Local government should have in place a cyberattack response plan, says a security expert.
“Understanding what you would do and who would be responsible for what actions cannot be overestimated,” James Kay – director of the National Cyber Watch Office at the Australian Signals Directorate – told delegates at a tech summit in Sydney this week.
“The threat environment in which we operate demands a shift towards proactive risk negation, adversarial threat modelling and a cohesive cyber threat intelligence-driven strategy,” added Kay – a key speaker at the Tech Leadership Summit hosted by national local government peak the Australian Local Government Association.
The 100-or so delegates – including mayors, shire presidents and councillors from across Australia – were presented with some sobering statistics.
Over the last financial year, ASD responded to more than 1,100 cybersecurity incidents. While that number is consistent with the previous year, delegates were told cyberattacks are becoming increasingly more sophisticated.
The intelligence agency’s hotline received more than 36,700 calls last financial year, said Kay – 100 every day, a 12 per cent increase on the previous year. In all, there were more than 87,400 reports of cybercrime in Australia during the period – about one report every six minutes.
No organisation is immune
There are three types of cyber actors the ASD regularly deals with, delegates heard: run-of-the-mill criminals “looking for a pay day” by opportunistically scamming organisations and individuals; hacktivists out to “menace and degrade entities’ reputations”; and state-based actors – “the ones that keep me and my colleagues up at night”, said Kay.
“They’re quiet, they’re clever and they’re well resourced,” he added. “They can be attacking for the purposes of reconnaissance and pre-positioning for cyberattacks on Australian networks. They will wait until a time of their choosing to deny, degrade or disrupt critical services.”
Kay advised delegates – “particularly those who operate critical infrastructure” such as water systems – that their primary concern should not be cyber criminals breaching data “but a state-sponsored actor shutting down or disrupting operations”.
Delegates were advised to thoroughly comprehend their LGA’s network “to understand what’s important and what’s not; we refer to this as understanding the crown jewels – a system that needs protecting at all costs”.
Cybersecurity starts with procurement, said Kay. “ASD recommends building cybersecurity into your procurement so that you’re starting with a great baseline.”
Kay also recommended four actions councils could implement to mitigate “up to 80 per cent of cybersecurity incidents”.
- enable multi-factor authentication
- set devices to update automatically
- remove apps that are no longer needed
- power cycling devices once a day.
“That literally means turning them off and on again,” said Kay. “If you have low-level malware on your phone, power cycling gives the phone the opportunity to reboot and maybe kick the malware off the system.”
Councils were encouraged to engage with the ASD so as to be aware of the latest cyber threats. “This will help inform your understanding of the risks,” said Kay, who warned delegates: “Absolutely no organisation is immune.”
Leave a Reply