance cameras. STRONGER With the Low Energy version of Bluetooth 4, the outdoor and indoor range was approximately 40 and 10 meters, respectively. With Bluetooth 5, that distance has been boosted to a 200 meters line of sight – or 40 meters within a building. That means Bluetooth 5 devices could replace the more power intensive WiFi devices in the home and office, and become ubiquitous in open plan factories. And then there’s the commercial utility – beacons. Beacons, an unimpressive application of Bluetooth 4, suddenly become practical in version 5. With a limit of 31 bytes, Bluetooth 4 was only ever able to transmit a Universally Unique Identifier (UUID) number, which required a mobile phone to be connected to the web to translate that UUID into an action, such as opening a website or email application. But with Bluetooth 5, over 255 bytes can be transferred directly from the Low Energy beacon to the phone, independent of an Internet connection. Payment details, GPS coordinates, department store specials, and website URLs can all be included within a single transmission, and since it’s low power, such beacons can be added into everything from parking meters and smart farming to advertising signage and warehousing. Possible new use cases: Parking meters within multilayered car parks, security on shopping trollies, SO WHAT’S THE CATCH?

wireless environment, this is a significant limitation, since the distance from the hub to Bluetooth 4 supported peripheral device, say a camera or parking meter, is the absolute limit of the connection. But with Bluetooth 5, a network mesh is possible, allowing every device to be able to transfer data from every other connected device, extending the range indefinitely. This is a game changer for Industrial IoT, and the myriad of cheap, low powered sensors that can now be added to a factory’s production line, warehouse and office. As long as one Bluetooth 5 device can connect to another Bluetooth 5 device, it is able to connect to all. All for one, and one for all, which makes for higher efficiency. And of course, this allows for IoT edge computing. Edge computing, where rudimentary processing is done by the device, rather than the server to which the data is sent, reduces the pressure on networks and associated costs with high data transfer. Surveillance cameras need only send images and video to the server once movement is detected, or certain shapes (eg. human) enter the field of view. For the 23 hours and 55 minutes of the day where there is no change, the

Since Bluetooth 5 has a longer reach, so too do malicious individuals. In many ways, Bluetooth 4’s weaknesses were also its strength in terms of innate security – limited distance and speed. Attacks utilising Bluetooth 5 can come from a much greater distance, and if the breach is successful, then data can be stolen at twice the rate. What’s more, while there is device authentication, there is still no user authentication built into the Bluetooth 5’s. That responsibility still falls on the mobile phone software and application developers. Of course, these security holes might be plugged with the release of Bluetooth 5.1 or later versions, just as 802.11 wireless Local Area Network (WLAN) evolved from Wired Equivalent Privacy (WEP). That being said, for now a properly secured phone using the latest version of Bluetooth and a user authentication-enabled app will suffice for most enterprise use cases. But, if Bluetooth 5 is to support the huge growth in IoT, further iterations focusing on security will be absolutely necessary. This is the world of Bluetooth 5. Only last year, Bluetooth was the awkward second cousin of the networked ecosystem, trailing behind WiFi, but in 2017 version 5 presents itself as the cooler, older brother that will undoubtedly catapult the IoT into our living rooms, boardrooms and factory floors. And it will do it Faster, Higher, and Stronger.

Australian Security Magazine | 29


State of Cyber Security 2017 Resources and Threats ISACA’s third annual State of Cyber Security study finds that cyber security is increasingly a business priority. Eight in 10 organizations say their executive leadership supports security, and more organizations than ever now have CISOs in charge of the information security function. Yet resources and available skills are not keeping pace with a threat landscape that is rapidly escalating in complexity and volume. More than 600 security leaders from around the world shared their insights on these and other topics in two free reports available at www.isaca.org/state-of-cyber-security-2017.

Cyber Security Resources LEADERSHIP

ORGANIZATIONS WITH A CISO

2016

15 POINTS BUDGET

50%

© 2017 ISACA. All rights reserved.

30 | Australian Security Magazine

65

%

ORGANIZATIONS INCREASING SECURITY BUDGETS

2016

11 POINTS

2017

TRAINING

61%

What organizations spend on CONTINUING EDUCATION for security professionals

25

%

LESS THAN US $1,000 per person

%

32

US $1,000$2,500 per person

%

27

US $2,500 OR MORE per person

2017

50%


STATE OF CYBER SECURITY 2017: RESOURCES AND THREATS

Cyber Security Resources (cont.) Biggest SKILLS GAP in today’s security professionals:

SKILLS

ONLY

46 52%

25%

17%

Ability to understand business

Technical skills

Communication skills

%

FEWER THAN HALF are CONFIDENT in their team’s ability to handle anything beyond simply cyber incidents

Cyber Security Threats

4

IN

59

%

5

Of enterprises are concerned with INTERNET OF THINGS IN THE WORKPLACE

Think it is likely or very likely that their enterprise will experience a cyber attack this year

53

53

%

%

OF ENTERPRISES

EXPERIENCED MORE ATTACKS this year than in the year prior

OF ENTERPRISES

Have a formal process to deal with RANSOMWARE ATTACKS

Top three perceived ATTACKER MOTIVATIONS this year:

50%

45%

37%

Financial gain

Disruption of service

Theft of personally identifiable information

SOURCE: ISACA’s State of Cyber Security 2017: Part 2: Current Trends in the Threat Landscape

www.isaca.org/state-of-cyber-security-2017 © 2017 ISACA. All rights reserved.

Australian Security Magazine | 31


Cyber Security

DDoS Activities 2017 The story so far!

By CF Chui, Solutions Architect, Arbor Networks, Hong Kong

F

or Q1 2017, DDoS activities observed on a

of DDoS attacks increase slightly in March 2017

global basis remained relatively flat, and we

for New Zealand. If we compare the number of

did not notice significant changes in terms of

Reflection/Amplification attacks seen in New

the number of events and peak attack sizes.

Zealand, we have seen a slight uptake of reflection/

While for Australia, the number of DDoS

amplification for the first three months in 2017. And

events has seen a downward trend for the

more than half of the attacks seen in New Zealand

first three months in 2017, but from a trending

are actually of the Reflection/Amplification type.

perspective, we are still seeing a trend of DDoS

Although recently, there has been a lot of

events continuously increasing. If we inspect the

discussion about IoT/Mirai DDoS attacks being on the

DDoS event types in a little bit more detail, we

rise, Reflection/Amplification DDoS attacks are still

have seen that there is a similar drop in terms of

the dominant type of DDoS attacks for the Volumetric

Reflection/Amplification attacks in general, and

type of DDoS. Whether IoT/Mirai DDoS is going to

in fact, Reflection/Amplification attacks make up

replace Reflection/Amplification DDoS attacks as the

almost a third of the total number of attacks seen

mainstream type remains to be seen? This is going

in Australia.

to be an interesting thing to monitor as we go into

On the contrary, we have seen the number

the second half of 2017.

AU 2017 Q1 DDoS attacks summary

AU 2017 Q1 DDoS attacks summary

DDoS attack peak size (Gbps)

DDoS attack average size (Mbps) 1600

1200

1469.4

1357.1

1400 1099.3

1316.8

1198.8 1000.4

1014.4

1000

160 1351.9

950.9

100 80

680.5

800 600

60

400

40

200

20

0

Apr-16

May-16

Jun-16

Jul-16

Aug-16

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

0

No of DDoS event 30000

30.0

25000

25.0

20000

20.0

15000

15.0

10000

10.0

5000

5.0

0

0.0 Apr-16

May-16

Jun-16

©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

32 | Australian Security Magazine

Jul-16

Aug-16

Sep-16 2

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

136.8

110.1

120

1009.1

972.4

129.8

140

64.9

Apr-16

71.1

May-16

71.9

61.6 48.1

47.2

Jun-16

Jul-16

36

Aug-16

41.8

40.8

Sep-16

Oct-16

Nov-16

14.3

13.6

DDoS attack peak size (Mpps)

Dec-16

Jan-17

Feb-17

Mar-17

26.9 19.9

17.5

17.6

13.1

12.2

16.3

14.3 7.7

6.4

Apr-16

May-16

Jun-16

Jul-16

©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

Aug-16

Sep-16

Oct-16 1

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17


Cyber Security

AU 2017 Q1 DDoS attacks summary

NZ 2017 Q1 DDoS attacks summary DDoS attack average size (Mbps)

DDoS attack size (bps) 3500 2%

<500Mbps

9%

500Mbps-1Gbps 1Gbps-2Gbps

DDoS attack size (pps)

13% 2Gbps-5Gbps

2%

4%

5Gbps-10Gbps <500kpps

3000

500Kpps-1Mpps

50Gbps-100Gbps 100Gbps-200Gbps

2650.9

2445.4

2451.3

2442.1

2530

2293.9

1937.2

2000

1515.7

1500 1000 500 0

20Gbps-50Gbps

17%

1Mpps-2Mpps

2777.8

2500

10Gbps-20Gbps 58%

3211.6

3184.7 2779.3

Apr-16

May-16

Jun-16

Jul-16

Aug-16

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

No of DDoS event 4000 3500 3000

2Mpps-5Mpps

2500 2000

5Mpps-10Mpps

1500 1000

10Mpps-20Mpps

500 0

Apr-16

May-16

Jun-16

Jul-16

Aug-16

Sep-16

Oct-16

93% ©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

3

©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

AU 2017 Q1 DDoS attacks summary

7

NZ 2017 Q1 DDoS attacks summary

DDoS attack duration

DDoS attack size (bps)

