Cyber Security Minister says all governments must work together to abolish cyber threats, while a leading cyber-defence CEO points to managing risk in the supply chain as a key issue.
The Minister for Cyber Security Angus Taylor says the Commonwealth will work to reduce cyber threats to zero through a focus on critical IT infrastructure, collaborating with the private sector, tackling cybercrime and raising public awareness.
Minister Taylor said that collaboration with the private sector “will be a major theme in the coming months” as part of a broader bid to tackle cybercrime nationally and within the federal government which he says “starts with the way we invest and procure.”
“The collective power of agencies is critical. It is clear that government can’t succeed on this alone, we need to work across all agencies in the federal government, the state and local government, the private sector and international agencies and governments if we want to succeed,” he told the CeBIT conference yesterday.
The sophistication of cyber threats was a key topic at the conference, with Minister Taylor pointing to the global and pervasive nature of threats.
“It’s clear to me that if we’re facing adversaries that are increasingly global, well-organised and adept that we have to combat them with the exact same capabilities,” he said.
The move follows a series of measures aimed at tackling cyber threats, including the opening of the Home Affairs ministry, which Minister Taylor said aimed to encourage an inter-departmental approach, as well as the new 24/7 cyber security centre in Canberra.
CEO: minimising risk in the supply chain
Symantec CEO Greg Clark told the Sydney audience that tackling cyber attacks within supply chains is “one of the most relevant things” currently on his desk, saying the industry is at its highest risk level in decades.
A recent Symantec report found a 200 per cent spike in software supply chain attacks, where attackers inject malware implants into the supply chain to infiltrate unsuspecting organisations. These breaches are often sub-tier suppliers of critical IT components or software within systems or products.
Speaking to Government News on the sidelines of the event, Mr Clark said that managing risks in outsourced IT infrastructure and through the supply chain was a key issue.
When asked how the Australian Government can minimise risk in the supply chain through procurement, he recommended a risk framework to “buy risk down and lay risk off.”
“With a risk framework we can assign accountability to the operators to effect change that reduces that risk,” he said.
In 2014, the United Kingdom introduced legislation to improve procurement processes within government by mandating a new cyber security standard for suppliers. The standard, which offers two levels of assurances, means all organisation must comply with the standard if bidding for government contracts.
According to Mr Clark, negotiating terms with suppliers in the procurement process is another crucial standard to mitigate cyber risks.
“I always tell people to be careful when you push seriously low risk terms on your supplier because it only takes one of those to put it out of business and if they’re doing it with hundreds of companies that’s risky,” he said.
New report: spike in government attacks
Meanwhile, a report released yesterday claims the government sector is the fourth most vulnerable to cyber attacks, suffering 13 per cent of all known cyber attacks over the past year, up 5 per cent from the previous year.
Findings from Dimension Data’s NTT Security’s Global Threat Intelligence Report 2018 found an increase in cyber attacks targeting the supply chain.
Mark Thomas, the group’s CTO for cybersecurity, said supply chains are becoming increasingly vulnerable to cyber threats.
“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors. Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property,” he said.
The report found that while Australia is a frequent target, it’s also a major source of attacks. It found that 66 per cent of attacks on the financial sector in the Asia Pacific region originated from Australia.