Tag Archives: cybersecurity

cyber security revenue

Australian cyber security revenue set to triple within a decade

Australian cyber security revenue will soar from A$2 billion in 2016 to A$6 billion by 2026. This comes as part of an upward trend in cyber security spending around the world. US$131 billion was spent on cyber security globally in 2017, with an 88 per cent increase expected by 2026.

With the second-highest ‘cyber maturity’ in the Indo-Pacific and strengths in core skill areas such as quantum computation, wireless technology and high-value hardware, Australia is the ideal growth environment for cyber security businesses.

The statistics have been published in the 2018 update to Australia’s Cyber Security Sector Competitiveness Plan and the first ever Australian Cyber Security Industry Roadmap; both launched on 28 November 2018 by the Australian Minister for Industry, Science and Technology, the Hon Karen Andrews MP.

The 2018 update to Australia’s Cyber Security Sector Competitiveness Plan was developed by AustCyber – the Australian Cyber Security Growth Network, which is part of the Australian Government’s Industry Growth Centres Initiative. The Plan indicates strong growth against the data outlined in the first iteration, released in April 2017, reflecting the rapid evolution of this dynamic sector.

The 2018 update draws on extensive industry consultation and research to provide a fresh picture of the global outlook, the challenges, and the opportunities and priority actions needed to grow a vibrant and globally competitive cyber security sector that enhances Australia’s future economic growth. It also provides a deep dive into the skills and workforce gap, which is one of the key issues impacting the sector’s growth.

The Australian Cyber Security Industry Roadmap brings together the expertise and networks of CSIRO Futures and AustCyber to identify a common vision and map out the road to success in the cyber security sector. World-class scientific and technological expertise is applied to steer business, government and society through the challenges we must navigate over the medium to long term, to seize opportunities across all Australian industries.

CEO of AustCyber, Michelle Price said, “As organisations increasingly rely on digital technologies and the cross sectoral flows of data, the need to protect people and assets from malicious cyber activity is growing. This strong demand for cyber security is creating substantial economic opportunities for Australia and is set to increase cyber security revenue.

“Cyber security is one of the most rapidly expanding sectors worldwide. The aim of the Sector Competitiveness Plan is to invigorate the cyber security industry across business, research and consumer segments to drive growth in the ecosystem, increase exports of Australian solutions, and support Australia to become the leading global centre for cyber security education.”

CSIRO’s Dr Shane Seabrook said, “Cyber security has never been more important, both as an enabler for Australian industry and as a source of economic growth itself. As we integrate data and digital technologies into everything we do, security will be key to our future economic success. International cyber security practices are yet to reach a uniform level – the time to position Australia as a best practice nation for cyber security is now.

“The Cyber Security Roadmap will guide immediate actions that can set the stage for long term success – simultaneously protecting Australia and enabling us to be agile, innovative and competitive on the global stage. We can build our cyber security industry with skills from our world-class education system, testbeds supported by our small but sophisticated market, and alignment with cultures and time zones in our geographic region.”

To help Australia’s cyber security sector pursue growth opportunities and increase cyber security revenue, the Cyber Security Roadmap focuses on digital opportunities likely to be adopted across Australia’s priority growth sectors: Medical Technologies and Pharmaceuticals; Mining Equipment, Technology and Services; Advanced Manufacturing; Oil and Gas; and Food and Agribusiness.

The Cyber Security Sector Competitiveness Plan and Cyber Security Roadmap are available online.

This article was originally published by AustCyber.

Read more about about the Australian cyber security workforce and career opportunities in the Careers with STEM: Code + Cybersecurity Flip Special.

cyberattack

Are you protected?

Last year, the WannaCry cyberattack showed the world the rapid and destructive power of cybercrime. Targeting vulnerabilities in older versions of Microsoft Windows operating systems (OS), the virus rapidly spread between computers and networks all over the world. As a result, hospitals, banks, businesses and various other organisations in over 150 countries were crippled by the anonymous infection, which locked hundreds of thousands of users out of their computers and demanded ransom payments of $300 in the untraceable cryptocurrency Bitcoin.

At least12 Australian businesses reported being affected in the initial cyberattack, with more suspected of suffering without informing the authorities.

Frustratingly, Microsoft had recognised the vulnerability, and issued software ‘patches’ to fix the hole. Yet many companies and individuals either didn’t install the fixes, or were using unsupported, older versions of Windows, leaving their systems exposed.

This global incident was one of several cyberattacks in 2017 costing about $2.5 billion in ransomware payments, according to antivirus software firm Bitdefender. It highlights a common problem in businesses both in Australia and abroad: a weariness or reluctance to deal with computer cybersecurity. Known as ‘security fatigue’, studies in the USA have shown many computer users feel overwhelmed and even bombarded from being on constant alert, adopting safe behaviour and trying to understand the nuances of online cybersecurity issues at work. Yet, with cyberattacks on the rise and becoming ever more sophisticated, there has never been a greater need to adopt secure practices.