2%

8%

4%

15%

<30 mins

DDoS attack target port

>30mins<1h

11%

DDoS attack size (pps)

500Mbps-1Gbps 26%

>1hr<3hrs 5%

UDP/4444

5%

3%

6%

>3hrs<6hrs

<500Mbps

1Gbps-2Gbps

12%

2Gbps-5Gbps

UDP/80

2% 2% 2% 2% 2%

>6hrs<12hrs

UDP/3074

5Gbps-10Gbps

<500kpps >12hrs<1day

TCP/80

>1day

TCP/1230 MP/80

10Gbps-20Gbps

500Kpps-1Mpps

20Gbps-50Gbps

1Mpps-2Mpps

78%

50Gbps-100Gbps

2Mpps-5Mpps

UDP/53

42%

5Mpps-10Mpps

MP/4444

10Mpps-20Mpps

MP/3074 UDP/33435

77%

90%

others ©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

4

©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

AU 2017 Q1 DDoS attacks summary

8

NZ 2017 Q1 DDoS attacks summary

No of Reflection/Amplification attack

DDoS attack duration

7000

2%

6000

2%

7%

5000

<30 mins

4000

DDoS attack target port

3000 2000 1000 0

3% Apr-16

May-16

Jun-16

Jul-16

Aug-16

MSSQL

Chargen

Sep-16 DNS

Oct-16 NTP

Portmap

Nov-16 SNMP

Dec-16

Jan-17

Feb-17

Mar-17

2%

2%

SSDP

2% 2% 2%

UDP/80

MP/80

60

TCP/80

50

UDP/33435 TCP/443

20 10

MP/33435 Apr-16 ©2015

May-16 ARBOR®

Jun-16

Jul-16

Aug-16 MSSQL

CONFIDENTIAL & PROPRIETARY

Chargen

Sep-16 DNS

Oct-16 NTP 5

Portmap

Nov-16 SNMP

Dec-16

Jan-17

Feb-17

Mar-17

others

83%

SSDP

©2015

NZ 2017 Q1 DDoS attacks summary

ARBOR®

CONFIDENTIAL & PROPRIETARY

9

NZ 2017 Q1 DDoS attacks summary

DDoS attack peak size (Gbps)

No of Reflection/Amplification attack

75

80 70

1200

62.8

1000

62

60

800

50

38.7 29.4

29.5

27.1

25.8

39.7

35.9

600 35.1

400 15.9

20

200 0

10 May-16

Jun-16

Jul-16

Aug-16

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

DDoS attack peak size (Mpps) 12.00 6.66

8.00

Jun-16

Jul-16

8.11

8.20

7.74

7.90

Chargen

Sep-16 DNS

Oct-16 NTP

Portmap

Nov-16 SNMP

Dec-16

Jan-17

Feb-17

Mar-17

Jan-17

Feb-17

Mar-17

SSDP

60 50 40

7.20 4.90

3.93

Aug-16

Reflection/Amplification attack peak size (Gbps) 70

11.30

3.25

30 20

2.00 0.00

May-16

Mar-17 80

10.20

10.00

Feb-17

15.10

14.00

4.00

Apr-16

MSSQL

Apr-16

16.00

6.00

>12hrs<1day

77%

UDP/3074

40 30

0

>6hrs<12hrs

MP/3074

70

30

>3hrs<6hrs

MP/4444

80

40

>1hr<3hrs

UDP/4444

Reflection/Amplification attack peak size (Gbps)

0

>30mins<1h

11%

10 Apr-16 ©2015

ARBOR®

May-16

Jun-16

CONFIDENTIAL & PROPRIETARY

Jul-16

Aug-16

Sep-16

Oct-16 6

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

0

Apr-16

May-16

Jun-16

Jul-16

©2015 ARBOR® CONFIDENTIAL & PROPRIETARY

Aug-16 MSSQL

Chargen

Sep-16 DNS

Oct-16 NTP 10

Portmap

Nov-16 SNMP

Dec-16 SSDP

Australian Security Magazine | 33


Cyber Security

Next generation security intelligence operations Interview with Vasant Kumar: Future learning opportunities on safeguarding business and industry By Chris Cubbage Executive Editor and Jane Lo Singapore Correspondent

34 | Australian Security Magazine

O

ne never stops learning. As in the past, there will remain future learning opportunities on safeguarding business and industry with next generation security intelligence operations. HPE’s ASEAN Information Security Day, held in Singapore, focused on the theme “Information Security – Investigate & Incident Response” and presented new ideas around Security Intelligence Operations, investigating and responding to incidents, and discovering the path of continued innovation. Vasant Kumar, Regional Customer Success Manager for the Asia Pacific region with HPE ArcSight, HPE Software reported “We are seeing an unprecedented growth in the volume of data that is being created, generated and adopted each day, versus, for example, 5-10 years ago when there were not that many mobile applications. The biggest disruptor is the variety and velocity of data – where billions of contents are shared on social media and movies are watched online, and where sensors are built into everyday consumer products.” During his presentation, titled ‘Resilience for Growth’, Vasant Kumar outlined what it means to be able to successfully and intelligently utilise and adapt this exponential growth of data. “To analyse these large data sets to detect patterns, trends and associations of malicious activities – in a shorter frame of time, and at a lower cost, means the need to build a tool to be able to store and perform contextual searches on the growing scale of data in a simple-to-use-andunderstand way. We see this simplification of process, as smart analytics, that is key to resolving and closing issues rapidly.”

The adoption of Big Data Analytics, combined with correlation analytics, is also key to defending against multistaged attacks. The data is ingested into the HPE ArcSight Data platform and event correlation and security analytics is enabled to identify and prioritise threats in real time and remediate incidents early through HPE ArcSight ESM. HPE Security’s State of Security Operations 2017 report of capabilities and maturity of cyber defense organisations highlighted some key findings, including a sharp decline in maturity for organisations that are opting out of realtime security monitoring in favour of post-event search technologies. While this is a disturbing trend, organisations that have adopted hunt team capabilities as an add-on to their existing real-time monitoring programs have seen success in rapid detection of configuration issues, previously undetected malware infections, and SWIFT attack identification. The State of Security Operations 2017 report also noted that “HPE did not observe a direct relationship between the size of the organisation and operational maturity across commercial and public sector organisations. While there are larger organisations at or near the top, an exploration of the lowest performing organisations reveals some large multinationals that have simply not prioritised security operations. The allocation of IT budget and security budget to protect revenue, privacy, critical infrastructure, market share, safety, and intellectual capital is sizable when there is much to lose. Despite access to significant resources those organisations are not more mature. Security as a competitive


Cyber Security

differentiator, market leadership, and industry alignment are better predictors of maturity. The right growth strategy for cyber security maturity How should customers establish their growth strategy, in terms of cyber maturity? What are the key focus areas and challenges? Vasant Kumar considers and outlines the HPE approach. â&#x20AC;&#x153;Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means for incident detection and response to protect organisational interests have common elements: people, processes, and technology. The HPE model, SOMM (Security operations maturity model and methodology), focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and the supporting business functions. These four pillars are equally important. Our experience with our clients revealed that, while clients focus on people, process and technology, it is critical to gain the buy-in from the business, who has an important role to play. When we deliver services, the first thing we conduct are the Business Requirements Mapping workshop with our clients. This is a series of a 5-day workshop with the key stakeholders where we establish the business issues. We do this by identifying these across products, services, and use cases, and the associated risk levels. For example, for a banking client, we map against the compliance and regulatory requirements relating to system logs, and help the client automate these reports in an auditable way. In this way, the client is able to demonstrate to the auditors that there is an established protocol in place to review logs and highlight issues. Everyone has a responsibility when it comes to security. And this includes the business, which means the need for the board to be involved in key decisions relating to security. Knowing there was a security risk and not prioritising it is no longer acceptable. Stringent regulations are being enforced in certain industries, for example in financial services. Aligning the cyber security goals against regulatory requirements will also be useful in helping to formulate growth strategy. Security Intelligence and the key sources for Security Operations Security Intelligence using analytics, such as machine learning and predictive analytics across diverse data sets, can help an organisation become proactive, rather than reactive, in managing cyber risk and mitigate threats. Vasant Kumar notes, â&#x20AC;&#x153;this allows our clients to identify threats quickly and accurately so that action can be taken before critical systems are impacted. With the ability to predict, using a data collection platform that is reliable and secure, it provides visibility and triggers for alerts generation. Data collected, normalised and enriched through this platform, include key sources such as: logs, sensors, stream

network traffic, security devices, web servers, customer applications, cloud services and others. HPE ArcSight Data Platform (ADP) 2.0 collects data from these sources and delivers an open architecture that can also send event data to third-party applications such as Hadoop, data lakes, or even proprietary in-house applications. For example, data from the end-device monitoring capability allows for identification of the specific device in issue and reduce time to make an informed decision to fix any problem quickly. In addition, normalising and categorising data immediately after it is collected, and enriched with security context enables faster correlation and threat detection. This also helps our clients to be proactive rather than reactive. Our in-house threat intelligence feeds can be plugged onto the platform. For example, our Threat Intelligence team monitors the cyber underground to understand the threat actors and the indicators of compromise; our experts in vulnerability, malware and defender research perform complex analysis of the latest malware and exploits while putting the trends into context for defenders; and we have our data scientists and security researchers utilise machine learning and predictive analytics to develop use case driven models. We also use Open Source intelligence and collaborative feeds, such as Stix, Taxii, which are integrated into the platform.â&#x20AC;? >>

