The focus on cyber security in the Department of Defence’s White Paper is a good start but retraining and upgrading skills that are in short supply at present is needed according to one security analyst.
The paper, which was released on 4 May, said that the potential impact of malicious cyber activity has grown with Defence’s increasing reliance on networked operations.
“In a future conflict or escalation to conflict, an adversary could use a cyber attack against Australia to deter, delay or prevent Australia’s response or the Australian Defence Force’s deployment of forces,” read the report.
Defence admits that there is a “significant” body of work to be done to ensure the security of defence systems against cyber attacks.
“Network and system management, along with personnel and physical security need to be strengthened as part of our response,” the white paper states.
IDC Australia senior market analyst Vern Hue said that Australia is in a unique political and technological position to become a regional player in the Asia Pacific cyber security space.
“Cyber security, being one of the key priorities outlined in the white paper, will require retraining and upgrading in skills that are sparse and unique at present,” Hue said.
According to Hue, Defence needs to train a new breed of security analysts to meet the realities of the advanced threat landscape that enterprises and government organisations are dealing with on a daily basis.
“I think there should be a closer linkage between the security vendors and the government. This allows us to pool together technology and know-how to combat threats,” he said.
In addition, Defence needs to look beyond relationship building with the US and expand co-operation with other countries, said Hue.
“The European Union is a good place to start as there has been a great level of investment and attention paid by the creation of the EU Convention on Cybercrime. I also believe that there is scope and space to develop more relationship with the British and Japanese too.”
He said that the formation of these alliances will help Australia improve its intelligence capabilities, with the country is an attractive target for malicious cyber attacks.
IBRS advisor James Turner said it was interesting that the Defence Signals Directorate (DSD) was being renamed the Australian Signals Directorate (ASD).
“This is an acknowledgement of the valuable contribution that the DSD has made in the last few years with the release of its Top 35 Mitigation strategies,” he said.
Some of these strategies include the use of application whitelisting to help prevent malicious software and other unapproved programs from running, patching applications such as PDF readers, Microsoft Office, Java, Flash and Web browsers, and minimising the number of users with administrative privileges.
Turner hoped the ASD would continue to publish “world class resources.”
While he supported the idea of pulling all of Australia’s cyber security resources under one roof with the Australia Cyber Security Centre, Turner voiced concerns about the leadership being layered too far down in the public sector bureaucracy.
“This person should be reporting straight to the Prime Minister. Australia needs to be both agile and committed to a strong cyber capability, and the role needs to be seen to have the direct backing of the PM,” he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.