Monday, 2 June 2014

Australian Cyber Security Centre 2014

Will house CERT Australia, CSOC.

The federal government’s long-awaited Australian Cyber Security Centre will be fully operational in late 2014 - almost two years after it was first announced.
The launch of the centre has been held up by the delayed $630 million build of new headquarters for ASIO (the Australian Security Intelligence Organisation).
In January 2013, the former Gillard government announced it would create a cyber security coordination hub that would co-locate staff from a number of defence, security and legal agencies. It was scheduled to be opened before the end of 2013.
But the opening of the centre was set back due to “significant challenges” faced by the construction of the new building in which the centre was to be housed.
The new ASIO headquarters in Canberra, named the Ben Chifley building, will finish $170 million over budget and almost two years behind schedule when it opens later this year.
The spy agency has previously conceded encountering difficulties with a handful of subcontractors over payments, and struggling with the complexity of the building management and security systems required to house high-security operations.
The Australian Cyber Security Centre - which relies on officers being in the same physical environment under the co-location model - has subsequently not been able to open.
Once operational, the Australian Cyber Security Centre will subsume the existing Cyber Security Operations Centre (CSOC) -  currently located within the Australian Signals Directorate in Canberra’s Russell Office precinct - and will also house the national computer emergency response team, CERT Australia.
The CSOC, which launched in 2010, employs 130 officers from agencies across government - primarily Defence staff - and is focused on protecting government networks.
The ACSC will house around 300 officers by 2017, approximately 219 of which will be provided by the Australian Signals Directorate. It is the “next evolution of Australia’s cyber security capability”, a Defence spokesperson told iTnews.
ASD cyber and information security boss Major General Stephen Day has previously been announced as the centre’s first coordinator.
Beyond the existing capabilities of the CSOC and CERT Australia, the ACSC will co-locate with those cybercrime and espionage-related functions currently within the Australian Federal Police, Australian Crime Commission and ASIO.
“The ACSC will analyse the nature and extent of cyber threats, and lead the Government’s operational response to cyber incidents. It is the Australian Government’s core approach to national cyber resilience and will raise awareness of cyber security and encourage reporting of cyber security incidents,” a Defence spokesperson said in a statement.
Neither the Gillard nor Abbott governments have committed funding to the centre.
It will instead be funded from within existing agency resources, with Defence contributing the lion’s share at 73 percent and the Attorney-General’s department chipping in 27 percent. Defence has projected funding for the centre until 2030, the agency said, but declined to provide further details on its cost.
Defence assistant secretary on cyber security Joe Franzi last month called the ACSC “the brightest light on our horizon”.
“For some years now, various parts of the Australian Government have been growing independent cyber security capabilities. This is understandable when a new phenomenon, such as cyber, confronts a government,” he told congregates at the CeBit conference in Sydney.
“But in doing so our resources were separated, and therefore have not been as efficient as they could be. And with this separation there has been some confusion about who to call, whether you are from government or industry, when you have a cyber security issue.
“In recognition of these circumstances, the government decided to locate our key cyber security capabilities in the one facility and establish the Australian Cyber Security Centre.”

Cyber Security: Need for computer emergency response teams in Africa

Nkechi Isaac, media practitioner, recently said cybercrime, which is crime committed on the cyber space and/or the internet, is one of the fastest growing areas of crime.
Isaac further said more and more criminals are exploiting the speed, convenience and anonymity that modern information and communication technologies offer in order to commit a diverse range of criminal activities.
These criminal activities take in attacks against computer data and systems, identity theft, the distribution of child sexual abuse images, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, and various email scams such as phishing.
“The global nature of the Internet has allowed criminals to commit almost any illegal activity anywhere in the world, making it essential for all countries to adapt their domestic offline controls to cover crimes carried out in cyberspace.
“The use of the Internet by terrorists, particularly for recruitment and the incitement of radicalisation, poses a serious threat to national and international security,” explained Isaac.
The reporter also added that the threat of terrorism forces authorities to address security vulnerabilities related to information technology infrastructure such as power plants, electrical grids, information systems and the computer systems of government and major companies.
Accordingly, governments and major corporations in the African continent seriously need to repel cyber-attacks and recover the systems.
Economic Community of West African States (ECOWAS) Commissioner in charge of Information and Communication Technology, Isaias da Rosa stressed the need to develop a common platform within the African region to address cyber security since cybercrimes transcend borders.
“As a region, Africa must begin to cooperate to deal with cyber threats at national and regional levels. Cyber security is a global challenge and we need to fight it with a strong strategic view, keeping in mind that we need to coordinate and collaborate to better address it,” he said.
“The fight against cybercrime requires collaboration and coordinated effort among all stakeholders such as government bodies, educational institutions, business organisations and law enforcement authorities,” added Rosa.
Eric Tamarkin, Institute for Security Studies consultant, agrees: “To facilitate collaboration and the sharing of cyber threat information in real time, it is essential to have 24/7 cyber-watch centres.”
Africa should therefore develop robust Computer Emergency Readiness Teams (CERTs) to respond to cyber incidents as well as to provide technical assistance to hacked businesses and disseminate timely notifications regarding current and potential threats.
This means that the continent of Africa should establish a body to monitor and report cybercrimes across borders. This body should consist of experienced and well qualified people that can effectively handle computer security incidents.
Purposes of this body should be to provide response to any threat or attack in the cyber space and also to provide support in responding to computer, network and related cyber security incidents. However, to effectively combat cybercrimes in the continent, any approach should involve all critical players such as African governments, industry, civil society organisations and to large extent security agencies.
As custodians of laws, lawmakers must be well trained and sensitised to help implement legislation that addresses cyber threats at all levels. They must also keep up with evolving and sophisticated cybercrime threats.
They should help their respective countries to develop strong cyber security policies, strategies and standards to continually identify existing and potential computer related threats. Policies and strategies should strengthen international cooperation and ensure the development of continental road map that tackles this cancer and fosters economic growth in countries within and across Africa. Furthermore, cybercrime laws should also be updated and strengthened time and again. As the nature of criminality evolves, so too should the laws.
Since information is power, it is critical for stakeholders to raise public awareness about cybercrime – a plague that can ravage Africa and her citizenry.
 “Raising public awareness is equally critical and can serve as a powerful frontline defence. Africa should develop a patchwork of awareness campaigns, funded by both the public and private sector, and policymakers should fund robust multimedia public awareness campaigns, especially during critical periods such as the festive season,” Tamarkin said.
The African Union should push ahead its efforts to curb cybercrime. As the largest political organ in the continent, it should ensure that member states have strong information and computer technology institutions to train cyber security experts with a strong expertise in system administration, security audit, forensic investigation, information security and software development to deal with the future challenges of cybercrime.