“A successful cyberattack can cause major financial, reputational and legal damage to companies,” explains Sanjay Mazumdar, CEO of Data to Decisions Cooperative Research Centre (D2D CRC). “Cybersecurity is not just an IT issue — it is the board and executive’s responsibility to focus on the cyber resilience of their business.”

But what should businesses do to protect themselves? Mazumdar suggests they follow the Australian Signals Directorate (ASD)’s ‘Top 4’ and ‘Essential 8’. “These are simple strategies,” he says. “The mantra all organisations should remember is ‘Catch, Patch and Match’.”

The phrase is an easy-to-remember summary of core cybersecurity actions. If businesses ‘catch’ malicious software by only running a whitelist of approved applications, ‘patch’ their applications and OS with updates, and ‘match’ the right people with the right access, ASD estimates that at least 85% of intrusions can be prevented. As for the remaining 15%, those cyberattacks could still infiltrate security-savvy businesses because current computer systems, no matter how advanced, leave doors ajar for attackers. At the same time cybercriminals are becoming increasingly sophisticated in sniffing out these chinks in the armour and exploiting them.

Because nobody knows where the next breach could come from, it’s critical to have early warning systems so businesses can be told of imminent threats with enough time to protect themselves quickly, thus stemming the spread of cyberattacks.

Organisations such as CERT Australia, the national computer emergency response team, already help Australian businesses understand the cyberthreat landscape and better prepare for, defend against and mitigate cyberthreats and incidents.

“Big data analytics is a critical component of addressing cyberthreats,” says Mazumdar. “It can help with detecting anomalies in a network that indicate malware or Trojan Horse attacks [a computer program that misleads users of its true intent], or in staff behaviour — e.g. downloading unusual amounts of documents — which could be an indicator of an insider threat, like the  Edward Snowden leak in the USA.”

The team has a number of research streams that may ultimately culminate in revolutionary cybersecurity outcomes. For instance, the D2D CRC Integrated Law Enforcement program aims to build a technology that pools and presents data from government, police, armed forces and intelligence agencies. This has led to the spin-off NQRY™. “NQRY specialises in next-generation investigative tools and effective investigation management solutions for law enforcement and public safety organisations — essentially digitising a law enforcement agency’s lines of enquiry,” Mazumdar says.

Another D2D CRC project — Beat the News — has developed an automatic forecasting capacity for law enforcement and national security agencies. This has since been commercialised through D2D CRC’s first spin-off company Fivecast™.

A world-leading forecasting technology, Fivecast is able to automatically and accurately predict the occurrence of future population-level events such as social disruption, political crises and election outcomes. The Minority Report-like technology looks into the future to predict what might happen, when it will happen and why.

Meanwhile, D2D CRC’s Predicting Cyber Exploits project is developing a system to predict when and how a publicly disclosed vulnerability will progress. With funding from the Defence Innovation Hub, the technology resulting from the project will allow decision makers and system maintainers to proactively mitigate high-risk threats before they are actively exploited by cybercriminals, and respond quickly if and when hackers do attempt to exploit the threat.

Ultimately, this results in national security threats like cyberattacks being detected earlier, and a reduction in the probability of them occurring.

Another way to try to predict a cybercrime is for computer security experts to think like cybercriminals. By understanding the weaknesses and vulnerabilities of computer systems and how they can be exploited, they can get a step ahead of the hackers.

This is exactly what Yuval Yarom from CSIRO’s Data 61 and colleagues did to find the Meltdown and Spectre computer vulnerabilities, which were disclosed in January 2018. “By causing the processor to speculatively execute instructions that were crafted for this purpose, we could get secret information from the OS or from other programs,” says Yarom.

Stemming from a design flaw in what is called ‘branch prediction’, where a central processing unit makes an educated guess as to what it will compute or process next, Spectre and Meltdown exploit a vulnerability in devices that are simply doing what they are designed to do. This flaw allows malicious applications to bypass memory isolation in order to access the contents of memory. “Spectre and Meltdown use covert channels to get the secret information,” explains Yarom. The combination of covert channels and branch prediction is what enables the vulnerability, and worryingly this means bypassing traditional security measures, thereby exposing billions of devices.

Although cybercriminals have yet to build functional code to exploit the vulnerability, cybersecurity experts are racing to build patches to protect organisations and individuals worldwide.

Of course, cybersecurity experts would have a much easier job if the computer systems they were attempting to protect were secure by design. Yarom’s Data61 colleague Gernot Heiser has been working on secure OS for 25 years. His 7500 lines of C code that make up the seL4 microkernel — a microkernel being the bare minimum of any OS — was a major breakthrough, as it was the first to be proved  mathematically correct, thereby making it practically unhackable by today’s standards. Unfortunately, seL4 is too expensive for widespread adoption.