HPE ARCSIGHT Evolves Beyond Traditional SIEM HPE ArcSight continues its leadership in the industry, helping clients to protect their organisation against cyber threats using a risk-based adversary-centric approach. As the landscape of threats vectors moved beyond the traditional IT environment to OT, to now IoT, HPE had recently launched a rethink of the fundamentals of ArcSight. The roadmap for HPE ArcSight will continue to help protect clients against the most aggressive threat environment in the history of IT security HPE ArcSight is a next-generation cyber defense solution with security and compliance analytics. In coming up with the roadmap, we have taken on client pain points.

Australian Security Magazine | 35


Cyber Security

The solution allows clients to easily expand the size and breadth of a deployment by delivering an open and scalable architecture. The multidimensional real-time correlation uses rule-based, statistical or algorithmic correlation, as well as other methods, to allow clients work smarter.

There are three aspects considered as key in planning the roadmap:

that enables needle-in-the-haystack queries of both active and historical data with a simple search interface. Interesting search patterns can be easily converted into real-time alerts. The investigation and forensic tools help obtain the right information at the right time. You can track situations as they develop and query both active and historical data to investigate possible threats and conduct entity profiling.

1

Data chaos into security insights with powerful querying capabilities

3. Respond to threats – all alert mechanisms, KPIs, SOC metrics, workflow in place

ADP is now architected for the breadth, depth and speed of Big Data collection that organisations demand to improve their security posture. It collects machine data in real-time from a broad range of sources (including logs, clickstreams, sensors, stream network traffic, Web servers, custom applications, hypervisors, social media, and cloud services. It enables you to search, monitor and analyse the data to detect security threats faster. The variety and velocity of data is ingested, enriched, stored and brokered with “Event Broker”. Event Broker is an Event shuffling and distribution of data that uses the Kafka open-source stream processing technology. It streams traffic meant for internal or external use; for examples whether the data is meant for correlation / analytics; or meant for long term compliance and third party repository purposes. This next generation data collection and storage engine allows you to capture data at rates of up to 400,000 events per second, and executes searches at millions of events per second.

• •

2. Address the challenges of skills and manpower • •

Make it simple to use “simpler & faster searches” ArcSight Investigate, a next generation hunt and investigate solution, features a simple search interface

Events of interest can be manually or automatically escalated to the right people in the right time frame. The robust workflow framework comes with built in case management and can integrate with existing processes and systems.

Information security – investigate & incident response Interview with Stephen Kho: The key IR skills, roles and why non-technical skills are still important. With a computer engineering system background, Stephen Kho, Managing Principal, Consulting Services for HPE Software gained his security experience in firewalls, IPD/ IDS management, and spent more than ten years building and leading pen-testing teams. “The Pen Testing team members I recruited,” Stephen notes, “included professionals from other areas such as chemists and educational specialists. The common traits amongst them, regardless of their technical expertise, was the level of inquisitiveness, motivation to learn, analytical ability and ability to think outside the box, or in other words think laterally. This is the mindset I look for.” The different roles within an Incident Response Team include Intelligence Analyst, Data Scientist, Digital Forensic

Figure 1: Data from everywhere to anywhere: Open Architecture

36 | Australian Security Magazine


Cyber Security

Investigator and that is why the skills shortage is a real challenge. While technical skills can be taught, Stephen Kho believes that attitude is key. “During the interview, I would ask technical questions, but this is only to allow me to gauge how much technical training I need to give. From an incident response perspective, having ability to think outside the box and analytical abilities are key to enable a Level 1 security analyst to progress to a Level 2 for example, where the security incident related tasks are more challenging. At the security analyst Level 2 level and above, the investigative activities can include digital forensics, network analysis and reverse engineering. Inquisitiveness and having the motivation to learn are vital traits, especially as the attack landscape is constantly evolving and the level of attack sophistication is increasing.” Uncovering cybercrime and expectations from authorities Should a cybercrime be uncovered, Authorities would want to clarify that the data handling & information dissemination steps the client has taken comply with the relevant legal requirements. This includes the policies and procedures that are in place internally. Stephen acknowledges that this encompasses many aspects. “For example, HR policy should set out code of conduct in relation to data handling policy pertaining to privacy and protection of personal and sensitive data. There should also be procedures on data breach notification and the relevant escalation triggers and procedures. This should also include disclosure and confidentiality procedures in the event of a potential cybercrime under investigation, including who is allowed access to the investigation details and progress. These policies would be aligned to the rules and regulations of the relevant jurisdictions that the client operate under. Internally, forensic handlers must understand the regulatory and legal requirements, and these vary across jurisdictions, meaning, how to handle evidence and maintain evidence for admission into the court of law. With HPE

Consulting we share with our clients, in our training sessions, the framework to ensure that adequate policies and procedures are in place to process information and data relating to cybercrime, that comply with the legislations and regulations.”

on the server had

Achieving outcomes from Incident Response

been reported,

The IR platform must have a good reporting and tracking functionality, including workflow and case management functionality. It is important to have a robust reporting tool with time stamped and staged details for events, and acknowledgement of who is looking after which case. This allows members of the team to do immediate investigations, make informed decisions and take appropriate and timely action. Team members who are responsible for responding to incidents need to be familiar with the reporting tool, as well as the policies and procedures on documented standards. This includes the minimum amount of information that needs to be captured to enable handoffs between L1 and L2 security analysts. Or between experienced and newer members of the team. “For example,” Stephen notes, “if a malware on the server had been reported, the reporting tool should highlight if it had been resolved, and if not, what is the resolution stage of the incident, and who is the case owner. It is important for the reporting tool to capture the right information, that is, relevant and timely information. Availability of actionable data is important to enable the team to understand the background of the issue, and the case status. At HPE Consulting we help our clients achieve this by a combination of initial and continuous training and teaching. We share the best practices in terms of opening and closing an incident with an adequate audit trail. We also provide training on frameworks and approaches that allow the clients to standardise the documentation in a consistent manner, in order to allow decisions and actions to be taken. Not only does this reduce the time spent on response, it also addresses the skills shortage challenge, which is one of the key areas we are focusing on in our roadmap.”

the reporting tool

"if a malware

should highlight if it had been resolved, and if not, what is the resolution stage of the incident, and who is the case owner. It is important for the reporting tool to capture the right information"

Figure 2: Hadoop Integration Architecture

Australian Security Magazine | 37


Cyber Security

Intelligent solutions and strategies at Security 2017

A

ustraliaâ&#x20AC;&#x2122;s leading business event for the security industry returns to NSW this July and the anticipation is electric. Making its debut at the new International Convention Centre Sydney in Darling Harbour, July 26-28, the Security Exhibition & Conference is the only place that a full spectrum of security professionals unites every year. This year the exhibition welcomes back leading brands FLIR, Ness Corporation and HID Global as well as old faithfuls including Dahua, Avigilon, Samsung and Inner Range so visitors can compare solutions side by side and negotiate to get the most competitive prices. Attendees also have the opportunity to get hands-on experience with ISC West award-winning products for the first time on home soil with the likes of Axis Communicationsâ&#x20AC;&#x2122; Q6155E PTZ Dome launching in Australia at the Security Exhibition. Following feedback from the industry, the ASIAL Conference format has been refreshed so delegates can receive valuable industry updates all in the first day of the program. The second and third day can be tailored with several in-depth Executive Briefings focusing on specific issues to help tackle operational security challenges including IP migration, secure building design and risk management. This is the only annual opportunity to keep up to date with the security landscape with an educational program carefully curated by the industryâ&#x20AC;&#x2122;s lead association. Accommodating for the entire security supply chain, the Security Exhibition & Conference brings together manufacturers, distributors, installers, integrators, consultants and end users to not only learn and connect but to create unexpected business opportunities. Find out more and register at securityexpo.com.au. Enter promo code ASM.

