According to the Australian Signals Directorate, it recorded some 2168 incidents due to cyber attacks in 2013, amounting to a 72 percent increase over the previous two years increase of the base of 1259 such incidents.
The rise of cyber security threats spawned the emergence of ‘cyber labs’. These labs respond to a growing need for skilled and ethical cyber security professionals that can protect our critical defence infrastructure and economies crafting and using new tools and promoting a more ‘mature’ approach to the threats.
Accepting, if not embracing, that a penetration is inevitable is now the received wisdom. The mature goal is to anticipate, discover this compromise as soon as possible and remediate its reoccurrence. Yet, too many compromises are still discovered only by accident.
A new cadre of IT security specialists units or cyber labs that claim to offer more effective approach as part of the arsenal of a defence or large corporation.
They are hosted either as research and education institutions like UNSW’s Australian Centre for Cyber Security based at ADFA or through mainstream companies such as HP, Lockheed-Martin, Cisco and Northrop Grumman.
These “labs” rely on long-term funding, while carving out their niche in the crowded area of cyber security solutions.
Cyber laboratories and ranges
Director of the new Australian Centre for Cyber Security (ACCS) at UNSW Canberra, Jill Slay positions the ACCS as developing a critical mass in cross-disciplinary research and teaching in Cyber Security to serve the Australian Government and Defence Force.
Pride of place goes into the recent launch of a “cyber range” - a closed network, not connected to the internet that can simulate virtual machines and offer defence students ways to test for penetration threats. It can run different operational systems.
“We teach theory and can apply it on a cyber range,” she says.
Every cadet and midshipman at ADFA will have to do a course on cyber security including some 24 hours practice on the cyber range.
In the private sphere, cyber lab rumblings occurred in 2012 with Lockheed Martin’s cyber security lab NexGen Cyber Innovation & Technology Centre Australia (NCITE-AU) NCITE. Dubbed a ‘cyber fortress’ its launch in July that year formed part of a $10m commitment supporting 900 square metres of floor space to house its 200 full time staff, making Lockheed Martin sixth largest non-Government employer in the ACT.
Notionally an IT security show-case, NCITE simulates in real-time many of the issues that may hobble enterprise and defence level computer networks. As with ACCS’ cyber range, offensive and defensive control testing can be deployed on a separate network to understand what works and what may still be required to ensure a secure environment under such conditions.
In April 2012, Science Applications International Corporation (SIAC) announced a regional cyber security research and development centre in Melbourne. The R&D centre would create 50 jobs over the next three years, according to a statement by the Victorian State Government.
The jobs will be in the areas including high-end defence simulation and ‘related defence areas’. The centre will research data mining and analysis systems, such as SIAC's enterprise search tool TeraText, and its subsidiary's deep packet inspection software, CloudShield.
Others such as Cisco and Grumman Northrop opted for mergers of smaller specialised units like SourceFire and M5.
In September 2012 Northrop Grumman Corporation announced it completed acquisition of M5 Network Security Pty Ltd, a Canberra, Australia-based provider of cybersecurity and secure mobile communications products and services, and advanced analytics to Australian military and intelligence organizations. Terms of the transaction were not disclosed.
On October 7, 2013 Cisco completed its acquisition of SourceFire, a specialist investigation unit offering cyber security solutions.
Methodology
The labs usually embrace a threat-centric security model that lets their customers address attacks more broadly and have access and can respond at any time, all the time.
There is a price to be paid for these capabilities, however.
ABI Research reportedly estimated that cyber security spending for critical infrastructure – the segments of defence, energy, financial, healthcare, ICT, public security, transport, and water and waste management – hit $US46 billion ($49.8 billion) globally last year.
At the time of the merger, SourceFire alone, employed a worldwide staff of 700 with 40 in the Asia Pacific and 16 in Australia and a turnover approaching $300m per year reports Dean Frye, technical director, APAC at the Sydney office.
“We look for patterns and we are good at doing that. The cloud is giving us this ability to massively automate this task. A vast amount of the world’s traffic goes through Cisco devices. This will displace the former model of boffins in a lab trying to reverse engineer certain developments which does not scale anymore,” he said.
More recently, HP began offering managed security services from its new global security response centre in Sydney.
The centre is HP's third alongside others in the US and UK. Arthur Wong, senior vice president and general manager of Enterprise Security Services, said although the company has been providing security services to Australia and the Asia Pacific region for some time now.
“We see 23 billion security events on a monthly basis, we manage and protect more than 500,000 security devices worldwide and we secure more than 47 million user accounts. The importance of this scale is that HP can see things that individual companies can’t see,” Wong said.
Experience to date
One constraint on growth lies with a dearth of qualified staff with credentials to deal with the technological challenges and yet can engage with business clients.
“We look for someone with a good engineering mind and is creative,” SourceFire’s Frye said. “By engineering I mean as a solutions architect.”
There are not enough people in Australia with such skills or in Asia Pacific either, he reckons.
“If you are going to be a security practitioner, you need to be able to make the problem seem real and relate the problem to business functions in a non-technical way.”
Alastair Macgibbon of the Centre for Internet Safety at the University of Canberra refers to these developments somewhat disparagingly as ‘petting zoos’. “I’ve watched the big firms move into the cyber service area over the last several years usually on marching orders from the US,” he said.
“They are usually pretty disappointed when they get to Australia to sell their services. They are not getting the sums they’d hoped for.”
While the these cyber labs offer companies a new security avenue to support Defence and defence associated companies, whether they will collectively strengthen Defence remains arguable.
“They provide their own level of interface with their prime customers,” Matt Tett, managing director Enex Labs, said.
“They provide the valuation area with systems engineers and capture requirements of clients. They would act as an embedded security team when determining the kit to be used in an organisation. It’s like a portal into the organisation that is not one of their sales or marketing portals.”
But their proprietorial strengths can make sharing cyber security intelligence with other labs difficult or at least too slow to be effective.
“From a vendor perspective, it is a good thing to launch these cyber labs,” Tett said.
“But externally no one will share their IP or equipment with each other.”
Meanwhile the Government established a new organisation, the Australian Cyber Security Centre (ACSC) whose chief regards cyber security as a “team sport”.
Whether the rise of cyber labs will reduce or increase intelligence silos will be unclear for a few years yet.
