The emergence of the Australian Intelligence Community

Greetings from the Australian National University in Canberra, where Dr John Blaxland is speaking on "The emergence of the Australian Intelligence Community". In this talk he is looking at the Australian Intelligence Community up to WW2. He will be covering later periods at the annual confeence of the AIPIO (Australian Institute of Professional Intelligence Officers), next week

Dr Blaxland pointed out that Australia has a divide between intelligence and police forces, unlike Canada and the USA. Much of this is familiar from history books (and the Wikipedia). One aspect I was not aware of is that University of Sydney provided code-breaking during WW2. This function was transferred to what became the Defence Signals Directorate (DSD), which has recently been renamed the Australian Signals Directorate.

One point which needs to be corrected in Dr Blaxlan's talk was when he said the Australian WW2 intelligence units were doing things "Ian Flemming could only dream of", it appears he is only familiar with Flemming as the author of James Bond books. But Flemming worked for the British Naval Intelligence during WW2.

This presentation is held in conjunction with the . Dr John Blaxland provides a century-spanning reflection on how the Australian Intelligence Community emerged and how it works. The talk covers the origins of intelligence and security in the early parts of the twentieth century and traces the rapid expansion of intelligence and security organisations during the Second World War -- all of which set the scene for the post war intelligence arrangements. Those post-war arrangements saw a number of organisations working in separate locations, answerable to different authorities and working to different priorities. It wasn’t until the momentum for reform gathered pace in the mid 1970s that they underwent a metamorphosis into what emerged as the Australian Intelligence Community. If you want to have a clear understanding of how the Australian Intelligence Community functions and how it came to be that way, this is the talk for you.

Apple iPhone and iPad Approved for Secure Government Use

The Defence Signals Directorate (DSD) have approved the use of Apple iPhones and iPads with classified Australian government information. However, this is only for the newest versions of the iOS operating system (5.1) and only at the lowest level of classification of documents (Protected). There is a DSD "Hardening Configuration Guide for iPod Touch, iPhone and iPad running iOS5.1 or Higher", 72 pages of PDF (30 March 2012) with the details.

What is in this Guide
This guide aims to assist in securing iOS 5 devices. It does not attempt to provide comprehensive information about securing computers and servers.

This guide includes the following chapters:

Chapter One Introduction to Mobile Device Security Architecture 7
Chapter Two Encryption in iOS 17
Chapter Three Security Features and Capabilities 23
Chapter Four Deploying iOS Devices 29
Chapter Five Suggested Policies 38
Chapter Six Recommended Device Profile Settings 42
Chapter Seven Mobile Device Management 52
Appendix A Security Checklist 54
Appendix B Configuration Profiles Format 58
Appendix C Sample Scripts 60
Appendix D Example Scenarios 63
Appendix E Risk Management Guide 65
Appendix F Firewall Rules 69

From: Hardening Configuration Guide for iPod Touch, iPhone and iPad running iOS5.1 or Higher, DSD, 30 March 2012

Online Social Network Analysis for Education, Marketing and Information Warfare

Professor Amr El Abbadi, from University of California, Santa Barbara talked on "Information Diffusion in Online Social Networks: From Analyzing Trends to Stopping Misinformation" at the Australian National University in Canberra, this morning. He started by discussing Everett Rogers work on Diffusion of Innovations, and Malcolm Gladwell's popular book "The Tipping Point: How Little Things Can Make a Big Difference", before new in depth analysis of how trends spread on-line. This work has very wide spread application: it could be used to design better on-line courses by understanding how information about a topic is diffused within a class, it could be applied to an on-line political campaign, it could be applied to marketing a product. More worryingly, the same techniques could be used by an oppressive regime to identify and neutralize opponents. This could also be used as a key part of information warfare, to identify an attack and counter it. Presumably the DSD Cyber Security Operations Centre (CSOC) are working on this as part of their Cyber Event Management and Reporting System , along with the Australian Secret Intelligence Service (ASIS). There is more detail in the paper "Information diffusion in social networks: observing and affecting what society cares about".

