Kinetic IT attended the 2017 Australian Cyber Conference at Canberra’s National Convention Centre. Tony Campbell shares his reflections on the experience and the future of cyber security in Australia.
The 2017 Australian Cyber Conference
The Australian Cyber Security Centre (ASCS) annual conference was so much more than the usual conference vendor-fest. I’m filled with hope now that Australia is on a trajectory, set by the launch of Australia’s Cyber Security Strategy in April 2016, that will allow industry, start-ups and government to work together for a brighter future for cyber security in Australia.
World-class speaker line-up
What I thought was incredible about this conference was the vast array of speakers from both Australia and overseas, who openly brought their intellect, research and ideas into this semi-public forum. No other conference on the Australian circuit has such an array of talent and expertise under one roof. They are all approachable and ready to discuss what they are doing, irrespective if you are a vendor, a service provider or a consumer.
For the first time in a long time, it was so great to be at a conference that was not all about the vendors. ACSC has managed to pull off what I thought was impossible – making the conference all about the delegates, the industry, and cyber security in Australia.
Dr Deborah Frincke
Opening up, was Dr Deborah Frincke, an amazing woman who leads the Research Directorate of the National Security Agency/Central Security Service (NSA/CSS), which is claimed to be the largest in-house research organisation in the U.S. Intelligence Community. Her keynote set the tone for the rest of the conference, where she explained that the Internet (i.e. cyberspace) is now both a battlefield and playground for our children – somewhere where we live, work and play while opposing forces conduct intelligence and counterintelligence operations to prepare for conflict.
In all reality, cyberspace is these and more. It’s an extension of our lives in almost every facet. Therefore, security in cyberspace is something that affects us all and is something that we must all learn about and understand better.
RELATED CONTENT: Can Australia become cyber-smart?
Figure 1: Trends in Cyberspace (courtesy of NSA)
Legacy technology debt
Dr Frincke went on to explain that the legacy technology debt ensures that what’s previously gone wrong in cyber security will continue to go wrong long into the future. How often do we see headlines suggesting a breach occurred because the organisation had unpatched legacy Windows XP systems? Instead of ignoring the problem, hoping it goes away, she suggested that we embrace this legacy issue and better understand the consequences of managing this debt while acting to mitigate the risks of attacks against these legacy systems through better detection mechanisms (such as log collection and event correlation).
“Our goals must be mission-oriented,” she said. “We need a systemic approach that allows us to profile and understand the enemy – from the attacker’s perspective – considering their motivations and means, from espionage to crime, which will help us decide how to detect it. Cyber crime is now a social issue affecting all of us, where no person or business is safe.”
Cyber moving targets
Dr Frincke also explored some of the new approaches the NSA is taking to cyber defence, where their research is focusing on making it harder (or even too hard) to hack them as targets. They are building continually changing configurations into their infrastructure, meaning the first step of the attack is nearly impossible: profiling and reconnaissance. Imagine your adversary scanning your systems for vulnerabilities and getting a different response each time. What would they attack?
They would be wasting their time building exploits for something that doesn’t even exist, causing immense irritation. Dr Frincke’s goal is to frustrate these adversaries to the point where they give up or go and attack someone else. It sounds good, but the technologies that allow the infrastructure to morph and change are hard to manage – thus automation will be critical, and this requires a lot of research.
RELATED CONTENT: When and how to report a cyber crime in Australia
The Australian Cyber Security Growth Network
No blog post about the ACSC 2017 conference would be complete without mentioning the Australian Cyber Security Growth Network (ACSGN). Craig Davies provided an update and overview of what the ACSGN had achieved since its inception last year. The government funds it, but as he said, it’s not a government service. Its reason for existence is to support industry.
The ACSGN has a broad remit to build a successful cyber security start-up community, as you might expect. However, it’s also there to assist businesses that are scaling up their cyber security offerings to service a bigger and more complex market, as well as businesses that are overseas and want to invest in Australia.
Davies also explained that one of our greatest failings is that a few of the world’s best cyber security companies were born in Australia but have been forced to move overseas to gain funding and traction in the global market. He wants to entice these companies home and provide the platform for them to reach the global and local markets that previously only Silicon Valley could have provided. It’s ambitious, but it’s also exciting. The Australian Cyber Security Growth Network is an extraordinary contribution to cyber security in Australia, and I must applaud the government for investing in this capability.
Hopefully, now that the Digital Marketplace is up and running, we’ll see businesses of all sizes playing in the market that was once dominated by multinationals. Undoubtedly, the ACSGN will drive competitiveness beyond anything we’ve seen previously in cyber security in Australia and will allow the underdog start-up with one fantastic offering to compete for the same business opportunities that were once only open to the likes of CSC, IBM and Lockheed Martin.
RELATED CONTENT: Cyber security awareness: Treat it like OHS
Change is coming for cyber security in Australia
The 2017 ACSC conference was excellent. It’s certainly shown us that the government is serious about making Australia an economic force to be reckoned with, with cyber security as one of the pillars of our future success. There was a tremendous buzz at the conference and everyone we spoke to was enthusiastic and excited about the future of cyber security in Australia. Let’s keep the conversation flowing and the innovation bubbling, and start investing locally in Australian expertise. I’m looking forward to next year’s conference already, especially regarding the conversations around mandatory breach notification which invariably will start later this year.