Tag Archives: cyber attacks in australia

Cyber Threats Not Stopping Any Time Soon it is said

hooded hacker at work on computer image www.intelagencies.com (2)

It has been an interesting couple of weeks in the realm of cyber security, particularly for government agencies.

The IRS was the target of an attack and the Office of Personnel Management (OPM) was chided by politicians for what they called “gross negligence” in an attack last year that was only recently revealed.  The OPM is accused of failing to adhere to even basic cyber security practices as hackers linked to China stole a bevy of private information about federal employees.  It is being called one of the worst government data breaches in history.

See More: Dealing with Disasters at Dell: Lessons Learned and Solutions Found

Of course, the private sector has seen its share of data breaches and cyber attacks as well.  The St. Louis Cardinals are alleged to have breached the database of the Houston Astros, gaining access to scouting reports and other information regarding potential trades.  Across the globe, a Polish airline had to delay and cancel flights because their computer systems have been compromised by a hacker.

It’s yet another reminder for business continuity professionals that these attacks aren’t going away and are almost surely going to become more common, more damaging and more difficult to stop.

Part of what makes cyber attacks a challenge to deal with is the fact that they can come from anywhere.  Competitors, random attackers, even other nations are a potential threat and with different kinds of attacks with different levels of severity.  Unlike many other things that BC pros plan for, it is difficult to stay a step ahead of cyber criminals because when one kind of attack is shut down, they can switch to another.

On one hand, the looming cyber threat can be used to help garner support for a business continuity program.  It is an emerging issue in so many industries and as these data breaches continue to make the news, executives are starting to pay attention.  However, because these types of attacks are relatively new, they can force organizations to change the way they think and act.  Business Continuity professionals come from a wide range of backgrounds and not all of them have extensive computer knowledge.  Some may want to bring someone who does to their team, but how feasible is that with limited resources and budget?

The bottom line is cyber attacks and data breaches are going to continue and business continuity professionals must find new and innovative ways to combat them.  There isn’t any business or government organization that isn’t threatened by these attacks in some way.

OOO

Henry Sapiecha

ooo

Henry Sapiecha

Guarding Against a ‘Cyber 9/11’

hacker at darkened keyboard image www.intelagencies.com

ISIS and other terrorists are more technologically sophisticated than ever.

Two years ago this week, a pair of homegrown Islamic terrorists effectively shut down the city of Boston for two days following an attack with homemade explosives that killed three people during the Boston Marathon. Now imagine the potential loss of life from a terrorist assault on a major U.S. city paired with a cyberattack launched against that city’s police, fire, emergency management, communications and transportation systems.

The Internet provides an easy, low-cost and low-risk means for nonstate actors or terrorist groups to amplify the impact of any attack. But a large-scale cyberattack on critical infrastructure could prove devastating. Whether it’s called “Cyber 9/11” or “Cyber Pearl Harbor,” senior U.S. officials, including the president, have warned of the possibility of attacks launched by foreign hackers that could cripple the country by taking down the power grid, water infrastructure, transportation networks and the financial system.

Islamic State, aka ISIS, recently released a video threatening another 9/11-magnitude attack on the U.S. Clearly well-funded, ISIS has proved to be the most sophisticated terrorist group so far when it comes to utilization of digital media for recruitment and propaganda. Last week a French television network, TV5 Monde, was digitally commandeered by ISIS-inspired hackers who cut the transmission of 11 channels and took over the station’s website and social-media accounts for 24 hours.

A different type of cyberattack occurred in 2010, when Russian-affiliated hackers hit Estonia. The attack consisted partly of “ping attacks,” which overwhelmed servers. There were botnet attacks, which harnessed zombie computers from around the world to flood designated Internet addresses with useless, network-clogging data as part of a distributed denial-of-service (DDoS) attack. Hackers also infiltrated specific individual websites to delete content and post their own messages. Although relatively unsophisticated, these coordinated cyberattacks took down servers and websites related to major government and nongovernment institutions and communications networks—effectively taking the entire country offline for two weeks.

In a major U.S. city, a combined physical and cyber terrorist attack could result in hundreds wounded and killed. It could also impair first responders’ ability to get to the scene of the attack, and the ability of local government to communicate with the city’s population in a chaotic and confusing environment.

Some of these issues arose during al Qaeda’s 2005 suicide bombing attacks in London on three Underground trains and one bus. Cellular networks and radio channels used by emergency responders were severely congested due to the volume of traffic, resulting in delayed responses by medical and security personnel. Adding cyber-enhanced terrorism to the equation could exponentially increase the damage caused by a traditional terrorist attack.