COMPUTER SCIENCE SEMINAR

DATE: 2012-03-14
TIME: 11:00:00 - 12:00:00
LOCATION: RSISE Seminar Room, ground floor, building 115, cnr. North and Daley Roads, ANU
CONTACT: lexing.xie@anu.edu.au

ABSTRACT:
Social networks provide great opportunities for social connection, learning, political and social change, as well as individual entertainment and enhancement in a wide variety of forms. Online social networks also provide unprecedented amounts of information about social interaction and provide opportunities to study social interactions on a scale and at a level of detail that has never been possible before. In this talk, we will consider ways of systematically exploring the vast space of on-line social network problems. Namely, we will consider three dimensions; understanding, managing and reporting on social networks and focus on example studies relating to these dimensions. We will focus on two applications: limiting the spread of misinformation in social networks and trend analysis. In the former problem, we study the notion of competing campaigns in a social network, and explore the spread of influence in the presence of such competing campaigns. In particular, we develop protocols whose goal is to limit the spread of misinformation by identifying a subset of individuals that need to be convinced to adopt the competing (or "good") campaign so as to minimize the number of people that adopt the "bad" campaign . The second problem is motivated by the critical role the identification of popular and important topics plays in better understanding societal concerns. We propose two novel structural trend definitions referred to as "coordinated" and "uncoordinated" trends that use friendship information to identify topics that are discussed among clustered and unconnected users respectively. Our analyses and experiments show that structural trends are significantly different from traditional trends and provide new insights into the way people share information online.

This work was done jointly with Divyakant Agrawal and Ceren Budak.
BIO:
Amr El Abbadi is currently a Professor in the Computer Science Department at the University of California, Santa Barbara. He received his B. Eng. in Computer Science from Alexandria University, Egypt, and received his Ph.D. in Computer Science from Cornell University in August 1987. Prof. El Abbadi is an ACM Fellow. He has served as a journal editor for several database journals, including, currently, The VLDB Journal. He has been Program Chair for multiple database and distributed systems conferences, most recently SIGSPATIAL GIS 2010 and ACM Symposium on Cloud Computing (SoCC) 2011. He has also served as a board member of the VLDB Endowment from 2002-2008. In 2007, Prof. El Abbadi received the UCSB Senate Outstanding Mentorship Award for his excellence in mentoring graduate students. He has published over 250 articles in databases and distributed systems.

UK Cyber Security Strategy

The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, was released 25 November 2011, along with a ministerial statement on the UK Cyber Security Strategy by Francis Maude, Minister for the Cabinet Office. The UK approach is broadly the same as Australia, with a "GCHQ Joint Cyber Unit" having a central role (equivalent to Australia's DSD Cyber Security Operations Centre). There is also £650m over four years for a new "National Cyber Security Programme" (NCSP), a "Cyber Crime Unit" in the National Crime Agency, an expanded Centre for Protection of the National Infrastructure. The "Get Safe Online" education program will continue and a voluntary code of conduct with ISPs to warn customers their computers are compromised

Increasing the Security Skills of IT Professionals

The UK government strategy includes "Encouraging a cadre of cyber security professionals". The Australian Computer Society (ACS) also recommended this to the Australian Government for their Cyber white paper, to be released in early 2012.

The ACS Submission for the Australian Cyber Policy White Paper, was prepared by the ACS Cyber task force (which I am a member of). We pointed out that the ACS Computer Professional Education Program includes Information Security as an elective. This teaches the use of international security standards and is aligned with the UK developed Skills Framework for the Information Age. The course is offered on-line worldwide and is internationally accredited, so UK IT professionals can enroll now.

Excerpts from the UK Cyber Security Strategy

Encouraging a cadre of cyber security professionals

4.22 The pace of technological change is relentless. Keeping pace will require people who have a deep understanding of cyberspace and how it is developing. But these people are currently a scarce resource across Government and in business. There are clear and authoritative voices warning that cyber security skills and expertise in the private sector will be increasingly sought after, and that business and providers of education and training need to respond. To help boost and maintain the pool of experts in the UK and encourage the development of a community of ‘ethical’ hackers in the UK who can help ensure our networks are well protected, the National Cyber Security Programme will:

• Drive up the skill levels of information assurance and cyber security professionals by establishing programmes of certified specialist training by March 2012.
• Continue to support the Cyber Security Challenge (see below) as a way of bringing new talent into the profession.
• Strengthen postgraduate education to expand the pool of experts with in-depth knowledge of cyber.
• Strengthen the UK’s academic base by developing a coherent cross-sector research agenda on cyber, building on work done by the Government Office for Science.
• Establish, with GCHQ’s help, a research institute in cyber security, with an indicative budget of £2 million over 3.5 years.
• Commissioning research clarifying the extent, pattern and nature of the demand for cyber security skills across the private sector.

...