38 | Australian Security Magazine


Cyber Security

Protecting the data centre from cyberattacks

H By Jack Pouchet Vice President Market Development, Vertiv

ardly a week goes by without widespread coverage of a new threat, attack or breach of a large organisation that affects thousands of stakeholders reliant on it. The WannaCry ransomware attack is still fresh on our minds and the scope of its damage is still being realised. Cybersecurity is far more than ones and zeros – we’re all part of the ‘cybersecurity defence system’, not just information security consultants and IT departments. How Australia is faring Australian organisations are no exception when it comes to cyberattacks – CERT Australia, the main point of contact for cyber security issues affecting major Australian businesses, responded to almost 15,000 incidents in fiscal year 20152016. This number only reflects the number of reported incidents. With cybercrime on the rise and mandatory breach disclosure on its way within the next year, we could see this number rise sharply. So who is being targeted? Unsurprisingly, high-yield targets such as Energy and Banking come out on top. Of the incidents responded to by CERT Australia in that timeframe, more than one third were directed at Energy and Banking. It’s important to recognise that random or targeted attacks on one specific organisation have a knock-on effect to consumers and other sectors and organisations. This effect is increasing as we create more IT-related interdependency – the growth of IT services, cashless transactions, and the overall journey towards IoT means cyberattacks will have an increasingly heavy and more widespread impact. Targeting the data centre Most people associate cyberattacks with software – attacks coming through malware, emails, etc. However, in this connected world the data centre itself is by its very nature the main point of connection between an organisation and its third-party suppliers, and indeed the outside world. It is a high-risk area, make no mistake. Data centre outages can cripple a business, particularly as reliance on IT services increases. Cybercrime is the second leading and fastest growing cause of data centre outages worldwide. The various nodes of access within any data centre – wire, fibre, airwaves, etc. – need to be protected from intrusion as skilled actors can use them to access the data centre, and all the valuable data it stores. Fibre, network and communication nodes are generally considered the most likely targets, especially for the infamous DDoS attack, the kind that took down more than a dozen

prominent websites last year, including Twitter, Spotify, Netflix and Amazon. How to protect your data centre Businesses now want a clear understanding of existing cybersecurity provisions and situational awareness. This means a comprehensive plan addressing every aspect including firewalls, threat detection, anti-virus management, tools, patches and software revision control. On the data centre side, it means specific actions such as mandatory data centre infrastructure management (DCIM) deployments to assess unused or underused assets within a data centre – idle servers are prime targets for Trojan Horse attacks, IT compartmentalisation, improved infrastructure resiliency and more. While there is no clear, universally agreed-upon strategy or footprint to protect the data centre, there are plenty of actions you can take to keep it safe. 1. Establish a perimeter, likely the data centre itself but possibly including rooms around it 2. Build an inventory of all IT, network, storage and IP assets, as well as anything connected either directly or remotely 3. Remove unused assets 4. Identify all data centre users – assign unique access and usage policies 5. Change the passwords at least every 90 days 6. Create a mandatory admin policy that begins with changing all Original Equipment Manufacturer (OEM) default settings before starting a network connection. Other steps you can take are attending a local data centre users’ group meeting or conference, where you can speak to or hear from a local expert on what the current threats are and how to mitigate them. You could also hire a white knight to provide the brutal truth on any weaknesses in your data centre. Global standards may be on the horizon too – The European Union’s General Data Protection Regulation, adopted in May 2016 and expected to come into effect by May 2018, will hopefully include detailed recommendations for data centre cybersecurity that can be applied globally. It’s not worth neglecting – putting the investment in now to secure your data centre will be far less costly, both in financial terms and customer and reputational damage, than dealing with the fallout from a successful cyberattack.

Australian Security Magazine | 39


Cyber Security

Identity is the key to cyber security

A By Niall King Senior Director APAC Sales Centrify Corporation

ccess is the greatest opportunity and the greatest threat for businesses engaging with the online economy, as senior executives and boards in Australia and globally are learning. Increasingly, our business systems gather, digest and disperse data throughout our operations, including confidential details about customers, employees and business partners. Mature cyber security processes are vital to protect this confidential information from attack by hackers when we live in an Age of Access when employees can view enterprise data from a browser or smartphone. Public exposure of data breaches can expose businesses to punishing and potentially lethal brand damage - a matter that is increasingly of concern to boards and senior executives as Australia implements mandatory data breach notification within the next 12 months. Data breaches are becoming bigger and more common Even a cursory review of 2016 cyber security breaches including the Yahoo! billion-user revelations, the DNC hack during the US presidential election and the $81 million malware attack against a Bangladeshi bank - reveal their unprecedented size and impact. If you get the impression that things are getting worse, that’s because they are. A recent cyber security report by Telstra reports that cyber crime in Australia doubled during 2016, fuelled by the emergence of the Internet of Things and virtual cloud environments. The report states that 59 per cent of organisations in Australia detected a business-interrupting security breach at least once a month during 2016 - more than twice as often as in 2015. The Telstra report concludes by observing that more organisations are being successfully targeted by cyber security attacks than ever before. “Cyber security is everyone’s responsibility and it needs to be built into the DNA of the organisation,” the report recommends. “How well organisations respond to this challenge may well be an indicator of how successful they will be in the future.”

40 | Australian Security Magazine

Industry research shows that most data breaches arise from a single point of vulnerability - compromised credentials. “As always, compromised credentials, whether they were obtained through phishing, spyware or brute-force methods, played a major role in many data breaches,” stated Verizon in a 2014 report . Cloud applications make enterprises more vulnerable Centrify increasingly hears from customers in Australia and globally that the plethora of cloud-based applications within the enterprise is making them more vulnerable than ever before. For example, if an employee uses 10 cloud applications, that person has 10 usernames and passwords to manage. For an individual, managing that many online identities is a challenge. Scaling that scenario to hundreds or thousands of employees within an organisation and the IT department faces a herculean task to ensure that passwords are securely set and secured. When an employee leaves the organisation, someone in the IT department must ensure that these cloud credentials are either rescinded or reallocated to another employee. The lack of a quick and easy deprovisioning process for cloud applications - many of which may contain confidential customer or commercial data - is a gaping hole in the security posture of affected organisations, especially those that lack rigorous password hygiene. Centrify’s core discipline of identity management solves that problem through an integrated system that manages identities and secures access across computer networks and cloud environments. As well as strengthening their security posture, many customers discover that Centrify delivers a prompt payback by improving business efficiency with the faster ‘onboarding’ of new employees. Centrify is unique in the security space because it’s the only product that actually does save you money in terms of staff time, simpler usability and more efficient business processes.


Cyber Security

Lax Privileged access creates a security hole Another major cyber security vulnerability within organisations is lax privilege identity management - dubbed PIM in security jargon - which describes the monitoring and protection of ‘super-user’ accounts within an organisation's IT environment. While few bosses would throw their employee the keys to a roadtrain to pick up a carton of milk from the corner store, this is essentially what occurs each day in businesses worldwide as employees are given access to privileged computer accounts that massively exceed the needs of their jobs. The result is often devastating in terms of corporate security with many major data breaches traced to weak passwords that have provided access to such over-privileged accounts. Oversight and active management of these accounts is essential so that the greater access abilities of super-user accounts are not misused, abused or illegally accessed. The solution is well-known: Applying Least Privilege Access management, as implemented in products such the Centrify Server Suite. Least Privilege Access is a core security principle that effectively limits an individual’s access to the systems, applications and data that they need do their job. For example, as I work in Sales, there is no need for me to access Centrify’s Payroll system, beyond employee self-service functions. Implementing Least Privilege Access as part of a security infrastructure ensures you can only access those resources and systems you need to do your job. Who’s watching the watchers? Where privileged access is a particular risk is in super-user or root admin - accounts that are used or shared by IT system administrators, both internally and increasingly outsourced. Whether they administer Windows, Linux or UNIX systems, IT administrators are required to deal with many technology problems each day, which is why they often grant themselves user accounts with extensive access privileges. While this has the benefit of convenience for the administrator, it creates a huge security risk for the organisation in which they work. Hackers need to find only one flaw - a password shared between a hacked social media account and privileged sysadmin account - and the keys to the kingdom are lost. When combined with the use of outsourced technology services, the result can be disastrous for an organisation’s security and reputation. Securing privileged access in today’s hybrid enterprise is essential to achieve a mature risk posture. According to The Forrester Wave™: Privileged Identity Management, Q3 2016 report, 80 per cent of breaches leverage privileged credentials to gain access to the organisation. One clear example is Edward Snowden who in 2013 used privileged access, along with relatively simple techniques and easily accessible tools, to copy 1.7 million National Security Agency (NSA) files, revealing the existence of numerous global surveillance programs. Reports claimed that Snowden, while working as a technology contractor for the NSA in Hawaii, was granted

