Close×

Of all the topics that ADM covers, cyber is perhaps the least well-understood domain. Cyber warfare, cyber crime, cyber threats and all the other cyber terms that come up can provide a labyrinth for the everyday person to navigate with little or no skill in the workplace or at home.

Defence companies are perhaps more aware of the threat than many others, in that they hold a vast repository of classified and sensitive information that needs to be protected both internally and externally. But this does not mean they’re the gold standard of technology and best practice.

In the Australian Strategic Policy Institute’s latest report Underground web – the cybercrime challenge, Australian Federal Police Commissioner Andrew Colvin, in the report’s introduction, explains:

“Cyber technologies create a new paradigm for the criminal – a more sophisticated method to attack the vulnerable – and a new fear for the victim. No longer is the evidence of the perpetrator visible to the victim…Modern cybercrime draws no distinction between government targets, larger corporations and individual users. Its sole purpose is to exploit vulnerabilities for gain.”

When addressing how to counter this threat Commissioner Colvin feels that law enforcement needs to be “as innovative as its adversaries. (It) must continue to adapt technologies, increase and import skills and enhance partnerships – but must do this at a faster rate than currently occurs.”

Given the rate at which Defence procurement moves, what hope is there? While my cynicism here might be well placed based on past experience, Defence is an organisation of many agencies and intelligent people trying to answer that question in a more timely way.

There is a fine distinction between cyber warfare and cyber crime. There is growing talk of cyber war, as opposed to run-of-the-mill cybercrime. There are also terms that lie somewhere in the middle like cyber espionage, and cyber hacktivism - which is sort of like cyber terrorism for good guys. At the heart of the debate is an attempt to define the scope of an appropriate response to each type of threat.

The problem is that there are subtle semantic differences in the way different parties apply the terms cybercrime, cyber war, cyber espionage, cyber hacktivism, or cyber terrorism. There is no clear consensus, which complicates the process of determining what level of law enforcement or government should be engaged to address a given attack.

Our own government has not been particularly clear on the subject either as John Hilvert points out in his article on P34 this month. Laws and law enforcement agencies are behind the eight ball when it comes to legislation and technology and their application. Players that seek to harm Australian interests in this space have little respect for geographic boundaries and even less concern for the consequences of their actions I suspect.

In ADM’s upcoming Cyber Security Summit, a range of government and industry speakers will examine some of these issues and what the appropriate responses are. I must admit I tend to come away from this event somewhat paranoid at how easily a cyber attack can be carried out.

It can be as simple as digitally flicking a switch in any critical infrastructure asset (think water, gas, power etc) to render parts of the nation without that key service. Even a simple distributed denial-of-service (DDoS) can have disastrous consequences for other enabling services in the financial and government sectors. And the placement of certain malware in key national systems is also another paranoid route in my fertile imagination. The list goes on and as a humble IT user, the outcomes are anything but comforting.

There are so many facets of Australian security and general well being that we need to protect in order to maintain our current standard of living; it can be overwhelming to contemplate.

But we must. And in this case the ‘we’ is government and Defence in the main. The Australian Signals Directorate (ASD) does a fine job, as far as we know. The government does seem to be lagging behind somewhat on policy and appropriate guiding frameworks to share information between industry, defence, critical infrastructure providers and those in a place able to make decisions.

There is a fine line to walk in this space between being open and protecting one’s own interests. I suspect that interested parties will never agree upon the balance point between the two.

 

This article first appeared in Australian Defence Magazine VOL.23 No.5, May 2015

comments powered by Disqus