Heiser’s work now focuses on reducing the cost of seL4 to make it more affordable and to ensure the microkernel is secure against highly sophisticated future cyberattacks. He thinks that by observing the exact timings of actions, extremely talented hackers may be able to steal encryption keys and thereby eavesdrop on communications, or even masquerade malicious code as legitimate services. Heiser is now enhancing the microkernel against these ‘timing side channels’. “Fundamentally we’re developing OS technology for keeping systems secure,” he says.

-Ben Skuse

Core code

Featured image above: Gernot Heiser. Credit: Quentin Jones

We trust computer systems every day – but trusted systems are rarely entirely trustworthy. Laptops can crash, servers can freeze, and personal details can be stolen. Even pacemakers can be hacked.

“The complexity of the systems we’re building has grown much faster than our ability to deal with it,” says Gernot Heiser, a professor of operating systems at UNSW and chief research scientist at Australia’s digital research network, Data61, a division of the national science agency CSIRO. “The result is an appalling lack of dependability.

“As critical tasks like controlling medical devices, mobile phones, industrial plants and airplanes become ever more technology-dependent, trust should not be taken for granted,” he adds.

Is it even possible to write truly trustworthy code? Heiser thinks so – which is why he has spent the past decade developing secure microkernels, the core on which dependable operating systems can be built. By itself, a microkernel does not provide useful services, but contains the core mechanisms on which to build them.

Working with UNSW colleagues Gerwin Klein and Kevin Elphinstone, Heiser sparked excitement among experts when the team proved that all 7,500 lines of C code in his seL4 microkernel were mathematically correct. May not sound like much, but this is incredibly difficult to achieve.

“It is hard to comment on this achievement without resorting to clichés,” quipped Lawrence Paulson, a noted leader in theorem proving and a professor of computational logic at the University of Cambridge.

June Andronick, a principal research scientist at Data 61, who specialises in the verifiability of software systems, adds: “What Heiser and his team have done, and keep doing, is to strengthen the guarantees that can be provided about software by orders of magnitude, while maintaining very good performance for real-world use.”

A big test of Heiser’s seL4 microkernel came in 2015, when the US Defense Advanced Research Projects Agency gave hackers unfettered access to the on-board computer of an autonomous Boeing AH-6 helicopter gunship. Their task was to hijack the microkernel and take control. While hackers easily commandeered the helicopter when it hosted other software, they could not crack the on-board computer when it ran on seL4 .

A predecessor of the secure seL4 software – known as OKL4 – may already be in your pocket. Heiser set up Open Kernel Labs in 2006 to commercialise his OKL4 microkernel. The company was later bought by General Dynamics, after which “our technology ended up in the pockets of billions of consumers,” says Heiser. OKL4 is now on the security processor of all Apple iOS devices.

But there are still important weaknesses. “Observing exact timings of actions can leak secrets, via so-called ‘timing side channels’, giving attackers the ability to eavesdrop on communication or even masquerade their malicious code as legit services,” says Heiser. His team is now working to prevent such failures by blocking any given process from unduly influencing the execution speed of another process – and eventually proving that this works.

The second weakness is price. The development cost of the seL4 microkernel was about three times that of comparable unverified, vulnerable software. But Heiser thinks he can make the software affordable for everyone.

“If we manage to eliminate this factor-three cost gap to standard software, we’re totally changing the world of software systems.”

– Ben Skuse

For more stories at the forefront of engineering research, check out Ingenuity magazine.

Fight club at cybersecurity MOOC

In 2012, the Australian Prime Minister’s Office – together with Cisco, Microsoft and Facebook – established an annual hacking competition to find the next generation of web security talent. Student teams from across the country compete in the 24-hour hackathon. And every year, for the past four, Richard Buckland’s students have blown the competition away – taking 1st, 2nd  and 3rd.  “Every year, we blitz it,” says Buckland, head of the Security Engineering Lab and a professor of cyber security at UNSW’s School of Computer Science and Engineering and creator of a cybersecurity MOOC (massive open online course). “So I think we’re doing something right.”

What he does right is organise courses that teach cybersecurity through a series of hands-on exercises, using cloak-and-dagger collaborative games that ignite his students’ enthusiasm. This approach flips the standard teaching model, so that students are taught offence as a way to develop defence; and, in the process, come to understand the mindset of the hacker.

“In addition, we partner with experts to bring in real-world scenarios to the classroom,” Buckland says. Sometimes, these are industry gurus in banking and telecommunications. Sometimes they are badass hackers.

“I can give the students an overview and tell them the theoretical aspects, but then we have cyber community leaders show them how to actually do it,” he says. “I think the role of teachers is to lift our students up above us.” 

