Australian prime minister Tony Abbott quietly announced last weekend that former GCHQ head Iain Lobban – who also works for Standard Chartered Bank – has been seconded to advise the Australian Government via the Australian Cyber Security Centre. Last week also saw a major cyber security conference in Canberra (details below). We also provide links to over a dozen Australian Signals Directorate (ASD) cyber security strategy documents, including anti-intrusion/hacking technology manuals.
(See also Edward Snowden slides on Australian Signals Directorate’s interception of mobile phone traffic in Indonesia.)
The review panel which Lobban is joining includes: the CEO of the Business Council of Australia, Ms Jennifer Westacott; Chief Security and Trust Officer at Cisco Systems in the United States, Mr John Stewart; the Chief Information Security Officer at Telstra, Mr Mike Burgess; and the Director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, Dr Tobias Feakin. The review is expected to be completed by mid 2015.
Last week’s Cyber Security Conference in Canberra was organised by the Australian Signals Directorate (the equivalent of GCHQ and one of the ‘Five Eyes’ hubs of Echelon) and Dr Margot McCarthy, who heads the Australian Cyber Security Review (and who also works directly to the prime minister). Speakers included representatives from Microsoft, Google (on incident response), Dell, Rayethon Australia, Telstra, the FBI (speaker not named) and CISCO.
The role of the Cyber Security Centre is to coordinate cyber security and intelligence within government and between government and industry partners. The Centre incorporates expertise from from the Australian Signals Directorate, the Australian Federal Police, the Australian Security Intelligence Organisation (ASIO), the Australian Crime Commission, CERT Australia and the former Defence Cyber Security Operations Centre (CSOC).
The Australian Signals Directorate oversees Australia’s Echelon role as well as Australia’s main surveillance base at Pine Gap (which also helps coordinate Echelon missile and drone attacks in the Asia region).
The ASD produces the Australian Government Information Security Manual. The manual is the standard which governs the security of government ICT systems. The ISM comprises three documents targeting different levels within an organisation. The ISM is available in three parts:
- 2015 ISM Executive Companion (PDF)
- 2015 ISM Principles document (PDF)
- 2015 ISM Controls manual (PDF)
At least 85% of the targeted cyber intrusions that the Australian Signals Directorate responds to could be prevented by following what it called the top 4 mitigation strategies listed in their Strategies to Mitigate Targeted Cyber Intrusions. These are:
- use application whitelisting to help prevent malicious software and unapproved programs from running
- patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
- patch operating system vulnerabilities
- restrict administrative privileges to operating systems and applications based on user duties.
ASD Strategies to Mitigate Targeted Cyber Intrusions
- Mitigation Strategies (HTML)
- Mitigation Strategies (450K PDF)
- Mitigation Details (HTML)
- Mitigation Details (1Mb PDF)
- Key Changes for 2014 (HTML) (Annex A of Details PDF)
The Top 4 Strategies
- Top 4 Mitigation Strategies to Protect Your ICT System (HTML)
- Top 4 Mitigation Strategies to Protect Your ICT System (430K PDF)
- Top 4 Strategies to Mitigate Targeted Cyber Intrusions: Mandatory Requirement Explained
- The DSD Top 4 Mitigations Against Cyber Intrusions: An Implementation Guide for Project Managers (1.4Mb PDF) (courtesy Microsoft Australia)
- The Top 4 in a Linux Environment
- Catch, Patch and Match video and brochure
- Application Whitelisting (HTML)
- Application Whitelisting (320K PDF)
- Assessing Security Vulnerabilities and Patches (HTML)
- Assessing Security Vulnerabilities and Patches (470K PDF)
- Restricting Administrative Privileges (HTML)
- Restricting Administrative Privileges (430K PDF)
- Technical Information about Email Content Filtering (2Mb PDF)
- Example Implementation of Sanitising PDF Email Attachments to Disable Malicious Content (external link)
- Example Implementation of Web Domain Whitelisting (external link)