administrative access to files because his duties included backing up computer systems and moving information to local servers. This gave Snowden significant access to data on shared network systems for which he had administrative rights. The answer is Least Privilege Access Applying the principle of Least Privilege Access could have prevented this occurring. Least Privilege Access, which is readily available in products such as the Centrify Server Suite, enables you to centrally create and consistently apply granular, role-based privileges across Windows, Linux and UNIX systems. Earlier this year, Forrester Research released a Centrifysponsored study which concluded that the 83 per cent of organisations with an immature approach to Identity and Access Management (IAM) - this means they lack Least Privilege Access - suffer twice as many data breaches and also incur US$5 million more in costs than organisations with a more mature IAM posture. So Least Privilege is not just a nice-to-have security feature: It is the foundation stone for a mature security infrastructure and, if you don’t have it, it’s costing you money. How to solve the problem of passwords In the world where identity protection is essential for cyber security, passwords are the problem - not the solution. The good news is that you don’t need to spend more on firewalls, anti-virus or endpoint protection when you operate in the cloud. What you do need is identity management. As users and devices move outside the firewall beyond IT control, identity needs to become the new security perimeter. Customers are choosing Centrify for our ability to protect identity while taking away the pain of password management through the Single Sign-On capabilities of our Centrify Identity Service. Rather than depending on employees or IT staff to maintain the integrity of access to diverse online systems, Centrify Identity Service improves end-user productivity and secures access to cloud, mobile and on-premises apps via Single Sign-on, user provisioning and Multi-Factor Authentication. The truth is that cyber security has long ceased to be a purely IT matter. Because of the massive brand damage that a publicised data breach can cause, senior executives and boards are starting to recognise that cyber security is a vital ingredient in the viability and value of their organisations. So, as organisations seek to protect their brands while increasingly exploiting business opportunities in the online economy, Centrify equips them to minimise cyber security threats in the Age of Access. About the Author Niall King has held the role of Senior Director APAC Sales for Centrify Corporation since 2014, leading the company’s sales force for the region. Fluent in Japanese, Mr. King’s role is split between Centrify’s Silicon Valley head office and Japan, along with regular visits to Australia.

Australian Security Magazine | 41


Cyber Security

Cyber security’s balancing act between availability and protection

E By Jonathan Lewit Chair of ONVIF Communication Committee

42 | Australian Security Magazine

nergy security, access to the electrical grid and police and fire safety are just a handful of the networked services that we take for granted and rely upon on a daily basis. Every second of every day, sensors are digitizing the real world, creating information and transporting it across multiple networks and interfaces to a broadening audience. While there is obvious utility being gleaned from this process, from our vantage point here in the physical security space, information sharing and transmission raises issues we have to consider: what happens to this information inside those organizations, and what risks are presented by increasing the communication in and out of these organizations, in the name of utility? In a world where convenience and anytime availability can make or break a business, information availability and always-on connectivity are here to stay. Much as the Industrial Revolution brought key innovations and new challenges, this new Information Revolution is shaking up the accepted paradigms. The explosion of demand for mobile access to information and increased opportunities for interconnectivity are a fact of life, both at home and for business. We can use security information to answer questions such as: How efficient are your delivery routes? What cameras saw the guy with the red shirt? Is that the UPS delivery man at the door? But interconnectivity and high data availability also represent high risk for organizations that are concerned about threats to their information security. A hunger for more information upon which to base decisions and actions is driving the proliferation of big data, video analytics, cloud storage and Internet of Things deployments, while ratcheting up our risk profiles and the potential for cyber-attack. ONVIF’s mission is to establish a common communication interface for all security devices and clients, across security disciplines, systems and vendors. While ONVIF does not set security policy, what many people don’t realize is that industry proven cyber security measures can be included in the common interface established by ONVIF. Among these are Certificate Based Client Authentication, Keystores and TLS Servers. There are also best practices that can be encouraged, such as forcing a default password change or out of the box hardening. ONVIF and other standards groups can help ensure and deploy real-time security by including these established cyber security measures in their Profiles and standards. The establishment of a common interface by ONVIF and other standards organizations helps to bring awareness about the capabilities of standards in this area and enables manufacturing companies to invest once in this approach rather than continually developing proprietary products

and unique interfaces to integrate with other devices. Safe/ smart city deployments and Internet of Things systems are helping to accelerate acceptance of interoperability over proprietary systems. In fact, it’s estimated that as many as 50 billion IoT devices will be connected to a network over the next three years, all requiring some measure of interoperability. If you’re concerned about the security of information, that number can seem alarmingly high. The good news is that IoT security budgets are also expected to increase substantially over the next three years. And there some changes that we, as an industry, can proactively make in the meantime. Remember that a single device or product alone cannot be cyber secure if it’s connected to an unsecured network or to a network with other vulnerable devices. People, products and processes – these three elements together can provide security, but if you don’t have sound cyber security practices in place for all three, you won’t have complete security. Manufacturers of physical security products can use encryption technology to help harden IoT devices. They can ship products with default settings that require end users to change the default password on install and that also require password changes periodically. It’s also worth exploring whether some settings on devices should be locked down to protect our customers, for example making encryption part of the factory settings, increasing the likelihood that encryption is left enabled on the device. End users and system integrators also have some responsibility to bear. Approximately 95 percent of the security breaches that occur today are due to some sort of simple password error or lack of organizational policies with respect to password management. It takes only a matter of seconds to very quickly choose a simple, easy to remember password. However, relying on the most convenient solution – often the default password - can most definitely increase the potential for compromised access to our most private information. As is the case with many things, a balancing act is required when it comes to information availability and securing access to that information. Each end user and system integrator has to find the right balance between availability of data and protection of that data, taking cost into consideration as well. Strong user authentication, event monitoring, activity logging, encryption of data and other controls that are built into our IT networks go a long way in increasing cyber security. Using standards like those offered by ONVIF may actually be the key to having the best of both worlds: the ability to share information with other devices using standardized, encrypted communications.


Available online!

10110

55003/

Print

Y’S NTR

AND

ENT

RNM

OVE

GG

DIN

LEA

ATE

POR

E

ZIN

AGA

YM

URIT

SEC

|

ed PP2

Approv

See our website for details ma

lian

sec

urity

U

CO

15

|

.a www

ustr

alia

Post

000032

nal natio ar, in Inter ASIS nual Sem, USA An aheim An

d PP1

Approve

ine.

com

.au

te A Sta ISAC , Perth e rinngferenc e e in o l eng attCacks Socia

nsec

uritym

agaz

16

ep 20

Aug/S

E

RNM

OVE

GG

DIN

LEA

.au

ov 20

27

Print

s utive ch E u AZIN exec MAG ITY Why to be m CUR d E SE e e n hier ORAT ORP C c ND mu NT A THE

om

Oct/N

rity in Secu ment, rn Gove anberra C

of cult The ware the a

’S TRY

ne.c

URE

FEAT RISIS t LS C men SKIL le an e hum ation e h T form in in ction prote

THE

gazi

S P UP w.a WRA ww al ENT ation e, L EV N IA A C AIS nferenc e SPE Co ourn Melb ra ust

R CO

Post

N COU

ess a busin -high y strakliing ill Au Ta curity sk w How up? se keep

ption dece s of Sign $8.95

INC.

ren n child s satio cting bullie adicali art III R s – P ria Prote cyber y s m S e fro Proc is over lys para The Time Tech

US

GST

PL

Time Tech

erl Cyb

1 YEAR SUBSCRIPTION

city Safe The need for ity Its and roperabil inte

reat ted a er Th Insid be elimintive Can a proac with oach appr

TO THE AUSTRALIAN SECURITY MAGAZINE

Get each print issue per year for only $88.00

US

PL

A, k Q& , Quicrity and . Time u Tech ber Sec h more.. Cy muc

$8.95

INC.

GST

SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, (1 year). ☐

AUSTRALIA

A$

88.00

(inc GST)

1 YEAR

INTERNATIONAL

A$

158.00

(inc GST)

1 YEAR

Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag)

No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.

Go to

www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)

PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155

FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059

Email subscriptions@mysecurity.com.au

GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056

Australian Security Magazine | 43


Cyber Security

We infected ourselves with ransomware: Here’s what we learned

R By Robert Gibbons CTO, Datto

44 | Australian Security Magazine

ecent ransomware outbreaks have brought to light the different avenues of exploitation available to hackers. In many cases, malware is spread via phishing campaigns where victims are tricked into opening a malicious file using social engineering. Phony email messages might appear to come from a friend, colleague or trusted institution, or may use scare tactics to coerce victims into clicking a link or downloading a file. More recently, strains of ransomware, such as WannaCry, have targeted known vulnerabilities in outdated operating systems, banking on the fact that a large enough sample of the population haven’t recently updated their computers. Whatever the delivery method, the biggest impact of a ransomware attack is business-threatening downtime. Once malware is executed, it encrypts files and demands a ransom to unlock them. Individuals and businesses are then stuck between a rock and a hard place: they either refuse to pay and accept the risk of extended business downtime, or they pay the ransom (usually in the region of a few hundred dollars) in the hope of getting their data back. However, there’s no ‘honour among thieves.’ A recent Telstra report found nearly one in three organisations that paid a ransom never recovered their files. Given the general lack of time and resources to devote to cyber security, plus a higher tendency to pay a ransom to recover their data, ransomware has become a major threat to

small and medium-sized businesses. We recently conducted a survey of one hundred IT service providers in Australia, New Zealand, Singapore, Malaysia and Philippines, representing thousands of small businesses about the current state of ransomware. Eighty-five per cent of the MSPs surveyed reported that their customers had experienced a ransomware attack in the past 12 months. That number is only going to rise. Given that reports of ransomware attacks are significantly increasing, Datto has been conducting tests over recent months to better understand the threats posed to SMBs, and the best ways to combat the eventualities of an attack. We recognised that backup presents an opportunity for early detection, because each backup can be compared against previous backups to detect unusual changes. Thus, we designed a testing process to efficiently detect ransomware in backup data sets. This involved infecting ourselves with ransomware… a lot. To work out what to look for, we first ensured we had healthy backups of the servers. Then we started to compare the differences between healthy and encrypted backups and came up with three tests to detect ransomware. After two months in a highly segregated network in our offices with a number of variants, we found that most versions of ransomware work remarkably similar. Not all ransomware is created equal, but there are a number of key identifiers to look out for.