Cyber defender Richard Buckland at work with students.

The program’s alumni have brought this collaborative ethos into the corporate world. “I’ve seen the emergence of a community of security professionals who work together, not just for the interests of their own company, but for security in general,” says Buckland.

There is a huge supply and demand problem for cybersecurity professionals. A recent report by US-based market research company Cybersecurity Ventures estimates cybercrime cost companies US$4 trillion in 2015, and is set to rise to US$8 trillion annually by 2021. 

It’s a criminal epidemic that can only be fought by cybersecurity experts, a profession that is itself growing at a rate of 18% annually, according to the US Bureau of Labor Statistics. 

Cisco estimates there are more than a million unfilled security jobs worldwide. “In the early days, companies just repurposed rebels and old-style malcontent hackers, dressing them in suits and paying them lots of money,” says Buckland. “That was a really great solution. Until the pool ran dry.”

Now that cybersecurity experts need to be mass produced, the burden is falling to universities. “But no one worldwide really knows how to do it – there isn’t yet expertise on training up the rebels and breakers you want.” 

Teaching the mindset of a hacker via cybersecurity MOOC

To help quench demand, Buckland is developing a series of massive open online courses (MOOCs) for anyone to learn cybersecurity, as part of a A$1.6 million SEC.EDU partnership with the Commonwealth Bank of Australia to expand UNSW’s cybersecurity teaching resources and curriculum.

Already, almost 20,000 budding cyber defenders have signed up to the introductory cybersecurity MOOC, 60% of them from Australia, ranging from information technology professionals wanting to brush up on the latest technical knowhow, to schoolchildren – even miners and taxi drivers who want to reskill.

Perhaps most crucial are the many teachers and lecturers taking the course, exponentially increasing Buckland’s reach. “For university academics who have been brought up in a traditional non-hacker way, cyber is a little bit scary to teach,” he says. “Academics can borrow our lecture notes and course materials, or just be influenced to – I hope – become believers in the particular way we teach cyber.”  

Buckland’s cybersecurity MOOC is hosted on Open Learning, Australia’s first MOOC provider and a company he co-founded in 2012 with former student and now chief executive Adam Brimo. Designed to deliver more engaging courses online, the platform features lecture videos and exercises, along with wikis and social media-style technologies to allow people to interact and collaborate.

And Buckland is not just focusing on young adults and professionals. Aiming to instil a cybersecurity mentality at an early age, he goes into primary schools to teach kids the basic mindset of a hacker and how to protect against cybercrime. “I’m trying to get the kids to scam each other in a controlled way, because I think then they get to understand how scams work and how to be defensive against them.”

– Ben Skuse

Featured image: Suzanne Elworthy

Read about the collaborative opportunities presented by cybersecurity challenges here.

growth centres

The bigger picture

Featured image above: the Medical Technologies and Pharmaceuticals Industry Growth Centre, MTPConnect

The Growth Centres launched in October 2015 with $250 million in government funding to 2019/2020. With six now up and running, new collaborations, with the CRCs and others, are beginning to bear fruit.

Take the pioneering idea of using a 3D printer to build joints and limbs damaged through cancer or trauma. The Medical Technologies and Pharmaceuticals (MTP) Industry Growth Centre, MTPConnect, extended BioFab3D@ACMD a grant to set up Australia’s first robotics and biomedical engineering centre within a hospital.

A group of researchers, clinicians, engineers and industry partners will work together to build organs, bones, brain, muscle, nerves and glands – almost anything that requires repair – for patients based at St Vincent’s Hospital Melbourne. One of the big benefits is that the 3D printing will be more cost-effective for patients.

The path for BioFab3D from clever research to commercial success is still a long, complicated one. Collaboration is key and BioFab3D is working with St Vincent’s Hospital Melbourne, University of Melbourne, University of Wollongong, RMIT University and Swinburne University of Technology.

According to Sue MacLeman, CEO of MTPConnect, Australia has many strong and innovative medical and health groups that are on the cusp of realising their full commercial potential.

This is where CRCs come in. “CRCs already have research before it is picked up by the multinationals,” she explains. MacLeman says MTPConnect works with 12 CRCs and aims to help drive their commercial success.

“The MTP sector is hindered by constraints including a lack of collaboration between business and research, skills shortages, the need for more focused investment, and the need for more streamlined and harmonised regulatory and market access frameworks,” says MacLeman.

To meet these challenges the Australian government has provided six Growth Centres (see “Six of the best” below) with funding to help smart projects realise their full potential.

“Growth Centres have an enormous range of things to do. Everyone wants them to do everything. They work in tight timeframes,” explains Professor Robert Cowan, CEO of The HEARing CRC, which has been meeting with MTPConnect.

