New cyber security centre has job ahead of it
by Ernie Davitt, National Affairs Editor, ASM
The Government’s new multi-agency Cyber Security Operations Centre (CSOC) is now up and running, gathering intelligence and recommending ways to combat attacks on critical computer networks.
The passage through Parliament of the Telecommunications (Interception and Access) Amendment Bill 2009 earlier this year was aimed at building confidence in the online world by providing clear guidance on how computer networks could be protected from malicious attack and other illegal activities by cyber-criminals.
Labelling cyber-security as one of the Government’s top national security priorities, Defence Minister Senator John Faulkner (pictured above at the CSOC opening) has been given ministerial oversight of the new centre, located within the Defence Signals Directorate (DSD).
Because of its expertise and resources devoted to combating cyber espionage, DSD has logically had a key role for some time in advising Government departments on information security.
And recent reports indicate the new centre – which will employ around 130 experienced information technology experts, engineers and analysts drawn from the DSD, the Defence Intelligence Organisation, scientists from the Defence Science and Technology Organisation, military personnel as well as representation from the Attorney-General’s Department, ASIO and the AFP – will have its work cut out for it.
Joining the long list of cyber attacks from organised crime groups, foreign intelligence organisations and special units within China’s People’s Liberation Army, comes the latest new-age crime under which criminals and phishing gangs have been using the internet to con people, including some in Australia, out of valuable carbon trading permits.
Reports from the UK say the international carbon trading market has suffered at the hands of cyber-criminals, with some 250,000 carbon permits worth over $4.5 million stolen in one week, earlier this year.
Trading registries in a number of European Union countries were forced to close down temporarily as a result of the attacks.
Phishers are believed to have set up fake emissions registries and emailed thousands of companies across Australia, New Zealand, Norway and Germany to try to fool them into handing over the registration details needed for the fraudsters to steal their emissions permits. Enough companies did just that for the scam to be successful.
US counts cost of cyber security breaches
In the US alone, the FBI estimates cyber-security breaches are costing the national economy over $300 million a year.
The US Government is becoming increasingly concerned about the cost of cyber-attacks on the networks of its own agencies and the owners and operators of critical national infrastructure.
This was echoed in the comments of US Deputy Defense Secretary William J Lunn III, who said during a visit to Sydney earlier this year that the cyber security threat was one of the most perilous and least understood challenges facing the West.
“It is the threat that keeps me up at night,” he said. His comments were made in the same week that there was an unprecedented number of denial of service attacks on Australian government sites, including the posting of pornography on the Prime Minister’s site.
“It seems to me that what you are facing right now are ‘hacktivists’,” Lynn said.
“Foreign governments, foreign intelligence services probably have more sophisticated abilities. At the same time, you could go the other direction and (consider) terrorist groups.
“I don’t think we’ve yet seen terrorist groups affirmatively use cyber capabilities to threaten one of our countries, but I think it’s well within the realm of possibilities.”
He said the internet was a source of strength but also a source of vulnerabilities, as the military structure, financial structure, power grid and transportation structure were all dependent on the internet.
“The ability to disrupt the internet is increasingly something we need to focus on.”
Mr Lynn said US and Australian networks were under constant threat, and that networks were probed thousands of times a day.
“And we have not always been so successful in stopping intrusions or determining where they come from,” he admitted.
Disturbingly, Mr Lynn said that more than 100 foreign intelligence services were currently trying to hack into US systems.
As part of the war against cyber-criminals, Australia’s biggest banks, telecommunications companies and utilities have provided sensitive commercially-in-confidence information to Government agencies to help protect critical infrastructure against terrorism and natural disasters.
Australia is one of the few countries with a centralised national critical infrastructure protection model.
Known as the Critical Infrastructure Protection Modeling and Assessment (CIPMA) program, within the Attorney-General’s Department, it was launched in 2007 and received an additional budget allocation of $23.4 million through to 2012 in last year’s budget.
The CIPMA program is an initiative of the Trusted Information Sharing Network established to look into the inter-relationships and dependencies between critical national infrastructure systems and how problems and failures in one area of CI affect other sectors.