Contents
Introduction by the Rt Hon Francis Maude MP, Minister for the Cabinet Office
Executive summary
1. Cyberspace: Driving growth and strengthening society
2. Changing threats
3. Our vision for 2015
4. Action: Meeting threats, taking opportunities
Annex A: Implementation

• Objective 1: Tackling cyber crime and making the UK one of the most secure places in the world to do business in cyberspace.
• Objective 2: Making the UK more resilient to cyber attack and better able to protect our interests in cyberspace. Cabinet Office.
• Objective 3: Helping to shape an open, vibrant and stable cyberspace which the UK public can use safely and that supports open societies.
• Objective 4: Building the UK’s cross-cutting knowledge, skills and capability to underpin all our cyber security objectives.

References

Executive summary

The internet is revolutionising our society by driving economic growth and giving people new ways to connect and co-operate with one another. Falling costs mean accessing the internet will become cheaper and easier, allowing more people in the UK and around the world to use it, ‘democratising’ the use of technology and feeding the flow of innovation and productivity. This will drive the expansion of cyberspace further and as it grows, so will the value of using it. Chapter 1 describes the background to the growth of the networked world and the immense social and economic benefits it is unlocking.

As with most change, increasing our reliance on cyberspace brings new opportunities but also new threats. While cyberspace fosters open markets and open societies, this very openness can also make us more vulnerable to those – criminals, hackers, foreign intelligence services – who want to harm us by compromising or damaging our critical data and systems. Chapter 2 describes these threats. The impacts are already being felt and will grow as our reliance on cyberspace grows.

The networks on which we now rely for our daily lives transcend organisational and national boundaries. Events in cyberspace can happen at immense speed, outstripping traditional responses (for example, the exploitation of cyberspace can mean crimes such as fraud can be committed remotely, and on an industrial scale). Although we have ways of managing risks in cyberspace, they do not match this complex and dynamic environment. So we need a new and transformative programme to improve our game domestically, as well as continuing to work with other countries on an international response.

Chapter 3 sets out where we want to end up – with the Government’s vision for UK cyber security in 2015.

Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society.

To achieve this vision by 2015 we want:

Objective 1: The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace

Objective 2: The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace

Objective 3: The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies

Objective 4: The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives

That means a UK where:

• Individuals know how to protect themselves from crime online.

• Businesses are aware of the threats they face, their own vulnerabilities and are working with Government, trade associations, and business partners to tackle them. We want to see UK companies building on our strengths to create a thriving and vibrant market in cyber security services around the world. In the current economic climate the UK needs more than ever to identify and exploit areas of international competitive strength to drive growth. We believe that being able to show the UK is a safe place to do business in cyberspace can be one such strength.

• Government has: sharpened the law enforcement response to cyber crime; helped the UK take opportunities to provide the cyber security services that will be needed across the world; encouraged business to operate securely in cyberspace; bolstered defences in our critical national infrastructure against cyber attack; strengthened our capabilities to detect and defeat attacks in cyberspace; enhanced education and skills; and established and strengthened working relationships with other countries, business and organisations around the world to help shape an open and vibrant cyberspace that supports strong societies here and across the globe.

To achieve this we have set aside £650 million of public funding for a four‐year, National Cyber Security Programme. Chapter 4 sets out what Government will do, in partnership with the private sector and other countries, to deliver the vision.

As part of this action plan Government will:

• Continue to build up in GCHQ and MOD our sovereign UK capability to detect and defeat high-end threats.

• Pursue the agenda defined at the recent London Conference on Cyberspace to establish internationally-agreed ‘rules of the road’ on the use of cyberspace.

• Work with the companies that own and manage our critical infrastructure to ensure key data and systems continue to be safe and resilient.

• Establish a new operational partnership with the private sector to share information on threats in cyberspace.

• Encourage industry-led standards and guidance that are readily used and understood, and that help companies who are good at security make that a selling point.

• Help consumers and small firms navigate the market by encouraging the development of clear indicators of good cyber security products.

• Hold a strategic summit with professional business services, including insurers, auditors, and lawyers to determine the role they might play in promoting the better management of cyber risks.

• Bring together existing specialist law enforcement capability on cyber crime into the new National Crime Agency (NCA). Encourage the use of ‘cyber-specials’ to make more use of those with specialist skills to help the police.
• Build an effective and easy-to-use single point for reporting cyber fraud and improve the police response at a local level for those who are victims of cyber crime.
• Work with other countries to make sure that we can co-operate on cross-border law enforcement and deny safe havens to cyber criminals.

• Encourage the courts in the UK to use existing powers to impose appropriate online sanctions for online offences.

• Seek agreement with Internet Service Providers (ISPs) on the support they might offer to internet users to help them identify, address, and protect themselves from malicious activity on their systems.