“We have 48,000 people in our sector, but we can’t speak to all of those people,” explains MacLeman. The MTP is well served by membership organisations such as Medicines Australia, the Medical Technology Association of Australia, and ARCS Australia (previously the Association of Regulatory and Clinical Scientists), adds MacLeman. It has signed a number of memorandums of understandings (MOUs) with membership associations to appreciate what is important in the sectors, particularly global best practice.

But Growth Centres need to remain independent, not heavily skewed to certain groups, says MacLeman.

“What is important is that we don’t take paid membership. You can sign up and showcase your work, but we want to keep it independent and not to be seen as a lobby group.

“That is very powerful for us. To have a strategic voice and a lot of alignment.”

Collaboration was essential for The HEARing CRC when it recently trialled an electrode that released an anti-inflammatory drug into the cochlear post-implantation. The trial brought together devices, drugs, analysts and the ethical and regulatory approvals.

“This new electrode array helps reduce inflammation and the growth of fibrous tissue around the electrode array triggered by the body’s immune response,” says Cowan.

Unlike a drug trial that involves hundreds and thousands of patients, the trial could be tested on a small number of people undergoing surgery. The world-first study was only possible through an interdisciplinary team of researchers, engineers and clinicians from Cochlear, the Royal Victorian Eye and Ear Hospital, the Royal Institute for Deaf and Blind Children’s Sydney Cochlear Implant Centre, The University of Melbourne and the University of Wollongong.

Cowan says he expects MTPConnect will provide assistance to med-tech companies and research institutes in finding and developing new markets, collaborators and investors for Australian medical technologies.

Growth centres for the future of mining

The mining industry is also tapping into groundbreaking research coming out of universities through CRCs and engaging with the new mining equipment, technology and services (METS) growth centre, METS Ignited.

Extracting minerals from the Earth has become much more challenging. Mineral grades are dropping as reserves are being used up and environmental issues are impacting on mining operations. As a result, mining companies are looking at new ways to extract minerals, using technology as cost-effectively as possible.

“The downturn in the mining market is really focusing the mind,” explains Clytie Dangar, general manager, stakeholder engagement at the CRC for Optimising Resource Extraction (CRC ORE). “We can’t afford to stand still.”

CRC ORE has around 20 active research programs that span robotics, mathematics, data science, predictive modelling as well as broad engineering that focuses on blasting techniques and efficiently extracting minerals from waste. Dangar says the CRC has total funding of $110 million up until mid-2020. This is made up of $37 million from the government and the balance from industry.

CRC ORE and METS Ignited signed a MOU in January to work together to improve commercialisation and collaboration outcomes for Australian METS companies.

Australia has the world’s largest reserves of diamonds, gold, iron ore, lead, nickel, zinc and rutile (a major mineral source of titanium), according to METS Ignited. “Australia is at the forefront of mining innovation over the years. A lot of countries have looked at Australia, certainly over the boom years. The challenge is to stay there when the money isn’t there and the nature of the reserves has changed. One way is to utilise the skill set,” says Dangar.

With sharp falls in commodity prices, mining companies are keen to participate in game-changing technology, she says. CRC ORE is engaging with big miners, such as Newcrest and BHP Billiton. It’s also tapped into the $90 billion mining sector, together with universities and PhD students who are carrying out innovative research.

The role of the Growth Centre is to link up all the stakeholders and capture the research, says Dangar.

“It is important to be well engaged. Our job as a CRC is to translate the needs of the miners to the researchers and make sure the researchers are addressing those issues.

“It is very applied because we have a short timeline. We must meet our guidelines and we provide small buckets of funds in grants,” says Dangar.

The key is being nimble as well as courageous in supporting research, even though it may not always work, says Dangar. CRC ORE is not in the business of funding long-term research with a horizon of seven to 10 years, but prefers a two- to three-year timeframe.

“In the past, there was a natural tension between METS and miners, but now they can’t wait until it is up and running,” explains Dangar. “Miners need to support METS earlier.”

Some of Australia’s step-change advances in mining include flotation to separate materials, bulk explosives, mechanised mining and large mills. One of the biggest issues for miners is how to separate metal from rock more efficiently. Dangar says CRC ORE is working on solving this problem to lower unit costs, and reduce energy and water consumption. Some of these approaches helped Newcrest Mining get better mineral grades at a cheaper cost at its Telfer mine in Western Australia.

“A lot of mining companies had their own research departments, but some of the issues are industry-wide issues, and it is better to be collaborative than go it alone,” says Dangar.

Six of the best

1. The Advanced Manufacturing Growth Centre Ltd (AMGC) is working with the Innovative Manufacturing CRC, which kicked off in the 2015 CRC funding round. In February, the AMGC funded Geelong’s Quickstep Holdings, a manufacturer of advanced carbon fibre composites, to the tune of $500,000. The AMGC believes the project has the potential to generate export revenue in excess of $25 million.

