There's 'bigger fish to fry' than anti-encryption laws: Telstra security chief

What cyber crimefighters really need are better global collaboration and faster access to IP address data, not the content of encrypted data communications, according to Jacqueline McNamara.

screen-shot-2018-09-06-at-17-14-08.png

Encryption-busting laws like Australia's Assistance and Access Bill aren't high on the list of essential cyber crimefighting tools, according to Jacqueline McNamara, head of cybersecurity at Telstra.

She'd rather have instant access to data on the ownership of IP addresses through organisations like the Internet Corporation for Assigned Names and Numbers (ICANN), and being able to work more quickly with law enforcement agencies and other authorities.

Currently, getting access to this data generally requires a warrant or a subpoena.

"I think things like being able to easily access ICANN and look up IP addresses is a lot more important than accessing the minutiae of encrypted data communications. A lot of it is actually speed. A lot of these transactions are done and complete by the time anyone does it," McNamara told SWIFT's Sibos global financial services conference in Sydney on Tuesday.

"In terms of law enforcement, I think looking at the collaborative frameworks between our governments globally, and moving towards a more globally-centric model for regulation is really important," she said.

"Sure, the Australian government might be able to determine attribution, and be pretty solid on the attribution, as a result of getting into those encrypted communications, [but] who are they going to call? What will Vlad say? My government can't do anything about it. I don't know where they are, probably, and we can't get access to ICANN."

Removing the need for warrants would increase the risk of ICANN data being used inappropriately or even maliciously, however.

"We need to maybe track the people who are accessing it, and if they're found to be doing naughty stuff then we'll look at that later, as opposed to holding the process up in the front end by forcing warrants," McNamara said.

While there are probably cases where getting at encrypted communications would be important, McNamara said her view was: "I think there are probably bigger fish to fry."

McNamara's comments echoed those of Dmitry Samartsev, chief executive officer of Russian cybersecurity firm Bi.zone.

"There is no one international document which is signed at the UN level, or some kind of that level, even on the European level, which will regulate cyberspace. It's a huge trouble," Samartsev said.

The first and only international treaty on cybercrime, the Budapest Convention, was signed back in 2001, but more than half of the European Union countries have not ratified it, including key players France and Germany. Brazil and India haven't adopted the convention either, because they didn't take part in its drafting, and Russia hasn't adopted it because they believe it would violate Russian sovereignty.

"All this geopolitical turbulence, and all this bureaucracy between governments, lead organised cybercrime to attack more and more, and a lot of attacks are successful. So the banks around the globe, and the clients of the banks, and the corporate players, and the private entities, they are losing money," Samartsev said.

"The worst scenario is when cybercrime is making several attacks at the one time. For example, they're making DDoS, and then at the same time they are making a huge informational attack on social networks, just a fake news that the biggest banks are going down. Can you imagine what domino effect will happen with just citizens who go to their branches of the bank and try to take their money back and put it into the mattress," he said.

"So there's troubles with liquidity, there's troubles with central banks, all the troubles with government. It might be a very terrible thing."

McNamara said that as a former army intelligence officer, she looks at this strategically. It's more likely that such a massive meltdown would happen by accident, she said. An attack in multiple arenas might be intended to do one thing, but ends up having unintended side effects.

"If fake news then creates a problem, that financial transactions aren't OK, and we actually slow down global banking systems, or people start taking their money out and sticking it in a mattress, it could inadvertently, and without necessarily being the original idea of the attack, create widespread panic and pretty serious problems," she said.

"What we actually need to be doing is collaborating. We're all busy worrying about 'Is it the Russians?' and that's probably kind of the wrong question. It's what systems do we have in place to make sure that fake news doesn't undermine the way that we process information, and create widespread panic and problems."

Creating a global real-time information exchange

During the NotPetya ransomware attack in mid-2017, Bi.zone had figured out how to decrypt users' files. That information was distributed through First and other cybersecurity information channels.

But logistics conglomerate Maersk, one of the companies hardest hit, didn't get that information until the chairman of Maersk was given Samartsev's phone number by a personal friend in the cybersecurity industry.

"It took one week," Samartsev said.

"Could you imagine a real-time platform in which I just can upload such kind of data, and everybody will access to that? Because now it is working between people, it's just like the post with pigeons, and it's working quite bad."

That's why the World Economic Forum has set up its Global Centre for Cybersecurity, headed by Troels Oerting, formerly group chief information security officer for Barclays, and head of Europol's European Cyber Crime Centre.

"World Economic Forum is an entity which integrates more than 90 percent of world GDP, and so this is a good platform for cooperation," Samartsev said.

Samartsev also had an important message about attributing financial attacks to nation-state actors.

"The problem is when the world is talking about 'Russian hackers' and they're trying to mention the Russian government. But I will tell you the story that the Russian government is not technologically advanced enough to do all this shit."

Related Coverage

Cyber attribution isn't so important, even for nation states

International agreements could make it easier to track down threats from the borderless cyber realm. Australia is at the forefront of cyber diplomacy, but elsewhere progress is stalling.

UK and Australia blame Russian GRU for quartet of cyber attacks

The British government says recent 'indiscriminate and reckless' global cyberattacks are the handiwork of the Russian military intelligence.

Australia also points finger at Russia for NotPetya

The Australian government has joined the United Kingdom and the United States in blaming the Kremlin for NotPetya attacks.

Australia's anti-encryption legislation fails to address human rights concerns: Committee

The Australian Parliament's own human rights watchdog committee has identified a raft of concerns with the Assistance and Access Bill 2018, and is 'seeking additional information'.

ASIO chief says encryption-busting scheme would not involve persistent monitoring

Head of ASIO Duncan Lewis has said there is a time limit to any assistance rendered under the Assistance and Access Bill.

Dutton frames Encryption Bill debate as battle between protecting Silicon Valley or protecting Australians

Australian Minister for Home Affairs Peter Dutton claims the Bill is already watered down, and Labor should support it.