It is no longer an option to be complacent about securing computer networks. There is growing evidence that groups, such as Anonymous, state-based actors and individuals are intent on stealing valuable data or causing disruption to computer-based services.
From governments to religious organisations, global enterprises to small business owners, everyone has been a victim of these types of attacks. The motives of attackers range from a self-deluded intention of doing good for society, to monetary or political gain or for no other reason than to demonstrate the ability to affect such an attack.
Our world economy, governments, industry and citizens rely heavily on the capabilities that the Internet provides, attacks to these fundamental infrastructures and the devices connected to it are frequent, visible and damaging. Disruptions to Internet services can have a catastrophic effect on our banking systems, utilities and the way we communicate across the globe.
The new Australian Cyber Security Centre, announced by Prime Minister Julia Gillard earlier this year, recognises this growing threat. It will become operational towards the end of 2013 and will act as a hub for security professionals from the Defence Signals Directorate, Defence Intelligence Organisation, Australian Security Intelligence Organisation, the Attorney-General’s Department’s Computer Emergency Response Team Australia, Australian Federal Police and the Australian Crime Commission.
Its aim is to protect Australia’s most valuable networks and systems and provide advice and support to develop preventative strategies to counter cyber threats.
According to the Australian Government, there were more than 400 cyber incidents against government systems requiring a significant response by the Cyber Security Operations Centre (CSOC) during 2011-12.
The establishment of the new Australian Cyber Security Centre will help the Government devise a comprehensive cyber security strategy, but there are also other initiatives that are already underway within federal government to tackle this growing problem.
The Defence Signals Directorate (DSD) advocates implementing a Defence-in-Depth strategy and, as of April 2013, Australian government agencies are required to implement certain ICT protective security controls. Each layer of the defence-in-depth strategy should provide either a form of protection to thwart or slow the pace of attack, or provide intelligence that can be used to adapt to and remediate the situation. The end game is to secure the organisation’s assets including its data confidentiality, integrity and availability.
DSD understands the increased need to protect federal government computer networks and the threat to Australia. Utilising a defence-in-depth security methodology, DSD has developed a series of documents entitled “Top 35 Mitigation Strategies”. The list is informed by DSD's experience in operational cyber security, including responding to serious cyber incidents and performing vulnerability assessments and penetration testing for Australian government agencies. These strategies can be divided into categories including patching / hardening, monitoring / inspection, white/black listing, blocking/filtering and governance / security policy.
In April this year, on recommendation of the Attorney-General, the Australian Government Protective Security Policy Framework (PSPF) was updated and the changes now mandate Australian Government agencies to implement ICT protective security controls to meet the DSD's top four out of the total 35 mitigation strategies for cyber intrusions, which are:
- Use application whitelisting to help prevent malicious software and other unapproved programs from running
- Patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers
- Patch operating system vulnerabilities
- Minimise the number of users with administrative privileges.
DSD findings show that no single strategy can prevent malicious activity, but the effectiveness of implementing the top four strategies is very high. When DSD analysed intrusions they responded to in 2011, they found that the defence-in-depth strategy as a whole would have prevented at least 85 per cent of these intrusions. They also found that most of the attacks involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies as a package.
Sourcefire is working alongside DSD to provide Australian government agencies with the security solutions they need to comply with the top 35 mitigation strategies. While recognising that there is no silver bullet to address security challenges, Sourcefire’s Agile Security approach and network and endpoint device security solutions support defence-in-depth and assist organisations in complying with DSD’s top 35 mitigations.
As the de facto standard in NGIPS (Next-Generation Intrusion Prevention Systems), we can support government agencies in detecting and blocking malware and intrusion events, providing application control and security compliance enforcement.
Organisations are continually asked to provide more services and a higher level of security with reduced budgets and fewer personnel. CTOs and ITSAs are constantly challenged to meet these conflicting requirements. Through informed architectures, products and supplementary security controls, solutions can be implemented to meet both of these elements and more compliance requirements in a true defence-in-depth strategy.
Chris Wood is the Regional Director of Sourcefire.