2. The Australian Cyber Security Growth Network is an industry-led organisation that will develop the next-generation products and services required to live and work securely in our increasingly connected world.

3. Food Innovation Australia Ltd (FIAL), based at the CSIRO in Victoria, works closely with the relevant CRCs. CRCs have a long history of work in food and agriculture and have included the Seafood CRC, Future Farm CRC, CRC for Innovative Food products and many more.

4. MTPConnect covers the medical technologies and pharmaceuticals sector and includes the Wound Management Innovation CRC, Cancer Therapeutics CRC and HEARing CRC as members, among others.

5. National Energy Resources Australia (NERA) is the Oil, Gas and Energy Resources Growth Centre, and will work with the CRC for Contamination Assessment and Remediation of the Environment (CRC CARE) to “encourage industry-focused research and unlock commercial opportunities”.

6. NERA also has links with the mining equipment, technology and services growth centre, METS Ignited, which works closely with the CRC for Optimising Resource Extraction (CRC ORE).

– Susan Hely

cyber crime

Creating a secure and resilient economy

Collaboration is a term frequently used in business and across many industries. It’s one I have come to hear often across my Small Business, Innovation and Trade portfolios, and it is also a term that causes much confusion – what exactly is collaboration?

I am regularly asked this when I talk about collaboration and why I think it’s important. I concede that it can sometimes be thrown around so much that it starts to look like a meaningless buzzword, and has perhaps become something of a cliché used by people when they want to look like they’re solving problems or pursuing innovation.

That being said, I genuinely believe in the importance of collaboration. It’s important that we work with others, that we share our knowledge and our resources to get better outcomes to the challenges we are facing.

With the world becoming increasingly digitised, it has never been more important for collaboration to occur across all sectors of our own economy, and across global economies.

The online world knows no geographical boundaries. So we have no choice but to collaborate. We need to work with our industry bodies, with global organisations and other governments to ensure we have the best capabilities to deal with whatever comes our way.

The challenge of cyber crime

The ever growing cybersecurity industry is the perfect example of why we need global collaboration. Cybersecurity not only safeguards the digital economy so that it can continue to grow, generate jobs and create a resilient economy into the future, it also ensures our online privacy and prevents cyber crime.

The Internet of Things (IoT), along with other technologies, is creating an almost totally connected world – gone are the days when we only needed to worry about protecting our personal computers. Instead we now need to protect vast networks of devices that span our offices, building sites, shopping centres, public transport systems and homes.

In 2016, the average Australian household had nine internet connected devices. While this may seem like quite a substantial number, it is expected to more than triple to 29 by 2020 and will also include devices such as fridges, televisions and indeed entire households that will run remotely.

Predicting patterns of cyber crime

While the IoT offers exciting opportunities to enhance our lives, it also offers opportunities for hackers to commit cyber attacks. Unlike traditional forms of crime, these attacks don’t just come from people living in your neighbourhood, state or country, they can come from anywhere in the world at any time of the day and from any device.

The only way we can ensure that we are best prepared to deal with these attacks is if we can predict patterns of cyber crime and learn how to mitigate it – this is where collaboration becomes crucial.

Shared knowledge is not just a good way to combat cyber crime, it is in fact the only way we will be able to succeed against it. The biggest problem with combating cyber crime is the speed at which technology advances – meaning it is vital that various agencies and organisations around the world are working together and sharing their knowledge and experience concurrently.

While the benefits of working together to combat the world’s biggest form of crime has its benefits, collaboration across the cybersecurity industry is itself is very valuable with the potential to create huge economic benefits for those in the game. Currently, cybersecurity industry’s estimated worth is over US$71 billion globally. This value is expected to double by 2020.

This industry has the potential to be a huge driver for Australian jobs and the economy, which is why Victoria is investing heavily in collaboration and collocation of allied interests.

In the past two years we have created Australia’s biggest cybersecurity cluster right in the heart of Melbourne. This hub includes Data61, the digital research arm of the CSIRO and Australia’s leading digital research agency; and the Oceania Cyber Security Centre, which brings together eight Victorian universities and major private sector partners.

Collocating at the Goods Shed in Melbourne’s Docklands precinct, the Oceania Cyber Security Centre will also work in partnership with Oxford University’s world-leading Global Cyber Security Capacity Centre, Israel’s Tel Aviv University, and the State of Virginia, the largest defence state in the USA.

These organisations and initiatives are undoubtedly reputable and capable of doing great things. Combining their knowledge and resources in a collaborative way creates an internationally connected cybersecurity powerhouse.

In Victoria, we are now leading Australia’s cybersecurity industry and emerging as a dominant player in the Asia Pacific but we cannot do it alone – we have acknowledged that, we have made moves to change that. In doing so we are increasing our cybersecurity capabilities and helping our allies to increase theirs.

