Topics: IT Services; Software; Hardware; Cybersecurity; Fed.
Improving cybersecurity capabilities across Federal Government agencies has reduced the number of cybersecurity incidents requiring a response from the Australian Signals Directorate (ASD), according to the Australian Cyber Security Centre’s (ACSC) latest Threat Report.
The 2016 Threat Report, released on Wednesday 12 October, puts the number of cybersecurity incidents on government systems that warranted response by ASD at 1,095 between 1 January 2015 and 30 June 2016, and predicts that this will continue to fall.
“As cybersecurity awareness has increased, and government organisations have improved their ability to respond to their own lower level cybersecurity incidents, the number of incidents requiring an operational response has decreased”, the report states.
Last year’s Threat Report had shown a steady increase in the number of cybersecurity incidents that ASD responded to – from 313 in 2011 to 1131 in 2014.
Despite the maturing cybersecurity capabilities of agencies, the report indicates that government networks continue to be regularly targeted, with ransomware, credential-harvesting malware and Distributed Denial of Service (DDoS) identified as the predominant threats in 2016.
One high profile incident, that was first made public during Prime Minister Malcolm Turnbull’s launch of the 2016 Cyber Security Strategy earlier this year, was a cyber intrusion on the Bureau of Meteorology that used malware to compromise its network. This has now been found to have been instigated by a foreign intelligence service.
The report also highlights the need to distinguish between the severity of cybersecurity incidents to improve understanding, using the DDoS disruption to the 2016 Census website as an example of when “the Australian Government’s definition of cyber attack can be at odds with what the information security community, the public and the media envisage cyber attacks to be.”
“In order to have a mature discussion in 2016, it is particularly important that we get the language right – calling every incident a ‘hack’ or ‘attack’ is not helpful for a proportionate understanding of the range of threats and only promotes sensationalism.”
Using the Federal Government’s definition of cyber attack – which it calls “a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity” – the report indicates that “Australia still has not been subjected to malicious cyber activity that could constitute a cyber attack...”
“... [T]he threat of a cyber attack being conducted against Australian government, infrastructure, industry or other networks has grown following a series of high-profile disruptive or destructive incidents in other countries over the last five years.”
In the private sector, the Computer Emergency Response Team Australia (CERT Australia) responded to 14,804 cybersecurity incidents between July 2015 and June 2016, with 418 of these involving systems of national interest and critical infrastructure. However, the report notes that there are many more incidents that go undetected or unreported.
“The ACSC’s visibility of cyber security incidents affecting industry and critical infrastructure networks is heavily reliant on voluntary self-reporting.”
The ACSC contains operational cybersecurity capabilities from the ASD, the Defence Intelligence Organisation, the Australian Security Intelligence Organisation, CERT Australia, the Australian Criminal Intelligence Commission, and the Australian Federal Police.
ACSC’s key responsibilities are identifying and analysing sophisticated malicious cyber activity, triaging and responding to significant cybersecurity incidents, and creating shared situational awareness of the cyber threat by developing warnings and mitigation advice.
Since the release of the Cyber Security Strategy, the Department of Defence has been busy recruiting cybersecurity specialists and procuring new capabilities for ASD, including a new Technical Support Services Panel to source ICT professional services and an IT support services partner for its Cyber Program.
Defence received the second largest portion of the $195.1 million in new funding, after the AGD, with $51.1 million allocated over four years to improve the capabilities of ASD and ACSC, including $11 million to improve the capability to identify vulnerabilities within agency systems and provide technical security advice on emerging technologies.
Australia recently improved its “cyber maturing” raking in the Australian Strategic Policy Institute’s Cyber Maturity in the Asia-Pacific Region 2016 report, citing the contributions of the Cyber Security Strategy, Defence White Paper and National Innovation and Science Agenda for improved governance on cyber matters.