Tuesday, July 02, 2013

Current trends in Cyber Security

Greetings from the CSIRO Discovery Centre in Canberra, where Asher Jamieson from CERT Australia is speaking on current and emerging threats in the Cyber Security landscape.

Mr. Jamieson pointed out that more than half of compromised systems are not detected by the organization itself but by someone else. He also mentioned that the amount of Spam being sent has reduced in the last year, not because of measures against spammers, but because they have found more targeted messages to be more effective.  Also hackers are persistent and will continue to attack the same organization, even when countermeasures are put in place, because the risk of being caught is so low.A recent trend has been extortion, using the threat of a Denial of Service Attack (DoS).

Mr. Jamieson described "Watering Hole Attacks", where a trusted third party's website is compromised, such as a service supplier.

Mr. Jamieson  pointed out that there had been attacks on SCADA industrial control computer systems. He ended with the worrying consequences of poor security in medical devices.

The main message from tonight's talk was to install security patches on package software. That is good advice, but in my view is no substitute for an Australian cyber security strategy. The Australian government abandoned work on a cyber security white paper and no effective strategy has been put in its place. As a result Australia's national infrastructure is at risk.

Attorney General's Department is hosting Security in Government Conference in Canberra, 12 - 14 Aug, 2013. This will include a Panoply "capture the flag" cyber-security competition, where teams will compete for control of a system.
Current trends in Cyber Security
CERT Australia’s views on current and emerging threats in the Cyber Security landscape, and what ICT Professionals can do to combat them. The last 12 months have clearly shown that no company can assume that they are immune to ICT Security threats, or assume that they will not be a target. While the focus of security is usually on preventing a threat from causing damage, having effective plans to deal with the aftermath of an incident is critical to maintaining security. Topics covered will include targeted intrusions, 2nd tier targeting, industrial control systems, Distributed Denial of Service attacks (DDOS), and will include several Australian case studies.

Asher Jamieson Technical Advisor, CERT Australia Asher Jamieson has worked in ICT Security in a number of different environments and is currently working as part of the Operations team in CERT Australia. He enjoys the variety and complexity of problems that the ICT Security field offers, and doesn’t see the rate of new challenges slowing down any time soon.

ps: Due to the topic, there was a strong presence from the defence community at the meeting. One informal discussion before the meeting was about if the China Houbei-class missile boat  was based on the Australian AMD design.

No comments: