The AchieVer Posted February 18, 2019 Share Posted February 18, 2019 Banks praised for their internal cyber defence capabilities With concerns over where the responsibility of attribution should lie. The Commonwealth Bank of Australia, the National Australia Bank, the Australia and New Zealand Banking Group, and Westpac currently hold around 95 percent market share of the entire finance industry, requiring stringent internal defence capabilities and an understanding of the global threat landscape in order to keep the information -- and money -- of their customers secure. According to Dr Atif Ahmad from the University of Melbourne, the top tier banks have the internal capability, but are yet to head down the attribution path. "We've been doing case studies on the banking sector and looking at how Australian organisations are treating the shift in the threat landscape and what we've found so far is that most of the banks -- the top tier banks -- they have the capability to respond internally, and that's what they tend to focus on," Ahmad told the Cyber Storm international conference at the UNSW Canberra Australian Defence Force Academy (ADFA) on Monday, Where the banks are succeeding, Ahmad explained, is in bringing analytics from the business side of the organisation into the security arms so they can begin to, in real time, develop intelligence on attacks. "The next step, which is to actually have the attribution, where they can recognise the same attacker over a period of time, that seems to be something that they're still working towards," he said. "When they get there, the question is going to become, 'If you know that a particular attacker is hitting you consistently over the years and you know what they're after, what are you going to do about it?' Are you going to hand it to the ACSC or are you going to do something?" The problem with that, however, is naming a state-actor would result in organisations being on the radar of the likes of Russia and North Korea as a target. Joining Ahmad in the discussion was executive director of the Cyber Policy Research Institute at the University of California Irvine Bryan Cunningham, who said that there are a lot of large multinational companies that have developed the capability to launch an offensive or an active response. "Under the [United States] Computer Fraud and Abuse Act, almost any type of active defence that goes outside your firewall is currently illegal," he said. While Cunningham believes the moves in Congress to change that will see fruition, he pointed to how Microsoft has gotten around such a roadblock, and put itself in a position to respond offensively. "What Microsoft has been doing is going into a US Federal Court and suing their attackers. They're saying they're suing APT28 -- they know that they're never going to get APT28 into a US Court, but what they get is that the judge orders a temporary restraining order to the ISPs to reroute all the traffic that Microsoft identifies to Microsoft servers and Microsoft is authorised to launch counterattacks," he explained. "Right now, it's clear Microsoft has this capability and they basically zapped the botnets and they don't even know what countries they're in, they don't know what computers they're on -- order of magnitude, they do -- they're getting these judges to issue orders to let them launch their attacks." Cunningham believes that activities of this type are going to become legitimised over time by US courts, which will see Congress authorise companies with the internal capability to do it with merely legislative oversight. Opening the conference, Australian Defence Force Head of Information Warfare Major General Marcus Thompson posed the question of how much of Australia's critical infrastructure the government should be responsible for, highlighting a need for public and private to work together on protecting the nation, including where attribution is concerned. "How do we defend civilian infrastructure we don't control? That makes Telstra, Optus, Vodafone the operating environment; makes the banks, other financial institutions, utilities companies, targets," he asked. "How do we determine what infrastructure will be the government's responsibility to defend?" Source Link to comment Share on other sites More sharing options...
The Commonwealth Bank of Australia, the National Australia Bank, the Australia and New Zealand Banking Group, and Westpac currently hold around 95 percent market share of the entire finance industry, requiring stringent internal defence capabilities and an understanding of the global threat landscape in order to keep the information -- and money -- of their customers secure. According to Dr Atif Ahmad from the University of Melbourne, the top tier banks have the internal capability, but are yet to head down the attribution path. "We've been doing case studies on the banking sector and looking at how Australian organisations are treating the shift in the threat landscape and what we've found so far is that most of the banks -- the top tier banks -- they have the capability to respond internally, and that's what they tend to focus on," Ahmad told the Cyber Storm international conference at the UNSW Canberra Australian Defence Force Academy (ADFA) on Monday, Where the banks are succeeding, Ahmad explained, is in bringing analytics from the business side of the organisation into the security arms so they can begin to, in real time, develop intelligence on attacks. "The next step, which is to actually have the attribution, where they can recognise the same attacker over a period of time, that seems to be something that they're still working towards," he said. "When they get there, the question is going to become, 'If you know that a particular attacker is hitting you consistently over the years and you know what they're after, what are you going to do about it?' Are you going to hand it to the ACSC or are you going to do something?" The problem with that, however, is naming a state-actor would result in organisations being on the radar of the likes of Russia and North Korea as a target. Joining Ahmad in the discussion was executive director of the Cyber Policy Research Institute at the University of California Irvine Bryan Cunningham, who said that there are a lot of large multinational companies that have developed the capability to launch an offensive or an active response. "Under the [United States] Computer Fraud and Abuse Act, almost any type of active defence that goes outside your firewall is currently illegal," he said. While Cunningham believes the moves in Congress to change that will see fruition, he pointed to how Microsoft has gotten around such a roadblock, and put itself in a position to respond offensively. "What Microsoft has been doing is going into a US Federal Court and suing their attackers. They're saying they're suing APT28 -- they know that they're never going to get APT28 into a US Court, but what they get is that the judge orders a temporary restraining order to the ISPs to reroute all the traffic that Microsoft identifies to Microsoft servers and Microsoft is authorised to launch counterattacks," he explained. "Right now, it's clear Microsoft has this capability and they basically zapped the botnets and they don't even know what countries they're in, they don't know what computers they're on -- order of magnitude, they do -- they're getting these judges to issue orders to let them launch their attacks." Cunningham believes that activities of this type are going to become legitimised over time by US courts, which will see Congress authorise companies with the internal capability to do it with merely legislative oversight. Opening the conference, Australian Defence Force Head of Information Warfare Major General Marcus Thompson posed the question of how much of Australia's critical infrastructure the government should be responsible for, highlighting a need for public and private to work together on protecting the nation, including where attribution is concerned. "How do we defend civilian infrastructure we don't control? That makes Telstra, Optus, Vodafone the operating environment; makes the banks, other financial institutions, utilities companies, targets," he asked. "How do we determine what infrastructure will be the government's responsibility to defend?" Source
Recommended Posts
Archived
This topic is now archived and is closed to further replies.