Tuesday, November 12, 2019

Digital Law on Rottnest Island

Selfie, at Rottnest Hotel
Perth in the distance, from
the front step of Rottnest Hotel
Greetings from Rottnest Island, just off the coast of Western Australia, near Perth, where I am with a couple of dozen lawyers, discussing how to digitize the law. I have been asked to talk for an hour on cyber security, which is not my specialty, and  I suspect I will not get past my third slide, without this room full of bright young things taking us off on an interesting tangent.

Some notes:

Smart contracts

“A smart contract can be defined as an event-driven computer program that executes on an electronic distributed, decentralised, shared and replicated ledger used to automate transactions. Even where a smart contract is not technically a ‘contract at law’, it may give rise to obligations and remedies that sound like a contract in law.”
From: Blockchain Challenges for Australia: An ACS Technical Whitepaper, by Nick Addison, Samuel Brooks, Katrina Donaghy, Mark Ebeling, Scott Farrell, Vincent Gramoli, Adrian Lawrence, Marc Portlock, Mick Motion-Wise, Bridie Ohlsson, Beth Patterson, Philippa Ryan, Mark Staples, Ingo Weber, and Tom Worthington, 2019, Australian Computer Society, Page 37 (emphasis added). URL http://bit.ly/acsblock

Protecting Smart Contracts

“Fuzzing is an approach to software testing where the system being tested is bombarded with test cases generated by another program. The system is then monitored for any flaws exposed by the processing of this input.”
From: Fuzzing: The State of the Art, by Richard McNally, Ken Yiu, Duncan Grove and Damien Gerhardy, Command, Control, Communications and Intelligence Division, Defence Science and Technology Organisation, DSTO–TN–1043. URL https://apps.dtic.mil/dtic/tr/fulltext/u2/a558209.pdf

The Human-Factor in Security

  • Social engineering can be used to fool staff to give access to a secure system.
  • The attacker collects information used for phishing attacks.

Fake childcare website from: Page, F., & Jean, P. (2013, April 16). Free childcare scam aimed at intelligence staff. Sydney Morning Herald. Retrieved from: http://www.smh.com.au/it-pro/security-it/free-childcare-scam-aimed-at-intelligence-staff-20130415-2hwhq.html

Asia Pacific Hypothetical

"At 02:20 Zulu, 1 April 2017, one of our maritime surveillance aircraft was reported missing. The aircraft was conducting a freedom of navigation flyover on one of the reefs, subject to claim by several nations. The last recorded radio transcript … “Mayday, Mayday, Mayday, this is Surveillance One Zero Five Charlie Delta, one zero zero kilometers South East of ... " [Transmission ends]” ...
It is proposed to target the opposing force's electronic control systems. This is expected to disable electrical systems and cause some local electrical fires. Our intelligence assets in the area will arrange for video of the damage to be posted to social media, for maximum news value. We will be working with civilian government personnel with special expertise, to prepare a human factor attack on their Internet of Things (IoT)."

From Cyberwar: Hypothetical for Teaching ICT Ethics, by Tom Worthington for the course ANU Networked Information Systems, http://www.tomw.net.au/basic_ict_professional_ethics/#ch170077


"the purpose of a cyberweapon is to attack an information system in order to perpetrate harm".

From Henschke, A. (2014). A decision-making procedure for responding to cyber-attacks. In M. Keelty, A. Henschke, N. Evans, S. Ford; A Gastineau; L. West, Cybersecurity: mapping the ethical terrain. National Security College (ANU). URL http://nsc.anu.edu.au/documents/ocassional-paper-6-cyber-ethics.pdf

“Offensive Cyber Security operations introduces and exercises a complete range of reverse engineering techniques and attack patterns. Students will also learn and exercise analysis of systems based on minimal information.”

From ANU (2019). Cyber Offensive Operations Course (COMP8502), ANU Handbook. URL https://programsandcourses.anu.edu.au/2019/course/COMP8502

Reponse to Attack

“Credential theft. … four spearphishing emails, to ANU users ...
Compromised infrastructure. The actor built a shadow ecosystem of compromised ANU machines, tools and network connections to carry out their activities undetected. Some compromised machines provide a foothold into the network. Others, like the so-called attack stations, provided the actor with a base of operations to map the network, identify targets of interest, run tools and compromise other machines
Data theft. The actor used a variety of methods to extract stolen data or credentials from the ANU network. This was either via email or through other compromised Internet-facing machines. …”

From: From Incident Report on the Breech of the Australian National University's Administrative Systems, ANU, 2 October, 2019 URL https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf

Internet of Things

“The Internet of Things is the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.”

From: From: Council begins roll out of smart city tech, City of Newcastle, 24 Apr 2018. URL https://www.newcastle.nsw.gov.au/Council/News/Latest-News/Council-begins-roll-out-of-smart-city-tech

ps: ANU to run 'cyber bootcamp' for ASEAN officials, By

Sunday, November 10, 2019

Autonomous Kei Car Highway

Nissan Dayz kei car
On Friday I attended the Spatial Futures Forum  on Intelligent Cities and Transport hosted by University of Sydney. One topic was autonomous vehicles. It was pointed out that these would not help those who do not own a car, and are outside the cities which have autonomous public transport. However, it it occurred to me that a form of miniature autonomous public/private transport system could be built for the zone just outside cities.

Nissan has announced its Dayz Wider Kei car will be equipped with semi-autonomous assistance with acceleration, steering and braking on the highway.

If such Kei Cars are used, then the width of a standard Australian traffic lane (3.5 m) could carry two lanes of oncoming traffic. Conventional vehicles, such as fire appliances, could use this road, with the oncoming traffic diverted to a passing loop (as is done with railways).

This would greatly reduce the cost of building a highway, as it would only need to be 3.5 m wide for most of its length. Where cost and space are at a premium, and conventional vehicle access is not needed, an even narrower single lane roadway could be used. This would allow bridges and elevated roadways to be quickly built from shipping container sized modules. Tunnels would only need to be about 3 m in diameter.

Monday, November 04, 2019

Information Warfare Division Video

The Information Warfare Division (IWD) of the Australian Department of Defence has a snappy new video on the "new and emerging threats in the digital world", to promote Information Warfare jobs in the Australian Defence Force. But this may make people think the threat is from little green men crawling up our data cables. ;-)