The world must work together on cybersecurity

Establishing a global, coordinated approach to cybersecurity was the takeaway theme from the Australian Cyber Security Centre (ACSC) Conference 2018.

More than 1500 delegates attended the conference at the National Convention Centre in Canberra last week on 11–12 April, bringing together the world’s top policy and operational experts in national and international cybersecurity.

The conference provided a platform for ongoing partnerships to counter cyber threats.

Minister for Law Enforcement and Cyber Security Angus Taylor said the conference was a unique opportunity to collaborate and advance Australia’s national cyber defence capabilities.

“Strong partnerships with industry are integral to achieving this,” he said.

Keynote speaker Richard Driggers, from the United States Department of Homeland Security, agreed. Partnering with the private sector was “extremely important” in helping to share information about cybersecurity, he said.

Driggers also praised Australia’s Joint Cyber Security Centres, which are partnerships between business, government (local, state and Commonwealth) and academia to enhance collaboration on cybersecurity.

Cybersecurity is an international issue that does not end at national borders, as was made evident during the WannaCry incident in 2017.

The impacts of WannaCry could have been a lot worse “if we had not spent time and energy building our international partnerships”, said Driggers.

“We want to do everything possible to help Australia and our other international partners.”

Another keynote speaker at the ACSC Conference was Dean of Engineering and Computer Science at the Australian National University Professor Elanor Huntington.

Huntington said she was concerned about the skills shortage in the cyber space.

“What we need is people who understand both technology and people,” she said.

“One of the really interesting things about cybersecurity is that it inherently involves the bringing together of people and technological systems, as well as some deep science to do basically human things.”

The 2018 ACSC Conference had a specific focus to promote, inspire and support women to embrace a career in cybersecurity, given that women comprise just 11% of the cybersecurity industry.

In a panel discussion on women in cyber, panellists agreed that cyber ‘language’ needs to change to attract more women to the industry.

Australian Signals Directorate Director-General Designate Mike Burgess went further.

“Of course we need to change the language, but the most fundamental thing is to change thinking,” Burgess said.

“You’ve got to challenge your thinking and take steps to make progress, otherwise it won’t happen.”

The ACSC Conference program was also geared towards increasing the knowledge of delegates. Presenters focused on providing specific operational advice, including through a range of training activities that were offered to delegates free of charge.

The ACSC’s Jason Pang and Mitchell Clarke co-instructed a technical course on incident response as part of the program.

Participants were taught methodologies on conducting effective incident response, but also acted as incident responders by analysing key artefacts derived from a simulated incident.

“By getting hands-on with some of the tools the industry uses, participants were able to get a very clear picture of what is actually involved from a technical perspective and what needs be prioritised,” Pang said.

The simulated incident included sophisticated actor tradecraft observed in ACSC incident response investigations, giving participants a first-hand look at some of the techniques used to target Australian organisations.

“The time for incremental shift is over,” said ACSC Head Alastair MacGibbon.

“The scale and types of incidents cannot be handled by government alone.”

Image credit: ©stock.adobe.com/au/lucadp

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.