• Help consumers respond to the cyber threats that will be the ‘new normal’ by using social media to warn people about scams or other online threats.

• Encourage, support, and develop education at all levels, crucial key skills and R&D.

• Build a single authoritative point of advice for the public and small businesses to help them stay safe online.

• Foster a vibrant and innovative cyber security sector in the UK, including exploring new partnerships between GCHQ and business to capitalise on unique Government expertise.Because of its links to intelligence and national security, some of the activity the Government has set in train is necessarily classified. The full range of unclassified actions is set out in Annex A. ...
  

  From: UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, UK Cabinet Office, 25 November 2011

Cyber Defence Management System

The Australian Government has issued a Request for Information for a Cyber Event Management and Reporting System (DISG ITR 2010/18, 3 December 2010). The RFI was issued by the Defence Intelligence and Security Group of the Department of Defence, for the DSD Cyber Security Operations Centre (CSOC):

DESCRIPTION OF REQUIREMENT

1. The Defence Signals Directorate (DSD) is seeking expressions of interest from industry relating to commercially available software applications capable of providing a Cyber Event Management and Reporting System (CEMaRS) capability. The CEMaRS application will provide support to the DSD Cyber Security Operations Centre (CSOC) and its’ role in defending Australian Government information networks.
2. The CEMaRS application will provide the CSOC with a capability to view all reported or identified cyber events, to consolidate information relating to events, and to make informed decisions in responding to events.
3. The system must:
   1. provide a capability to view all reported or detected cyber events including the ability to:
      1. ingest identified cyber events with the ability to handle substantial data rates;
      2. support flexible data ingest allowing for the addition of new sources of information and data in a variety of formats, including the ability to modify and customise these data sources;
      3. support manual entry of events reported;
      4. ingest event and system logs provided by other sources and customer organisations;
      5. support multi-dimensional prioritisation across all events including, but not limited to, source, target and level of success; and
      6. support analysis of cyber events including viewing of all associated data to draw analytical conclusions,
   2. provide a tasking and workflow capability to consolidate event information and enable informed decisions to be made to coordinate and assist with operational responses to cyber events. This include the ability to:
      1. create new tasks relating to cyber events, assign tasks to staff or teams, and link tasks to a workflow;
      2. manage all aspects of a workflow associated with cyber event management, including for specific policy workflows; and
      3. support user access controls restricting or providing access to tasks and workflows,
   3. support context searching across tasks, workflows, all associated event data, or any other ingested data;
   4. support correlation and association between events, tasks, and existing knowledge-bases enabling staff to draw comprehensive analytical conclusions;
   5. provide the ability to store data over a significant and customisable time period allowing for historical event and task correlation;
   6. provide seamless integration between event management and associated tasking and workflows;
   7. support flexible interfaces and system customisation to support evolving business processes, integration to other systems (such as an existing knowledgebase), and the addition of new custom analytic tools;
   8. support the creation of tailored statistical report of managed events, tasks and workflows;
   9. support a scalable and extensible architecture;
   10. support user authentication to the corporate LDAP service; and
   11. support the use of commodity hardware. ...

From: Cyber Event Management and Reporting System, RFI DISG ITR 2010/18, Defence Intelligence and Security Group, Australian Department of Defence, 3 December 2010

Australia and Cyber-warfare Book on Attacks from China

The book "Australia and Cyber-warfare" is very useful for putting the new Australian Cyber Security Operations Centre (CSOC) into perspective. The section on "China’s cyber-attack capability" is relevant to Google's recent allegations of attacks from China.

There are very well formatted free web and mobile versions of the book available online, as well as a print on demand edition.

Australia and Cyber-warfare

Gary Waters, Desmond Ball and Ian Dudgeon

Canberra Papers on Strategy and Defence No. 168

ISBN 9781921313790 (Print version) $19.95 (GST inclusive)
ISBN 9781921313806 (Online)
Published July 2008

This book explores Australia’s prospective cyber-warfare requirements and challenges. It describes the current state of planning and thinking within the Australian Defence Force with respect to Network Centric Warfare, and discusses the vulnerabilities that accompany the use by Defence of the National Information Infrastructure (NII), as well as Defence’s responsibility for the protection of the NII. It notes the multitude of agencies concerned in various ways with information security, and argues that mechanisms are required to enhance coordination between them. It also argues that Australia has been laggard with respect to the development of offensive cyber-warfare plans and capabilities. Finally, it proposes the establishment of an Australian Cyber-warfare Centre responsible for the planning and conduct of both the defensive and offensive dimensions of cyber-warfare, for developing doctrine and operational concepts, and for identifying new capability requirements. It argues that the matter is urgent in order to ensure that Australia will have the necessary capabilities for conducting technically and strategically sophisticated cyber-warfare activities by the 2020s.

