Article in The Australian a day or two ago.....can only be good for Tesserent business with cyber security being a hot issue for business and government......
Threat of cyber terror closes in, says report
Dan Tehan, the Minister Assisting the Prime Minister on Cyber Security. Picture: Kym Smith
Terrorists could be able to break into secure Australian government networks to wreak significant disruption or destruction within three years, according to a major government report on cyber security.
The wide-ranging report identifies foreign powers as the most serious and rising threat to the security of government networks, which suffered 1095 serious cyber assaults from all sources, including foreign espionage, in the 18 months to June 30 this year.
The 2016 Threat Report — to be released today by the government’s peak cyber agency, the Australian Cyber Security Centre — highlights the growing prevalence and threat of cyber assaults across government, business and society. It warns that the danger of a single major cyber attack on the government has increased after a recent series of brazen attacks against other countries and major organisations.
The report comes as Russia and China step up their cyber assaults and espionage against the West, such as Russia’s recent hacking of the US Democratic National Committee and the World Anti-Doping Association.
“Behaviour by a number of countries is demonstrating a willingness to use disruptive and destructive cyber operations to seriously impede or embarrass organisations and governments — equating to foreign interference or coercion,” it says.
“The employment of the tactic in such a brazen manner against high-profile entities has almost certainly lowered the threshold of adversaries seeking to conduct such acts.”
The report says the cyber threat to Australia from terrorists is currently limited to the ability to hack websites, social media and personal information, but this will change as they develop more sophisticated cyber-terror capabilities.
Dan Tehan, the Minister Assisting the Prime Minister on Cyber Security, writes inThe Australian today: “(Islamic State is) using social media for propaganda and recruitment, but their skills to launch a genuine cyber attack are rudimentary. That won’t always be the case and the ACSC estimates that within three years, terrorists will have the ability to compromise a secure network with destructive effect.”
The report says “at this point in time, terrorists are more likely to embarrass governments, impose financial costs, and achieve propaganda victories by compromising and affecting poorly secured networks … It is unlikely terrorists will be able to compromise a secure network and generate significant disruptive or destructive effect for at least the next two to three years”.
Mr Tehan says: “We are ahead of the terrorists now and that is where we must remain.”
The annual threat report by ACSC is the first since the government released a new cyber strategy in April pledging a more aggressive campaign to tackle and prevent cyber assaults on government, critical infrastructure and the private sector.
The report does not detail the likely targets or the potential damage terrorists could do if they infiltrated government networks, but potential targets could include air traffic control systems, train and public transport networks, electricity stations, emergency services networks and hospital systems.
The report found Australia was the target of “persistent and sophisticated” cyber espionage from foreign powers and that threat was growing as more countries engaged in the practice.
“More and more foreign states have acquired or are in the process of acquiring cyber-espionage capabilities,” the report says. “The ACSC is aware of diverse state-based adversaries attempting cyber espionage against Australian systems to satisfy strategic, operational and commercial intelligence requirements.”
The report says the term “cyber attack” is frequently misused and should refer only to a deliberate act to destroy or degrade networks with the effect of compromising national security or economic prosperity.
Under this definition, it says Australia has not yet been subject to such an attack even though the risk has increased.
In one example of a foreign cyber assault, the report said Australian Federal Police identified that a large amount of data had been stolen from a critical infrastructure company, including information about the organisation’s physical security and layout. The offender used legitimate passwords of a staff member and contractor to reach a senior position of access inside the company’s network. The AFP identified the suspect and he was arrested by foreign police.
In another case involving ransomware, a staff member from a government organisation clicked on an Australia Post-themed email that led to thousands of files needed for legal proceedings being encrypted.
Last year, the Bureau of Meteorology was found to have been hacked by a foreign power, with an unknown quantity of documents searched and copied.
The report says the potential cyber threat to Australia’s critical infrastructure is highlighted by the cyber attack on the Ukraine power supply last year, where a cyber hacker broke into and compromised the systems supporting three power control centres, taking down 30 substations and leaving more than 225,000 Ukrainians without power for several hours.
The report expresses concern about the “pervasive” threat of cybercrime, saying the true extent of it is difficult to assess but its impact is devastating to victims. It found the private sector was a significant and growing target for cyber assaults, although the extent was often underestimated in official figures because of the reluctance of some companies to report serious incidents to government.
In the private sector, CERT Australia, the national computer emergency response team, responded to 14,804 cyber-security incidents involving Australian businesses in 2015-16, including 408 that targeted critical infrastructure of systems of national importance.
TNT Price at posting:
16.0¢ Sentiment: Buy Disclosure: Held
ark trends in shadowy hacking