Cyber Security

"A proper ransomware protection strategy also requires employee education and a policy of regularly updating and patching applications to minimise vulnerabilities. Together with endpoint security, these measures go some way to avoiding attacks to begin with. "

The first test, file upheaval, looks for whether files have been changed between backups. When ransomware encrypts data it more often than not would change a file from a .doc to a .doc.WCRY or other odd file extensions. We found that about 80 per cent of the ransomware variants we tested changed file names when encrypting files. The second type of test, known as entropy testing, seeks to find out how dense, and therefore random, a concatenation of files are. This test questions whether the randomness of files is different than would be expected. We looked at various entropy measures, including the arithmetic mean, Chisquared test, Monte Carlo Pi and serial correlation. While it’s important to keep in mind user-encrypted files can display ransomware-level entropy, most users won’t encrypt every file on their machine. Therefore, high levels of entropy in backup data can be a reliable indicator of the presence of ransomware. The final test is data comparison. We attempted to find any files that have a different Master File Table date compared to their last modify time, and then ran another entropy test on the concatenated version of those files. If there’s a high enough randomisation, then it’s highly likely that the production machine has ransomware. Based on the information gathered during the months of ransomware testing, we developed a new ransomware detection capability. We have since found 0.285 percent of machines protected by Datto have triggered an infection

alert. This equates to roughly 2,100 businesses over the course of six months. That’s just a sample of the entire threat of ransomware, and it is difficult to say how large the infection rate is worldwide. The most important lesson we learned from infecting ourselves with ransomware is that early detection matters. Early detection allows IT staff to: diagnose the extent of damage; contain and minimise infection; identify the last ‘good’ backup quickly; and update production machines to restore known good versions of compromised files. The other lesson we confirmed is the necessity of a ransomware protection, detection and response strategy. According to the ACSC 2016 Cyber Security Survey released in April 2017, only 71 per cent of businesses reported having a cyber security incident response plan in place beyond standard endpoint security. While firewalls and antivirus software are essential security tools, many types of malware still penetrate these frontline safety nets. A proper ransomware protection strategy also requires employee education and a policy of regularly updating and patching applications to minimise vulnerabilities. Together with endpoint security, these measures go some way to avoiding attacks to begin with. Finally, backup is critical for business continuity, as a means of recovering files and avoiding downtime, in the event your ransomware protection strategy fails. Backups are a crucial part of a business security protection plan. It’s imperative that more and more organisations look at how they can use backups to identify and combat ransomware. The recent WannaCry attacks highlighted just how easy it is for ransomware to cause havoc on a global scale. More than 10,000 organisations across 150 countries were affected. Hospitals in the United Kingdom were forced to postpone non-urgent procedures and people were asked not to visit Accident & Emergency. Ransomware is reaching epidemic proportions, and the rate of attacks of WannaCry’s scale is only going to increase. As an industry, we need to be smart and continue to look at new ways to both identify and fight against ransomware. About the Author Robert Gibbons is Chief Technology Officer of Datto, which provides data backup and disaster recovery solutions to a rapidly expanding market of more than 5,000 managed service providers worldwide.

Australian Security Magazine | 45


Cyber Security

Network vulnerabilities - Get your priorities straight

D By Chris Gibbs, Managing Director of Australia and New Zealand at BMC software

e-prioritising tasks which aren’t urgent makes a lot of sense as an efficient way of working; and in most areas of life too, particularly as 21st century decision fatigue and stress threaten to overwhelm many of us. Where this doesn’t amount to an effective strategy is in managing IT and network security. In this environment, pushing non-urgent tasks to the wayside can actually land a business in a lot of hot water. According to the recent Verizon 2016 Breach Investigations Report, the top ten security vulnerabilities accounted for 85 percent of successful exploit traffic. The remaining 15 percent was attributed to more than 900 common vulnerabilities and exposures (CVEs). This demonstrates that by following a priority- only strategy, staying focused on the top 10 vulnerabilities only without effectively detecting all of the CVE risks to your network, you can leave your systems and data critically exposed. The irony is, the vast majority of these CVEs can easily be resolved by a simple patch or through basic coding best practices –assuming you have identified the risk, of course. Broadly speaking, the industry is beginning to recognise the threats at hand and take the steps to protect themselves, although not as quickly as they should. In a recent Forbes Insights and BMC security survey, 60 percent of C-level respondents globally, said that expanded vulnerability discovery and remediation was a primary initiative in 2016, while only 30 percent were prioritising the allocation of more resources to defending against zero-day exploits. To break the high-priority habit, here are the top four best practices for ensuring a comprehensive vulnerability management program: 1. Scan early and scan often: If your vulnerability scan data is not comprehensive and up-to-date, any attempts to protect the network are likely to be doomed. You won’t be able to accurately identify the real threats to your network or prioritise their remediation. For applications that your organisation is developing, be sure to scan as early as possible in the Software Development Lifecycle (SDLC) in order to increase overall security while also reducing remediation costs. 2. Make sure data is consumable and actionable Presenting a laundry list of vulnerabilities to a stakeholder almost guarantees vulnerability management failure. It’s nearly impossible to use such a document to accurately assess risks and coordinate with the operations team to remediate those high-risk vulnerabilities. Essentially, this is like having hundreds of “urgent” emails to

46 | Australian Security Magazine

address by end of day – we are left with the issue of how to figure out what is actually crucial, versus what can wait. How can enterprises decide what vulnerabilities to prioritise when they all pose a risk to the organisation? To mitigate this, vulnerability scan outputs need to be in a form that is easily consumed by both the security and operations teams. It must include details such as the severity level and age of the vulnerability, and the information also needs to be actionable. This requires creating a fast, automated (and thereby repeatable) process connecting a high-risk vulnerability to its remediation. 2. Develop context Context is key when it comes to understanding the nature of a problem and making the most effective response. Once we know the number of vulnerabilities, the severity level and age of a vulnerability, responding effectively still requires answers to additional questions like: Which assets might be affected? Where are they on my network? Is a patch available? If so, when can it be deployed? If not, can the risk be mitigated through the real-time protection offered by a firewall or intrusion prevention system? Only by knowing the context can you ensure you will make the right response decision. 3. Increase your “vulnerability intelligence” As you improve your ability to develop context and respond to vulnerabilities based on actionable data, your overall level of “vulnerability intelligence” goes up, enabling you to make even better security decisions. It also allows you to continuously adapt your vulnerability management approach as threats evolve in order to accelerate the discovery-to-remediation timeline and reduce overall risk. As vulnerabilities continue to increase, and as attackers continue their two-pronged approach of looking for low hanging fruit through CVEs even as they evolve their strategies, it is critical to have a sound vulnerability management strategy based on comprehensive, up-to-date scan data and the ability to quickly and easily see the threat context. This is the only way you can avoid the “priority trap” and be sure you are making the right decisions in mitigating both the most common current threats and the CVEs that can lead to a significant security incident. By taking on board these four best practices, you’ll be able to more successfully navigate the increasingly dense, diverse and dangerous world of cyber security threats. It’s just a matter of reconsidering where your priorities lie.


TechTime - latest news and products

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au

Latest News and Products

The Jetson’s cyber concerns – Future smart cities cybersecurity checklist To help guide the development of smart cities, Trend Micro has developed a quick ten step cybersecurity checklist as a gut check when implanting new, smart technologies.

As cities continue to grow smarter, they will also become easier to hack. With millions (if not billions) of dollars going into research for urban domains and the Internet of Things (IoT), there will be more opportunities to utilise technology to define, access and improve smart city services and infrastructure. In these smart cities, information security plays a huge role in protecting the highest levels of confidentiality, availability and integrity for city resources and utilities.

Trend Micro has released a research paper Securing Smart Cities: Moving Toward Utopia with Security in Mind which surveys some of the existing smart technologies currently used in smart cities worldwide. Much like our previous reports on exposed smart devices and the hacking of robots in smart factories, this paper will discuss the risks of using smart technologies in critical sectors and will provide actionable steps to help local governments and urban developers design more secure smart cities.

