David George from CERT Australia, which will soon merge into the Australian Cyber Security Centre (ACSC), has said that WannaCry and NotPetya "sent a shiver down the spine of the Australian government because, frankly, we were caught a little unawares".
"We have just established an ACSC watch station in the Crisis Coordination Centre of the Australian government. So we've linked our cybersecurity crisis arrangements right into the very core, the apex, of the Australian government's crisis coordination arrangements," George told the ACSC Conference in Canberra on Thursday.
According to George, the restructured ACSC is increasing the resourcing of its communications teams, as well as establishing a "24/7 cyber newsroom" to "drive out early warning and outreach" proactively.
"That will be a very different way of engaging around the cyber landscape," George said.
"You would all be very aware, I think, that there are lots of commentators in this space. Some know what they're talking about, others perhaps less so. Some are available, and take every speaking opportunity, and others are a little harder to get, and that might be because they're actually in demand.
"We need to influence that narrative more broadly."
The ACSC's aim is to improve the awareness and level of understanding of cybersecurity issues, and to "lift the national conversation".
"Expect to see much more interactive social media from us, and I expect there will be some level of quirkiness if we can move down that particular path," George said.
"Certainly we need to find an engaging voice, and that's the issue."
Several participants in the discussion pointed to the social media presence of the United Kingdom's National Cyber Security Centre (NCSC) as a possible model. One was the ACSC chief and Australia's National Cyber Security Adviser Alastair MacGibbon.
"One of the things I think NCSC has done well is [that] it issues advice, comes back an hour or two later, and says, 'We've actually received some feedback from the community, told us this, here's our revised advice, thanks for getting back to us'," MacGibbon said.
"That's sensible, because you can only give the best advice you can at the time. If you have clean heart and clean hands, then we should give that advice. We should put an asterisk on it to say how much knowledge we have, and that we'll revise it."
Cyber incidents 'much more destructive'
There's been a shift in the focus of cyber attacks, according to Sandie Bradley, the ACSC's executive director for cybersecurity.
"A lot of [the cybersecurity incidents] that we've seen over the last sort of five to 10 years, a lot of that revolved around intellectual property theft and espionage. But the last six or 12 months, I think we've seen a dramatic shift in what cyber is being used for, having much more destructive impact globally, but also on the economy in particular," Bradley told the ACSC Conference.
The Australian Signals Directorate's (ASD) new governing legislation means it will be giving "advice and assistance to anyone connected to the internet", as Bradley put it. As staff members plan their move into the new centre, they're asking how they can scale up their effectiveness through collaboration with the private sector, he said.
"The small number of exceptionally talented people that work in the ACSC -- I might be biased, but I think so -- how can we scale that out so that we can actually protect Australia the nation, not just this particular government agency here, or this particular industry victim there?" Bradley continued.
Commander David McLean, head of Cyber Crime Operations for the Australian Federal Police (AFP), said that the ACSC is trying to create a "flexible national resource within law enforcement".
"The maturity of cyber as a phenomenon, and the intersection between law enforcement and policing of civil society online, to borrow a phrase from Al [Alastair MacGibbon], hasn't necessarily been realised broadly in law enforcement. There are still a relatively small number of men and women who are very deeply expert in this, and have very clear insights and experience to share. We're finding different ways to try and pull that together, despite the forces keeping everything apart," he said.
That cooperation extends internationally, with the Australian Criminal Intelligence Commission (ACIC) having recently met with the AFP's partner organisations in Europe.
"We are doing things against some of the, let's call them, apex predators out there in the international organised cybercriminal environment ... that we would not have conceived of 24 months ago," McLean said.
"Even six months ago," interjected Katie Willis, the ACIC's national manager of intelligence. She noted that collaboration with domestic agencies via the ACSC has opened up the possibilities for collaboration with their international partners in new ways.
"They will have a long lead time, and they may or may not be successful, or be variously successful," McLean continued.
"But the fact that we're doing them with a broader group of partners that we otherwise would have traditionally would have chosen to partner with offshore is really, really important."
The key to success, Willis said, is constant innovation.
"Serious and organised crime are the most innovative, creative groups of people you're ever likely to come across," she said.
"If we're not innovative and creative in how we respond, if we're only responding in the way that we were responding 12 months ago, two years ago, we're never going to have a hope."
PREVIOUS AND RELATED COVERAGE
- Blaming Russia for NotPetya was coordinated diplomatic action
- ASD to review Australia's cybersecurity and 'drive out known problems'
- Australia stepping up foreign cooperation on state-level cyber deterrence
- Health holds crown as the most breached sector in Australia
- Australian government considers approach to cybersecurity 'world-leading'
- Australian Home Affairs thinks its IT is safe because it has a cybermoat
- ASD calls on government chief executives to up their cybersecurity game
- Cyber Research Centre labels Australia's counter-threat capacity 'relatively weak'
- Bad Rabbit: A new Petya-like ransomware that's spreading, but beatable (TechRepublic)
- How artificial intelligence is unleashing a new type of cybercrime (TechRepublic)