Australia's cyber defender clueless about origin of 40 per cent of cyber attacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://news.theage.com.au/it-pro/security-it/australias-cyber-defender-clueless-about-origin-of-40-per-cent-of-cyber-attacks-20141202-11yglq.html

Australia's chief cyber security defender has revealed the government has
no idea where about 40 per cent of cyber attacks against our country come
from.

Major-General Stephen Day, head of the federal government's new Australian
Cyber Security Centre in Canberra, made the comments on Monday evening at
the NSW Law Society's Thought Leadership series.

"Where I come from, we have the nation's most sophisticated detection
capabilities and we have among the best brains at work in cyber security in
our country," he said.

"[But] about 40 per cent – there or thereabouts – of what we see we can't
attribute to anyone, whether it's criminal, whether it's espionage or
whether it's sabotage.

"In other words where the originator does not want to be found it can be
mightily difficult to attribute these sort of actions."

According to General Day, there were about 900 cyber-security related
incidents against the Australian government and some of the country's
biggest companies last year. This did not include some of the unsuccessful
attempts against the organisations, he said.

Asked if he would ever support companies or governments hacking back to
retrieve stolen data, General Day said "in time" but it would be difficult.

"It's called ... 'active defence'. There's a lot of talk about it. My own
view is that in time it might be something that gets done but it's very
difficult because ... attribution is difficult," he said.

"And even once you think you know who's done it, actually getting to the
source is an extraordinarily difficult and expensive thing to do."

In an appearance at the University of Canberra earlier this year, General
Day argued that his lack of a deep knowledge in cyber security was actually
an advantage to the government.

"I am an ordinary, garden-variety soldier," he said. "I have no special
expertise in cyber, and ...  I actually think that is an advantage," he
said.

He also argued it was a common mistake to leave cyber security in the hands
of IT professionals.

"Environmental engineers maybe the people to work with us to keep the air
healthy, but there's no way we would use or leave environmental scientists
to work out the future of air travel, or to design military campaigns
through air," he said.

General Day also said then that he thought the federal government was up to
scratch when it came to defending against cyber attacks. The same couldn't
be said for state governments.

"We haven't reached a critical mass of understanding in the state
governments yet," he said. "There are some who are at the very good end of
the freeway and there are some at the opposite end as well."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!