1 Perform quality inspection and penetration testing 2 Prioritize security in SLAs for all vendors and service providers 3 Establish a municipal CERT or CSIRT 4 Ensure the consistency and security of software updates 5 Plan around the life cycle of smart infrastructures 6 Process data with privacy in mind 7 Encrypt, authenticate and regulate public communication channels 8 Always have a manual override ready 9 Design a fault-tolerant system 10 Ensure the continuity of basic services Cities will continue to grow smarter over time. Whether these cities are built from the ground up, or built around and over established metropolises, it is always important to balance functionality with security. Cities are created by the people, and for the people. So, it’s only right to protect them.

Using your gait to power and secure devices Researchers from CSIRO’s Data61 have developed new technology which uses the way a person walks, their gait, to power wearable devices and also possibly used as a new authentication method, which could replace passwords, pins or fingerprints. Rather than looking at an individual’s unique movements as a form of authentication, researchers at CSIRO’s Data61 have developed a prototype wearable device to capture how an individual’s unique energy generation pattern can be used as a form of authentication.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Small sensors called accelerometers can currently be used to capture an individual’s gait in terms of motion and velocity. However, this reduces the battery life of wearable devices and has prevented gait authentication from becoming more widely adopted. Researchers from CSIRO’s Data61 have overcome this by combining gait recognition with a technique called kinetic energy harvesting (KEH), which translates a person’s motion into electrical energy and improves battery life. “By applying both techniques we have developed a way to achieve two goals at once

– powering devices and the ability to verify a person’s identity using a wearable device by capturing the energy generated from the way they walk,” Researcher at Data61 Sara Khalifa said. To test how secure KEH gait authentication is, the researchers conducted a trial on 20 users. Data was collected from each user using two different settings from various environments. Users walked in several environments including indoor on carpet and outdoor on grass and asphalt terrains to capture the natural gait changes over time and surfaces. The trial showed that KEH-Gait can achieve

Australian Security Magazine | 47


TechTime - latest news and products

an authentication accuracy of 95 per cent and reduce energy consumption by 78 per cent, compared to conventional accelerometer-based authentication techniques. The KEH-Gait system was also tested against ‘attackers’ who attempted to imitate an individual’s motions. The analysis found only 13 out of 100 imposter trials were wrongfully accepted by the system as genuine trials. Group Leader of the Networks Research Group at Data61 Professor Dali Kafaar said there were benefits to the KEH-Gait approach compared to passwords, pins, signatures and finger prints. “Firstly, it is convenient because as we walk around each day our gait can be sampled continuously and verified without us having to manually adjust anything,” Professor Kafaar said. “Secondly, it’s more secure than passwords because the way we walk is difficult to mimic. Since the KEH-gait keeps authenticating the user continuously, it collects a significant amount of information about our movements,

making it difficult to imitate or hack unlike guessing passwords or pin codes.” Wearable technology presents an opportunity to explore new authentication methods based on our movements. “With many of us already tracking our health using wearable devices there is a great opportunity to explore new authentication methods based on our movements,” Professor Kafaar said. The market wearable devices is booming. According to a recent report, about 55 per cent of Australians own one and the global market for personable wearable devices is expected to reach US$150-billion by 2026. Alongside KEH-Gait sampling, CSIRO’s Data61’s privacy and authentication research team is exploring other more secure and implicit continuous authentication techniques such as unique breathing patterns and distinctive behavioural biometrics from the way users innately interact with their devices.

Senstar announces extended range detection for FiberPatrol-PR Senstar has announced that FiberPatrol-PR, its fiber optic fence-mounted sensor for perimeter applications, now provides up to 50 km (31 mi) of protection per processor, more than doubling the system’s previous detection range capability of 24 km (14.9 mi). The intrusion locating accuracy of the system has also improved to within 4 m (13 ft) from the previous 8 m (26 ft). “This is the second time in just over a year we have implemented extended range capabilities for FiberPatrol-PR,” said Product Manager Stewart Dewar. “By enhancing the system, we are able to provide customers greater protection and more accurate locating with less infrastructure. This results in more economical deployments for long perimeter sites, including borders.” FiberPatrol-PR uses proven fiber optic technology to detect and locate intrusions. The system has a reduced nuisance alarm rate because it can differentiate between disturbances caused by real intrusions and environmental disturbances such as wind and rain. FiberPatrol-PR can detect and accurately locate intrusions even when there are multiple simultaneous intrusions or in the presence of spatially-distributed environmental noise that would mask the detection capability of other long-range fiber optic sensors. As well, the

48 | Australian Security Magazine

system’s resilient design allows detection to continue right up to the point of a cut in the sensor cable. The system can also be deployed in a cut-immune configuration. FiberPatrol-PR requires no powered or conductive items in the field, making the sensor completely immune to EMI and lightning and intrinsically safe in the presence of explosive atmospheres.

About Senstar Corporation Senstar has been manufacturing, selling and supporting the world’s largest portfolio of perimeter intrusion detection sensor technologies for 35 years. Senstar is also a leading provider of personal duress solutions. Senstar products can be found around the world in more than 80 countries, in tens of thousands of sites including borders, ports, military and government, oil and gas, correctional, and other critical sites.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media


TechTime - latest news and products

New Australian public safety initiative “The Melbourne Shield” launches today BlackBerry Ltd and Briggs Communications, a leading Australian crisis management specialist, have joined together to launch a pilot program called ‘The Melbourne Shield’. The secure, networked communications platform is being offered to help key organisations quickly connect with each other in the case of an incident, obtain and share factual information and help maintain business continuity. The new initiative, combining Brigg’s crisis management expertise with industry-leading crisis communication software, BlackBerry AtHoc, invites any major organisation in Melbourne with a duty of care for people to join the pilot program. The aim of the Melbourne Shield is to create a secured, connected community in both the private and public sector that can effectively communicate with other businesses, departments or personnel in real-time, should an incident take place. BlackBerry AtHoc is being offered as a shared solution between Melbourne Shield members, establishing a critical incident communication network which can connect places of mass gatherings such as stadiums, malls and convention centres, as well as infrastructure such as hotels, hospitals, schools, universities and businesses. Ly Tran, Senior Vice-President at Blackberry AtHoc says, “Melbourne is a well-known cultural and sporting destination that hosts millions of people for its major events. Any city is vulnerable and in times of crisis, organisations need a way to get the right messages to their people. Whether it’s a fire alarm, a natural disaster or a terrorist incident, BlackBerry AtHoc offers a mass incident alerting and

communication platform that can connect the city’s large public venues, businesses, emergency services and others, delivering trusted information to enable a coordinated response and informed safety-critical decisions.” BlackBerry AtHoc is a trusted, secure and networked communications platform that helps businesses and governments protect the people they care about. Whether they are around the block or around the world, the solution gives any company or department the ability to communicate with their people through numerous devices and create permission-based networks to establish interoperable communication with other stakeholders in their community. Allan Briggs, Managing Director at Briggs Communications says, “In the event of an incident when situations change quickly, factbased information is limited. The Melbourne Shield sets out to help organisations share good intelligence among trusted individuals to enable better decisions. The platform is especially ideal for linking security and facilities managers responsible for critical decision-making. If they are located close to an incident or emergency, the members can share information between entities via BlackBerry AtHoc enabling interoperable, transparent incident management.” During the pilot, each member of the Melbourne Shield will be provided with access to the BlackBerry AtHoc solution. Each member of the group is carefully vetted and usually includes a key decision-maker within an organisation who is responsible for the well-being of people on

site. In the event of any threat to public safety, a security or facilities manager will have the ability to distribute secured alerts and information to other members of the Melbourne Shield within minutes. Ly Tran adds, “Thousands of organisations around the world trust Blackberry AtHoc for incident response management. Equipping Melbourne’s businesses and stadiums with the same critical communications technology as the US Departments of Homeland Security and Defense, Parliament of Canada, the UK Civil Nuclear Constabulary and institutions like Macquarie University in Sydney, can assist the city in managing potential threats or incidents. We hope this example of true collaboration in Melbourne will serve as an example for other cities around the world looking for ways to protect its people.” This announcement comes as BlackBerry announced in May that important new BlackBerry AtHoc features have become available in Australia and New Zealand to help account for people. AtHoc Account™ automates personnel accountability and crisis communication processes by providing safety and availability status updates of people before, during and after an event – ultimately providing the decision-making information leaders need for continuity of operations. For more information on BlackBerry AtHoc visit: www.athoc.com/company/about-us.html Businesses in Melbourne are being invited to attend an event to announce the initiative on June 8. For more information on The Melbourne Shield please visit: https://www. melbourneshield.com.au

Tenable delivers the first vulnerability management platform Expanded Tenable.io platform incorporates Nessus Network Monitor alongside new container and web application security products for improved discovery and vulnerability management of operational technology assets like ICS/SCADA Tenable Network Security has redefined vulnerability management for information technology (IT) security and operational technology (OT) security with the latest release of its cloud-based Tenable.io platform, delivering new and enhanced capabilities to