Seedy hacker steals 1300 Monsanto client and staff records

Monsanto has admitted credit card data along with names, addresses and US taxation information for 1300 customers and employees was compromised in after hackers broke into its servers.
The March breach affected Monsanto's Precision Planting division which manufactured specialist farming equipment. It came as the agriculture giant pushed to sell big data intelligence services harvested from and disseminated to its customers.
Precision Planting senior counsel Reuben Shelton said in a letter (pdf) sent to the Office of the Attorney General Maryland the attackers were not thought to have sought client and staff data.
"We believe this unauthorised access was not an attempt to steal customer information; however, it is possible that files containing personal information may have been accessed and therefore we are making this notification," Shelton said.
"Files on the affected servers contained personal information, including customer names, addresses, tax identification numbers (which in some cases could be Social Security Numbers), and (in some cases) financial account information.
"Additionally, some HR data was stored on the servers, including some W2 tax forms that contained employee name, address, and Social Security numbers and (for a small number of employees) driver’s license numbers."
The company told specialist agriculture news site Argi-Pulse hackers did not steal customer farming data which was stored on a separate server.
Monsanto has offered affected staff and clients a year of credit monitoring services to combat the risk of subsequent fraud and was reviewing the security of its systems.
The ag giant has been a favourite target of hacktivists. In 2011, members of the Anonymous hacking collective stole and published details of 2500 Monsanto employees.
More recently, members operating under #operationgreenrights last month claimed to have hacked and released 1800 usernames and passwords stolen from companies including Monsanto. In January it released what it claimed were 48 database name records along with login information.

Pirate Bay co-founder arrested in Sweden to serve copyright violation sentence

Fredrik Neij (R) and Peter Sunde (C), two co-founders of the file-sharing website, The Pirate Bay, arrive at the Swedish Appeal Court in Stockholm on September 28, 2010. REUTERS/Anders Wilklund/Scanpix
Fredrik Neij (R) and Peter Sunde (C), two co-founders of the file-sharing website, The Pirate Bay, arrive at the Swedish Appeal Court in Stockholm on September 28, 2010.
Credit: Reuters/Anders Wilklund/Scanpix

Related Topics

(Reuters) - One of the founders of file-sharing website Pirate Bay has been arrested in southern Sweden to serve an outstanding sentence for copyright violations after being on the run for nearly two years, Swedish police said on Saturday.
Peter Sunde had been wanted by Interpol since 2012 after being sentenced in Sweden to prison and fined for breaching copyright laws.
"We have been looking for him since 2012," said Carolina Ekeus, spokeswoman at the Swedish National Police Board. "He was given eight months in jail so he has to serve his sentence."
Ekeus said Sunde had been arrested on Saturday in the southern Swedish county of Skane but she was not able to provide further details.
Four men linked to Pirate Bay were originally sentenced to one year in prison and a fine of 32 million crowns ($4.8 million). An appeals court later reduced the prison sentences by varying amounts, but raised the fine to 46 million Swedish crowns ($6.9 million).
In September, 2012, Cambodia arrested and deported another Pirate Bay co-founder at Sweden's request.
Swedish media reported on Saturday that Sunde may have been living in Germany in recent years and that Sweden's Supreme Court had as recently as May rejected an appeal from him.
"He is extremely talented and I still think that the judgment was wrong," Peter Althin, who defended Sunde during the trial, was quoted as saying by Swedish news service TT.
"It's about being on the cutting edge if one is going to be successful... But if one is too far ahead it is not always about success. Peter fought for file-sharing and in 10 years I think it goes without saying that file-sharing for one's own needs will be allowed."
Pirate Bay, launched in 2003, provided links to music and movie files that were stored on other users' computers. Swedish subsidiaries of prominent music and film companies had taken the company to court claiming damages for lost revenue.
Despite the Swedish court case, the website is still functioning. On its website, Pirate Bay says it is now run by a different organization and is registered in the Seychelles.