While cybersecurity is a great example of how collaboration is currently working to secure the future of our digital economy, in many jobs and across many industries the situation is the same. In truth, it is simple – if you don’t work with others and learn from their mistakes or value their skills, you are sure to fail.

Hon Philip Dalidakis MP

Victorian Minister for Small Business, Innovation & Trade

Read next: Professor Zdenka Kuncic, Founding Co-Director of AINST, sheds light on opportunities to collaborate and accelerate through the U2B model.

Spread the word: Help Australia become a collaborative nation! Share this piece on collaboration against cyber crime using the social media buttons below.

More Thought Leaders: Click here to go back to the Thought Leadership Series homepage, or start reading the Digital Disruption Thought Leadership Series here.

cyber security

Cyber warfare: a battle plan

The Australian Cyber Security Centre (ACSC) 2016 Threat Report, just released, has some concerning details about the state of Australia’s cyber security. The report highlights the ubiquitous nature of cyber crime in Australia, the potential of cyber terrorism, and the vulnerability of data stored on government and commercial networks.

Several factors are driving these vulnerabilities. And there is considerable work to do to address them.

The cause

A big driver is the maturation and “professionalisation” of cyber criminals. They have businesses, plans, and online fora (support services offered in many languages). There are even services a potential criminal can easily hire – with botnets used for DDoS attacks going for as little as A$50. DDoS stands for Distributed Denial of Service, and involves attackers sending swarms of bots to overwhelm networks. Recently, DDoS attacks have been getting extremely powerful.

Eugene Kaspersky, chief executive of security group Kaspersky Lab, recently explained that:

“as the criminals mature in their operations, the criminals are now offering … “crime-as-a-service” … they are now moving to attacking transportation, and manufacturing … criminals are now hacking coal mine haulage trains, to steal coal or decreasing temperatures inside fuel tanks to steal 3% of fuel with every tank.”

The internet is a weapon

We have reached the stage at which the internet has been weaponised. This word was previously only used to discuss events such as Stuxnet, which was a cyber attack on an Iranian nuclear facility thought to be carried out by the United States and Israel. I would suggest we can extend this concept and realise that the internet’s corporate, personal and government systems now resemble weapons and weapon systems.

An old-fashioned criminal with a gun could hold up a bank and take customers’ money. Today’s criminal, depending on the size of their network-based “weapon”, can take our money, our data, our secrets, or disempower us by disabling our electricity, gas or water supply.

We are beyond a point of no return in our reliance on computers and networks, and the demand for innovation in technology is heightening our cyber security problem all the time.

So what should we do?

In a recent discussion paper, my colleague Greg Austin and I wrote:

“When it comes to addressing threats from advanced technologies, since Australia is a free and open society facing few enemies, and none that are powerful, the country has been … behind the pace. Awareness in the broader community and even in leadership circles of the threats from advanced technology is quite weak.”

We commended the Turnbull government, its innovation strategy, its Defence White Paper, and its Cyber Security Strategy. However, we also noted that:

“…there is a large gap between US assessments of advanced technology threats and the Australian government’s public assessments. These gaps have important policy implications, as well as negative impacts on the security and prosperity to Australians… The country’s education and training policy needs to make giant steps, of which an enhanced STEM approach is only one, and one that will have no strong pay-offs in the next decade at least.”

We are in a situation where Australia greatly lacks a trained and experienced cyber security workforce. Existing staff are fully stretched. We have only a trickle of students in the right disciplines in the VET and Higher Education pipelines. We also lack a local cyber security industry and we find that cyber security solutions are largely supplied by the United States, Israel, Europe, and Russia. We are forced to believe the vendors’ rhetoric rather than rely on local expertise.

A checklist for national cyber security

To remedy this situation we created a checklist for effective response to the cyber security situation that exists nationally:

  1. The states and Commonwealth should commit to a fast track process to set up a national cyber crime fighting unit to capture and convict more cyber criminals. This should include research staff, funded to at least $20 million per year for ten years.
  2. Australia needs to consider creating a National Cyber Security College to get focus and concentrate expertise. Such a body could help generate the following necessary actions:
  • Establish nationally approved undergraduate curricula across a range of disciplines in cyber security, using rewards to ensure that teaching is carried out to some national established standard.
  • Establish TAFE curricula at Certificate 1-6 since not all jobs are for graduates.
  • Determine a transition plan so professionals from a range of specified disciplines can be upskilled and converted into cyber security professionals.
  • Devise a dedicated, well-funded plan to generate the 8,000 to 10,000 cyber security professionals needed in the next few years.
  • Consider developing a private system and sector-specific initiatives for hybrid education initiatives around the country.

