The level of priority, at a national level, could not now be plainer seeing this report.
Cyber security promoted to cabinet in rejig
6:32AM November 27, 2020
Scott Morrison will create a cyber security role in cabinet as part of a ministerial reshuffle next month, as the Prime Minister prioritises responsibilities in line with the government’s COVID-19 economic and security commitments.
The Australian understands Mr Morrison will permanently reduce cabinet from 23 to 22 following the departure of Mathias Cormann earlier this month.
The special cyber security role would be added to the Home Affairs portfolio, which has oversight of cyber security legislation and the roll out of the decade-long Cyber Security Strategy, and comes as the government ramps up its defences against state-based and criminal actors.
Water, food and health providers have been hit by attempted cyber attacks this year, with digital strikes escalating against Australian critical-infrastructure operators and companies during the coronavirus pandemic.
The Australian can reveal two new cyber attacks on critical infrastructure, including a regional Queensland water provider that repelled an intrusion that could have inflicted a catastrophic impact across water supplies and farms. If the attack had been successful, the impact on water quality would have affected human and livestock consumption and dispersed chemicals into crops.
The Home Affairs Department also confirmed a major national food wholesaler had its systems attacked, disrupting their ability to “provide foods to Australians at a time of unprecedented pressure on the food and grocery sector”.
Regional hospitals in Victoria have also been targeted, resulting in disruptions to health services and surgeries.
Lots more here:
This makes it clear there is a lot going on – a lot of which we don’t seem to hear about.
At a corporate level there now also seems to be increasing concern – witness these two articles here:
APRA flags tougher stance to get boards to take security seriously
By Tim Biggs
November 26, 2020 — 5.01pm
The Australian Prudential Regulation Authority (APRA) has put the boards of banks, insurers and superannuation funds on notice, warning that many of them are still failing to adequately protect their systems from hackers.
Unveiling its updated cyber security policy on Thursday, the regulator said boards will be required to engage an external audit firm to review if their cyber defences were in line with the CPS 234 standards put in place by APRA last year.
"It’s close to 18 months since CPS 234 came into effect, and we are still seeing too many basic cyber hygiene issues across the industry", outgoing executive board member Geoff Summerhayes said in a livestreamed speech to the Financial Services Assurance Forum.
"We want compliance independently verified, and we will be applying serious pressure when it’s not forthcoming." "If boards are unwilling or unable to make the required changes in a timely manner, we will consider using formal enforcement action," he said.
Lots more here:
and here:
APRA targets cyber hygiene and board oversight with new security strategy
By Tess Bennett on Nov 27, 2020 11:28AM
Toughens cyber stance.
APRA has unveiled a new cyber security strategy and flagged it will step up its review of current cyber compliance, holding boards accountable for shortfalls.
The prudential regulator’s cyber security strategy for 2020 to 2024 seeks to lift cyber security standards and introduce heightened accountability where companies fail to meet their legally binding requirements.
In a speech to the Financial Services Assurance Forum yesterday, Geoff Summerhayes, executive board member of APRA said the new strategy seeks to safeguard an increasingly connected network of financial entities, increase board oversight and improve basic cyber hygiene practices.
Summerhayes said APRA wants to “eradicate unnecessary or careless cyber exposures” by establishing a baseline of cyber controls. It is starting with sharpening its enforcement CPS 234 compliance.
More here:
In the health sector we saw very recently a less than honourable mention here:
Five reasons why COVID-19 has left the health sector vulnerable to cybercrime
Tuesday, 24 November, 2020
An industry white paper published by cybersecurity firm Kroll explores the impact of COVID-19 on the healthcare industry’s cybersecurity landscape and shares best-practice guidance for healthcare providers.
The risk landscape resulting from the pandemic is characterised by five key vulnerability points:
- Rapid shift to remote working
- Expansion of telehealth
- Workforce under pressure
- Interoperability
- PPE
shortages
A rapid shift to remote working, the expansion of telehealth services and a workforce under increased pressure — all triggered by the COVID-19 pandemic — have led to an 86% increase in healthcare data breach notification cases globally between March and September 2020.
According to the Notifiable Data Breaches Report by the Office of the Australian Information Commissioner (OAIC), Australia’s healthcare industry experienced more data breaches than any other industry, accounting for 22% of notifiable data breaches between January and June 2020.
“The sensitive nature of patient data and the criticality of healthcare systems means that they are an attractive target for cybercriminals,” said Louisa Vogelenzang, Associate Managing Director and Asia-Pacific lead for Identity Theft and Breach Notification services in Kroll’s Cyber Risk practice.
“Due to the COVID-19 pandemic, remote working and telehealth services have surged and IT providers have struggled to keep up with the demand, leaving important systems and data vulnerable.
“Healthcare providers hold some of the most sensitive data in the country and operate systems that support people’s wellbeing, so it’s important that their systems have the same level of cybersecurity we’ve come to expect from critical infrastructure.”
Vogelenzang noted that, with Australia’s healthcare industry experiencing more notifiable data breaches than any other sector, there are some key areas for improvement:
- Getting cyber hygiene basics right, which includes patching and ensuring multifactor authentication is enabled for remote access, as well as many more fundamental steps to eliminate the most common risks.
- Ensuring security awareness programs are in place and that they include how to spot and report phishing emails as well best practice for sharing sensitive information.