In 2012 Congress took steps to address a long-standing recommendation from the 2004 9/11 Commission report, by mandating the development of a nationwide public-safety broadband network. Three years later, however, the network remains a work in progress.

The threat of cyber-enhanced terrorism must be addressed at the federal and local level. Although federal agencies, such as the National Security Agency, the Pentagon and the Department of Homeland Security, have primary responsibility for countering external cyberthreats, an attack on an American city would also require the mobilization of local law enforcement.

To prepare for the threat of cyber-enhanced terrorism, city governments must gain a more sophisticated understanding of the nature of cyberthreats and their various permutations and implications.

Metropolitan areas also should develop Computer Emergency Response Teams, which can coordinate the responses of local law enforcement and private industry with federal agencies. Intelligence collected at the national level should be shared with metropolitan governments. While federal to local intelligence sharing on counterterrorism has improved markedly in recent years, the sensitivity and difficulty of protecting sources and methods gleaned from cyber-intelligence collection has made this more complicated in the cyberthreat domain.

Perhaps most important, cities should increase their capacity to collect, monitor and analyze threat intelligence—in other words “connecting the dots”—before an attack occurs. The diversity and decentralization of the current terrorism threat, combined with the logarithmic growth in the capabilities of cyber-malefactors, makes doing so more challenging than ever.

But it is possible. For example, actionable intelligence regarding the cyberattack on Estonia—including discussions concerning preparations for the attack—was present in closed forums in the Deep Web and Dark Net in the days leading up to the attack. But that intelligence was never acted on, largely because a plan to counteract such an attack was not in place beforehand.

To successfully prevent future attacks—whether cyber-enhanced terrorism or otherwise—federal and local authorities in likely urban targets will need to increase their cyber situational awareness, preparedness and resilience. Critical to these efforts will be a commitment to the early detection and identification of warning signals from all sources, including the deepest reaches of cyberspace.

Mr. Silber is executive managing director of K2 Intelligence and former director of intelligence analysis for the New York Police Department. Mr. Garrie is the founder and editor in chief of the Journal of Law and Cyber Warfare.

ooo

Henry Sapiecha

Australia’s cyber defender clueless about origin of 40 per cent of cyber attacks

Major-General Stephen Day image www.intelagencies.com

Major-General Stephen Day is, by his own description, an “ordinary, garden-variety soldier” protecting Australia from cyber attacks. Photo: Alex Ellinghausen

Australia’s chief cyber security defender has revealed the government has no idea where about 40 per cent of cyber attacks against our country come from.

Major-General Stephen Day, head of the federal government’s new Australian Cyber Security Centre in Canberra, made the comments on Monday evening at the NSW Law Society’s Thought Leadership series.

“Where I come from, we have the nation’s most sophisticated detection capabilities and we have among the best brains at work in cyber security in our country,” he said.

“[But] about 40 per cent – there or thereabouts – of what we see we can’t attribute to anyone, whether it’s criminal, whether it’s espionage or whether it’s sabotage.

“In other words where the originator does not want to be found it can be mightily difficult to attribute these sort of actions.”

According to General Day, there were about 900 cyber-security related incidents against the Australian government and some of the country’s biggest companies last year. This did not include some of the unsuccessful attempts against the organisations, he said.

Asked if he would ever support companies or governments hacking back to retrieve stolen data, General Day said “in time” but it would be difficult.

“It’s called … ‘active defence’. There’s a lot of talk about it. My own view is that in time it might be something that gets done but it’s very difficult because … attribution is difficult,” he said.

“And even once you think you know who’s done it, actually getting to the source is an extraordinarily difficult and expensive thing to do.”

In an appearance at the University of Canberra earlier this year, General Day argued that his lack of a deep knowledge in cyber security was actually an advantage to the government.

“I am an ordinary, garden-variety soldier,” he said. “I have no special expertise in cyber, and …  I actually think that is an advantage,” he said.

He also argued it was a common mistake to leave cyber security in the hands of IT professionals.

“Environmental engineers maybe the people to work with us to keep the air healthy, but there’s no way we would use or leave environmental scientists to work out the future of air travel, or to design military campaigns through air,” he said.

General Day also said then that he thought the federal government was up to scratch when it came to defending against cyber attacks. The same couldn’t be said for state governments.

“We haven’t reached a critical mass of understanding in the state governments yet,” he said. “There are some who are at the very good end of the freeway and there are some at the opposite end as well.”

Henry Sapiecha