The Foreword has been contributed by Professor Kim C. Beazley, former Minister for Defence (1984–90), who describes it as ‘a timely book which transcends old debates on priorities for the defence of Australia or forward commitments, [and] debates about globalism and regionalism’, and as ‘an invaluable compendium’ to the current process of refining the strategic guidance for Australia’s future defence policies and capabilities. ...

Table of Contents

Abstract

Contributors

Acronyms and Abbreviations

Foreword by Professor Kim C. Beazley

Chapter 1. Introduction: Australia and Cyber-warfare

Chapter 2. The Australian Defence Force and Network Centric Warfare

Introduction

The ADF’S NCW Concept

Networks

Shared situational awareness

Self-synchronisation

Balancing risks and opportunities

The NCW Roadmap

The human dimension

Accelerating change and innovation

Defence’s Information Superiority and Support Concept

Networking issues

The ADF’s capability planning for NCW

Maritime

Land

Aerospace

ISR

Joint force

Coalition

Conclusion

Chapter 3. Information Warfare—Attack and Defence

Introduction

The value of information

Open source information

Information Warfare

How would an adversary attack us?

China’s cyber-attack capability

What should we do?

Conclusion

Chapter 4. Targeting Information Infrastructures

Introduction

The information society

Information Infrastructures: the NII, GII and DII

The National Information Infrastructure

The Global Information Infrastructure

The Defence Information Infrastructure

Information Infrastructures: Some key characteristics

Components

Connectivity

Bandwidth

Functional interdependence

Ownership and control

The Importance of Information Assurance

Targeting Information Infrastructures: who and why?

Nation-state targeting

Targeting by non-state organisations

Targeting: objectives

Targeting: capabilities required

Psychological operations

Database management

Computer Network Operations (CNO)

Other weapons and methodologies

Media

HUMINT assets

Additional capabilities

Targeting: vulnerability and accessibility

Vulnerabilities

Accessibility

Intelligence

Conclusion

Chapter 5. Protecting Information Infrastructures

Introduction

Balancing information superiority and operational vulnerability

Vulnerabilities

Balancing security and privacy in information sharing

Managing security risk

Managing privacy risk

Dangers in getting privacy wrong

Cyber-security

Critical Infrastructure Protection in Australia

Securing the Defence enterprise

Trusted information infrastructure

Addressing the national requirement

Conclusion

Chapter 6. An Australian Cyber-warfare Centre

Introduction

The relevant organisations and their coordination

Research, planning and preparation

Offensive activities

Information Warfare and the intelligence process

Command issues

A premium on ante-bellum activities

Rules of engagement, doctrine and operational concepts

Capability planning

Location of a Cyber-warfare Centre

Regional developments

Conclusion

Bibliography

Index

Cyberwar Podcast

Stilgerrian, interviewed me for a ZDNet Australia podcast on "Cyberwar: What is it good for?". This was recorded shortly before the Attorney-General released the new Australian Government Cyber Security Strategy and IBM announced a new computer security centre in Canberra.

Australian Government Cyber Security Strategy

The Federal Attorney-General, Robert McClelland has released an Australian Government Cyber Security Strategy. This is a high risk strategy as it proposes transferring the functions of the successful and experienced non-government AusCert to an inexperienced government body. A better strategy would be to resource AusCert so it can provide services to non-government bodies and work with DSD to look after government and military computer security.

The Australian Government Cyber Security Strategy has three objectives:

1. Make Australians aware of cyber risks,
2. Make businesses operate secure and resilient information and communications technologies,
3. Secure Australian Government information and make communications technologies resilient.

The seven Strategic priorities are:

1. Improve the detection, analysis, mitigation and response to sophisticated cyber threats,
2. Provide Australians with information and tools to protect themselves online,
3. Partner with business to promote security and resilience,
4. Protection of government ICT systems,
5. Promote a secure, resilient and trusted global electronic operating environment,
6. Maintain an effective legal framework and enforcement against cyber crime,
7. Promote research and development of cyber security a skills.

By early 2010 the Australian Government expects to have:

1. CERT Australia: with Attorney-General’s Department taking over AusCert's responsibilities. This will incorporate the Australian Government Computer Emergency Readiness Team,
2. Cyber Security Operations Centre (CSOC): The Defence Signals Directorate (DSD) will continue to provide civilian and military government agencies with cyber security assistance.