- Conducting reviews of third-party service providers, ensuring that they are appropriately protecting the most sensitive information and systems.
- Having an incident response plan that includes scenarios like ransomware and data breaches, practising this plan regularly through tabletop exercises, and ensuring the right partnerships are in place for support, should an incident occur.
More here:
And here:
Treating the underlying causes of cyber symptoms
Posted by Chris Fisher
Australia’s health sector is constantly the target of cyberattacks, and in the first half of 2020, a total of 22 per cent of all Australian data breaches were in the health sector.
Through our own research, we know the real threat is already in healthcare networks in the form of privileged access misuse, the growth in healthcare IoT devices, and that the majority of attacks occur due to underinvestment in security operations or a lack of security awareness by insiders.
The increased number of cyber threats the Australian health sector has encountered in recent months led the federal government to warn that cyber attackers were taking advantage of the COVID-19 pandemic, targeting hospitals, medical services and crisis-response organisations.
The Australian Strategic Policy Institute’s International Cyber Policy Centre recently noted that hospitals are targeted because they are essential services and more likely to pay a ransom to regain control of their network from hackers.
Many people within the healthcare industry have access to patient medical records, making it easy for some to take advantage of that privilege. Internal actors – meaning employees who access patient data with unlawful intent – are largely responsible for healthcare data loss, and healthcare is the only industry where this occurs at such an alarming rate. Indeed, our own research demonstrated that human error and misuse occurred more frequently in the healthcare industry than external threats such as hacking or ransomware.
More here:
https://medicalrepublic.com.au/treating-the-underlying-causes-of-cyber-symptoms/37436
And to top it all of we have this:
China, Russia spreading lies, digital discord: former US National Security Agency director Mike Rogers
Chinese and Russian state-based cyber actors are orchestrating industrial-scale malicious attacks and disinformation campaignsto gain global competitive advantage and weaken democratic institutions via “manipulation” and theft of sensitive data.
Amid a surge in cyber attacks targeting Australian governments, critical infrastructure and private sector firms, former US National Security Agency director Mike Rogers has called on Western nations to work together in neutralising active threats.
Admiral Rogers, who also led the US Cyber Command and Central Security Service under presidents Donald Trump and Barack Obama, said establishing cyber deterrence frameworks would help nations manage fast-evolving threats.
“My attitude always was: can you explain to me how Russia, China, North Korea and the Iranians have come to the conclusion that cyber represents low-risk — that they can engage in aggressive activities in cyber and not trigger a significant response … or at least a response that they think outweighs the benefits?” Admiral Rogers told The Australian.
“How is it that we have got two diametrically opposed world models? We have got to change this dynamic, we have to reshape the risk calculus of these cyber actors whether it be nation states or criminal actors.”
Canada, a member of the Five Eyes intelligence alliance alongside Australia, the US, Britain and New Zealand, last week named state-sponsored hackers from China, Russia, Iran and North Korea as the country’s “greatest strategic threat”.
Lots more here:
And to wrap up we have a great overview of the issues here:
Cyber warfare - is attack the best form of defence?
Cyber-attacks by nation states are on the rise and are becoming an increasingly common method of “warfare” and diplomatic disruption. Countries such as China and Russia are developing cyber weapons for use in any future conflicts, while the USA, the UK, France and Israel have also invested in developing cyber capabilities. Australia’s recently launched Cyber Security Strategy 2020 recognised the significant threat posed by nation states to our government and critical infrastructure providers and committed to invest $1.67 billion over 10 years in relation to cyber security (see our analysis of the strategy - Australia’s Cyber Security Strategy 2020: What you need to know). A critical question is how countries such as Australia should defend themselves, and should this defence involve offensive attack?
According to Verizon’s 2019 Data Breach Investigations Report, cyber-attacks by nation states, and affiliated parties, represented 23% of data breaches, up from 12% in 2018 and 19% in 2017. The report also highlighted that a quarter of all breaches were associated with espionage.
Australia's Cyber Security Strategy 2020
Australia’s Cyber Security Strategy 2020 identifies nation states as major threat actors who “seek to compromise networks to obtain economic, policy, legal, defence and security information for their advantage”. It recorded that in the year to 30 June 2020 government entities were the target of approximately 35% of incidents while attacks on critical infrastructure providers (delivering services such as healthcare, education, banking, water, communications, transport and energy) comprised a further 35% of incidents.
A successful attack of this nature could have a catastrophic effect on the Australian economy and our society. For example, the 2015 BlackEnergy attack (which Russia is accused of mounting) against Ukraine cut power to over 700,000 homes for a period while the 2017 NotPetya attacks (also allegedly mounted by Russia) resulted in the radiation monitoring system at Ukraine’s Chernobyl Nuclear Power Plant going offline while Ukraine’s national bank, state power company and largest airport were also affected. You don’t need to be an expert to imagine the fallout from a cyberattack on our financial markets, particularly if financial records are destroyed or altered. Similarly the panic and chaos that would result from any interference with the operations of nuclear plants and water systems, or the interruption of critical transportation systems bringing cities to a halt.
Lots more here:
https://www.lexology.com/library/detail.aspx?g=be126908-c800-4ca4-a247-0737bb351bfb
With all this in just a few days my only feeling is to suggest we all “be careful out there”! It is clear we need to be both “alert and alarmed" as it is clear risks are rising at many levels!
David.
No comments:
Post a Comment