Australian Joint Cyber Reserve Force

Tom Worthington
on USS Blue Ridge

The Australian government is reported to be considering "Cyber commandos for defence reserve" modeled on those of the UK (Ellen Whinnett, Newscorp, 16 August 2017). The UK Joint Cyber Reserve Force. was stood up in May 2013 and I suggested Australia do some thing similar in August 2013.

These reservists would be similar to medical specialists who can apply their civilian skills in the military. This allows the military to use personnel who they could not afford to train and retain full time. It also provides a link between those running critical national infrastructure in the civilian sector and the government organizations tasked to protect it.

As I see it, members of the Cyber Reserve Force should be issued with secure communications equipment which they keep with them during their civilian job. The members would be in constant contact about threats and ready to act on them within minutes. This contrasts with a conventional reserve, where it takes days, weeks, or months for activation.

Australian Defence Force Information Warfare Division

An Information Warfare Division (IWD), has just been formed in Australian Defence Force Headquarters (July 2017). There are four branches: Information Warfare Capability, C4 and Battle Management Capability, Capability Support Directorate and the Joint Cyber Unit. The division is headed by MAJGEN Marcus Thompson as Deputy Chief Information Warfare. MAJGEN Thompson has a PhD in Cyber Security from the University of New South Wales. He is the author of "The cyber threat to Australia" . (Australian Defence Force Journal, 2012) and other papers on cyber security.

The ABC has speculated that one target for the new unit will be the Chinese South Sea Fleet, in the South China Sea.

It happens I have been teaching Australian National University IT students using a scenario about cyber-warfare over the South China Sea. In this hypothetical, students are asked to consider the use of information warfare as an alternative to conventional military action.

 As the ABC report notes, one of the problems with a cyber-warfare unit will be attracting, retaining and paying highly skilled personnel in competition with the private sector. An option I proposed in 2013 was the use of civilian computer professionals who are military reserve officers. After brief military training these personnel would return to their day jobs, but be ready to be instantly mobilized.

Australian CyberWarfare Battalion

Tom Worthington
on USS Blue Ridge

This is to propose the Australian Defence Force (ADF) raise an Australian CyberWarfare Battalion (ACWB) of 300 personnel, to protect Australia's national information infrastructure. All but a small cadre would be reserve military personnel who have full time jobs as computer security professionals.

After very basic military training, personnel would be issued with secure communications and return to their workplace. Personnel would remain in touch with each other monitoring computer security threats. In the event of a large scale attack, most of the Battalion would stay in their workplaces to protect  infrastructure,  while a small number would deploy to industry, government and military centers (including any Cyber Security Operations Centre) to coordinate operations.

Compared to an infantry battalion,  a cyberwarfare battalion would be fast to raise and inexpensive to maintain. Personnel would receive the minimum of military training, sufficient for them to be able to work alongside regular personnel in a headquarters. Use would be made of the facilities and expertise in Australia's universities, including the University of NSW Cyber Range and the Queensland University of Technology Industrial Control System Security Course.

There is provision for the ADF to work alongside the civilian administration, as described in: "Civil-Military Operations", Australian Defence Doctrine Publication (ADDP) 3.11, 1 April 2009.

Without an effective form of cyber-defence Australia could expect its government and civilian infrastructure to be crippled within a few hours of the commencement of a major on-line attack. The ADF would then be required concentrate on aid to the community, with a reduction in its capacity to undertake conventional military operations.

Current trends in Cyber Security

Greetings from the CSIRO Discovery Centre in Canberra, where Asher Jamieson from CERT Australia is speaking on current and emerging threats in the Cyber Security landscape.

Mr. Jamieson pointed out that more than half of compromised systems are not detected by the organization itself but by someone else. He also mentioned that the amount of Spam being sent has reduced in the last year, not because of measures against spammers, but because they have found more targeted messages to be more effective.  Also hackers are persistent and will continue to attack the same organization, even when countermeasures are put in place, because the risk of being caught is so low.A recent trend has been extortion, using the threat of a Denial of Service Attack (DoS).

Mr. Jamieson described "Watering Hole Attacks", where a trusted third party's website is compromised, such as a service supplier.

Mr. Jamieson  pointed out that there had been attacks on SCADA industrial control computer systems. He ended with the worrying consequences of poor security in medical devices.

The main message from tonight's talk was to install security patches on package software. That is good advice, but in my view is no substitute for an Australian cyber security strategy. The Australian government abandoned work on a cyber security white paper and no effective strategy has been put in its place. As a result Australia's national infrastructure is at risk.

Attorney General's Department is hosting Security in Government Conference in Canberra, 12 - 14 Aug, 2013. This will include a Panoply "capture the flag" cyber-security competition, where teams will compete for control of a system.

Current trends in Cyber Security

CERT Australia’s views on current and emerging threats in the Cyber Security landscape, and what ICT Professionals can do to combat them. The last 12 months have clearly shown that no company can assume that they are immune to ICT Security threats, or assume that they will not be a target. While the focus of security is usually on preventing a threat from causing damage, having effective plans to deal with the aftermath of an incident is critical to maintaining security. Topics covered will include targeted intrusions, 2nd tier targeting, industrial control systems, Distributed Denial of Service attacks (DDOS), and will include several Australian case studies.

Asher Jamieson Technical Advisor, CERT Australia Asher Jamieson has worked in ICT Security in a number of different environments and is currently working as part of the Operations team in CERT Australia. He enjoys the variety and complexity of problems that the ICT Security field offers, and doesn’t see the rate of new challenges slowing down any time soon.

ps: Due to the topic, there was a strong presence from the defence community at the meeting. One informal discussion before the meeting was about if the China Houbei-class missile boat  was based on the Australian AMD design.

CERT Australia high risk strategy

As explained by the Prime Minister in a speech at ANU, 28 May 2010, the Australian Government will now be relying on the the Attorney General's Department "Computer Emergency Response Team Australia" (CERT Australia) for cyber security information and advice, both the government agencies and the public.

The Australian Government previously helped fund the not-for-profit, non-government AusCERT based at the University of Queensland.

The ability of CERT Australia to provide authoritative advice is unproven and its ability to provide independent advice unclear. This change therefore represents a high risk strategy for protecting Australia's cyber infrastructure.

AusCERT advised that some government services, such as the National Information Technology Alert Service and National IT Incident Reporting Scheme, would be discontinued in February 29010.

However, some services funded by government agencies, such as Stay Smart Online Alert Service, funded by the Department of Broadband, Communications and the Digital Economy, would continue.

AusCERT intends to continue to offer subscription services to non-government and government organisations.

According to a media report, federal agencies using their own service will result in a loss to AusCERT of $250,000 in annual subscriptions.

However, an IT professional managing operations at a medium to large federal government agency is likely to feel it is prudent to pay for an AusCERT subscription, even though they can get free advice from the government CERT Australia. In the event of a major security breech resulting in loss of life, economic loss or sensitive information loss, the individuals involved may have to explain to a court why they failed to take sufficient steps to protect the public. That a non-expert told them they did not need independent IT security advice, even if that person is the Prime Minister, would not make a strong defence.