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

empower organisations to understand and reduce their cyber risk across the full range of traditional and modern assets. The software development life cycle (SDLC) is now measured in minutes to hours. Modern computing and software development practices are driving the adoption of a new set of dynamic IT assets, including cloud, microservices and containers, which enable DevOps teams to accelerate development velocity. Container adoption alone is the fastest growing segment of cloud enabling technologies, with the market

estimated to increase in value from US $762 million in 2016 to $2.7 billion by 2020, according to 451 Research. The rapid pace of innovation has put the DevOps team in the driver’s seat — and left security in its wake — increasing the rapidly changing attack surface. On the other end of the spectrum are OT assets, including critical infrastructure such as industrial control systems (ICS), supervisory control and data acquisition (SCADA) and connected medical devices such as MRI/CT/ ultrasound scanners. These systems were

Australian Security Magazine | 49


TechTime - latest news and products

designed for precision, reliability and longevity, not security. With the rise of the industrial internet of things (IIoT), OT environments and assets are now connected devices which create an unintended new attack vector. The need to manage vulnerabilities and incidents holistically is driving the convergence of IT security and OT security, yet legacy scanning and agent-based tools designed for the world of IT do not work in the safety-critical world of OT. ”Security teams using legacy vulnerability management tools are not equipped to handle the converging world of IT and OT because when it comes to modern assets like containers, they’re completely blind,” said Dave Cole, chief product officer, Tenable. “Massive shifts in computing coupled with today’s elastic attack surface have left enterprises struggling to gain visibility into their exposure areas. Increasing network diversity due to the rise of IoT and the convergence of IT and OT are only compounding the issue. CISOs need a complete and reliable view of the entire modern computing environment so they can take a proactive approach to managing the security challenges of today and tomorrow.” With Tenable.io, for the first time organisations have complete and centralised visibility over the full range of traditional and modern assets, from IT to OT, within a single platform. Only Tenable™ provides unified asset discovery and comprehensive vulnerability management across IT and OT. Tenable.io is integrated into the modern SDLC and DevOps processes, and offers the flexibility to use the appropriate discovery and vulnerability detection technique based on each asset’s unique requirements. With the combination of Nessus Network Monitor™ (formerly Passive Vulnerability Scanner or PVS), Nessus Scanner, Nessus

Applications

Agent, and third party data collection technologies, Tenable.io provides the industry’s greatest breadth and sophistication of asset discovery and vulnerability identification across both IT and OT assets — all within a single platform. Whether the rate of change is every four hours or four years, Tenable.io arms security teams and chief information security officers (CISOs) with the visibility required to understand cyber risk at the pace of innovation and digital transformation. New and Enhanced Capabilities of the Tenable.io Platform General Availability of Tenable.io Container Security: Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images as they are created. Through integration with the container build process, it provides vulnerability assessment, malware detection and policy enforcement prior to container deployment — enabling security teams to turn a blind spot into a strength. Nessus Network Monitor Support for OT Assets: Nessus Network Monitor passively analyses network traffic to provide continuous visibility into managed and unmanaged assets on the network, including IT and OT systems. It includes new capabilities for asset discovery and vulnerability identification on critical infrastructure and embedded systems, such as ICS and SCADA systems, which require a nonintrusive approach to vulnerability management. Nessus Network Monitor provides coverage for operational technologies in a variety of safetycritical infrastructure industries, including oil and gas, energy, utilities, public infrastructure, manufacturing, and medical/healthcare.

Vulnerability Management

Tenable.io Web Application Scanning: Tenable.io Web Application Scanning, a new product within the Tenable.io platform that safely and automatically scans web applications to accurately identify vulnerabilities, will be generally available on July 14, 2017. About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organisation. Tenable eliminates blind spots, prioritises threats, and reduces exposure and loss. With more than one million users and more than 21,000 customers worldwide, organisations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus® and leaders in continuous monitoring, by visiting tenable.com

Web Application Scanning

Integration

Container Security

API and SDK

Scanner

Agent Nessus Sensors

50 | Australian Security Magazine

Shadow Brokers, WannaCry and Intel AMT Scan Policy Templates: Tenable.io includes pre-built scan templates for identifying systems exposed to all Shadow Brokers exploits, including WannaCry, EternalRocks and any new versions of these attacks, as well as a check for the recent Intel AMT vulnerability (INTEL-SA-00075). T

TENABLE

Platform

Sensors

Supported protocols include Bacnet, CIP, DNP3, Ethernet/IP, Modbus/TCP, Siemens S7, ICCP, IEC 60870-5-104, IEEE C37.118, OpenSCADA, and more.

Network Monitor

VM Provider

App Sec Provider

CMDB Provider

Other Third-Party

Third Party Sources Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media


EDITOR'S REPORT REVIEW areas of weakness. Section 2 evaluates issues of execution, and Section 3 suggests ways to evolve the delivery and initiatives of the strategy to achieve its objectives. In addition to analyses of major themes, the report includes a table showing a detailed breakdown of progress against each initiative in the strategy’s Action Plan, and another that examines the funding provided to achieve the objectives of the strategy.”

AUSTRALIA’S CYBER SECURITY STRATEGY: EXECUTION & EVOLUTION

This is a welcome and important review to evaluate the progress being made on the Australian Government’s Cyber Security Strategy. As highlighted at the outset, the strategy launched in April 2016 broke a seven-year government silence on cyber policy issues since the launch of the 2009 Cyber Security Strategy. Since 2009, Australian governments have continued to tinker with the country’s cybersecurity arrangements but didn’t have a detailed and comprehensive plan on how to address the security and economic policy issues presented by the digital age. This is troubling in itself and epitomises the national political instability caused by the Rudd/Gillard/Rudd/ Abbott/Turnbull period. “The comparative absence of comprehensive cyber policy direction in Australia meant that the 2016 strategy had a significant void to fill. It needed to provide clarity on national cyber governance, boost confidence in cyber defences and stimulate cyber industry.” “This report provides an accessible and critical appraisal of the government’s implementation of the Cyber Security Strategy over the past 12 months. Section 1 addresses each of the strategy’s five themes, highlighting achievements and

Recommendation 1: Rapid adaptation and evolution There’s a broad agreement with the stated objectives of the strategy, but a focus on execution and adaptation is necessary, evolving as our understanding of more effective and efficient methods and initiatives by which to achieve those objectives grows. Recommendation 2: Measurable and timebound annual action plans Releasing new theme-specific action plans that provide clear timeframes and measurable milestones for activity will enable implementation and private-sector cooperation. Recommendation 3: Undertake baseline research Funding should be provided to undertake and publish targeted strategy-specific research, which will improve the government’s ability to measure strategy success while boosting Australia’s cyber research portfolio. Recommendation 4: More open communications with the private sector Measures such as quarterly threat reporting from the ACSC and regular strategy updates, potentially in the form of a newsletter, would give stakeholders confidence in the commitment to action and delivery. Recommendation 5: Define the division of leadership between sectors The strategy is a government-developed, government-owned document, but it is not solely the responsibility of government to deliver it under the partnership model. Recommendation 6: Better support for mid-tier and small to medium enterprises There’s likely to be an expectation that improved cybersecurity in the top end of town will trickle down to the mid-tier, but evolving threats and government regulation make it unrealistic to expect that this will happen in the timeframe needed. Recommendation 7: Better communications with the public in both implementation and crises Having a strong and coherent communications strategy for the Australian public is essential to the success of the strategy. Recommendation 8: Moving from public awareness to behavioural change

New methods of education and awareness raising that change behaviours positively should be developed and implemented. Recommendation 9: Broaden the conception of cyber skills shortages to include other necessary disciplines When examining skills shortages, government should look beyond the technical community. Individuals with backgrounds in law, psychology, government studies, communications and many other disciplines have an important role to play in ensuring that Australia’s future cyber workforce is equipped to deal with the full spectrum of challenges that cyberspace presents. Recommendation 10: Provide additional financial and human resources to strategy delivery roles Focus on execution and sufficient financial and human capital to manage implementation across many portfolios and private-sector partners. Consideration should be given to supplementing personnel in these roles and providing additional support to senior leadership positions or rationalising their other tasks to facilitate a focus on the achievement of better cybersecurity outcomes. Recommendation 11: The co-location model of the ACSC should be examined for use by policy agencies Elements of cyber policy responsibility are found in PM&C, the Department of Defence, DFAT, the Attorney-General’s Department, and so on. This can be challenging for those responsible for coordinating the delivery of the initiatives. While an agency along the lines of Singapore’s Cyber Security Agency may not be the most appropriate response for the Australian Government, the colocation of key personnel may help to streamline the delivery of policy initiatives and enhance engagement between policy agencies and the operational cyber areas of the government. It would also aid engagement with the private sector by providing a one-stop shop for engagement with the senior cyber officials in the Australian Government. About the Authors Zoe Hawkins Zoe is an Analyst in ASPI’s International Cyber Policy Centre, researching and writing on international and domestic cyber policy issues. Liam Nevill Liam is the Principal Analyst in ASPI’s International Cyber Policy Centre, researching and writing on international and domestic cyber policy issues.

Australian Security Magazine | 51


Australian Security Magazine, June/July 2017  

The Australian Security Magazine is the country’s leading government and corporate security magazine. It is published bi-monthly and is dist...

Read more
Read more
Similar to
Popular now
Just for you