We would not leave our houses unlocked and allow criminals to walk in and steal our possessions. We now need to come up with clever ways of securing the cyber world and protecting Australians and our economy.

– Jill Slay

Director, Australian Centre for Cyber Security, UNSW Australia

This article was first published by The Conversation on October 12 2016. Read the original article here.

Quantum computing revolution

Technology that encodes information in photons (particles of light) could lead to vastly increased speeds of telecommunications and computing and significantly enhanced levels of cybersecurity – and a quantum computing revolution.

However, to date, quantum information processing has only been shown in some materials, many of which would be impractical to manufacture because of limitations of size, or the need to keep them at ultra-low (cryogenic) temperatures.

Now, for the first time, researchers from the University of Technology Sydney (UTS) have developed a room temperature, thin material that emits single photons. The results were announced in a letter published in Nature Nanotechnology on 26 Oct 2015.

Quantum information processing

Quantum computing revolution
UTS research team, from left: Igor Aharonovich, Trong Toan Tran, Kerem Bray, Mike Ford and Milos Toth.

Quantum information processing seeks to use photons to encode information to create a quantum ‘bit’ of information, or qubit. Qubits are to quantum computers what bytes are for computers today – a vital ‘unit’ of information. But qubits can operate much faster than the bytes we use in computing today, and because of their nature could revolutionise not only computing speeds but also cybersecurity, as they can encrypt information in a near flawless system.

Previously, single-photon-emitting devices have been created in semiconductors such as diamond and silicon carbide, or exotic materials such as nanocrystal quantum dots or carbon nanotubes, the researchers say. But ideally, a quantum computing chip would need to be created from a product that is easily manufactured.

“We found the first 2D, single photon emitter that works at room temperature,” said Professor Mike Ford, Associate Dean (Research and Development), Faculty of Science at UTS and co-author of the new study.

“There are other 2D materials that emit single photons but you have to freeze them down to liquid nitrogen or liquid helium temperatures [-200°C to -269°C],” he said.

Two-dimensional materials are crystalline structures consisting of a single layer of atoms. A well-known 2D material is graphene – a hexagonal lattice of carbon atoms. Researchers at UTS used defects in single layers of hexagonal boron nitride to explore the materials’ quantum emitting properties and found that it was able to emit a single photon in one unimaginably tiny pulse of light.

Quantum computing revolution
Image by UTS: 2D nano-flakes emit red photons for quantum communication technologies.

“That’s important because one of the big goals is to make optical computer chips that can operate based on light rather than electrons, therefore operating much faster with less heat generation,” said Ford.

“Traditional LEDs [Light Emitting Diodes] emit a stream of photons. But by making light sources that emit one photon at a time, you can control the emission of individual photons,” he said.

This is critical to the development of quantum communication technologies because single photons are needed in order to tap into the quantum effects of particles.

“The emission of individual photons is important for quantum communications because it means that encryption techniques can be put in place to make systems more secure,” said Ford.

“You can create very secure communication systems using single photons,” explained Associate Professor Igor Aharonovich. “Each photon can be employed as a qubit (quantum bit, similarly to standard electronic bits), but because one cannot eavesdrop on single photons, the information is secure.”

Quantum computing revolution

This breakthrough could open new opportunities in quantum optics, a field of quantum physics dealing specifically with the interaction of photons with matter, and could herald the beginning of a transition to technologies and devices using photons, rather than electrons, to carry information.

Because hexagonal boron nitride emits quantum photons at room temperature, it can be placed into very small devices, like nanophotonic circuits.

“This material is very easy to fabricate,” said PhD student Trong Toan Tran. “It’s a much more viable option because it can be used at room temperature; it’s cheap, sustainable and is available in large quantities.”

“Ultimately we want to build a ‘plug and play’ device that can generate single photons on demand, which will be used as a first prototype source for scalable quantum technologies that will pave the way to quantum computing with hexagonal boron nitride,” he said.

– Carl Williams

protect yourself from cyberattack

Four things to protect yourself from cyberattack

It’s easy to get lost in a sea of information when looking at cybersecurity issues – hearing about hacks and cyberattacks as they happen is a surefire way to feel helpless and totally disempowered.

What follows is a sort of future shock, where we become fatalistic about the problem. After all, 86% of organisations from around the world surveyed by PwC reported exploits of some aspect of their systems within a one year period. That represented an increase of 38% on the previous year.

However, once the situation comes into focus, the problem becomes much more manageable. There are a range of things that can we can easily implement to reduce the risk of an incident dramatically.

For example, Telstra estimates that 45% of security incidents are the result of staff clicking on malicious attachments or links within emails. Yet that is something that could be fairly easily fixed.

Confidence gap

There is currently a gap between our confidence in what we can do about security and the amount we can actually do about it. That gap is best filled by awareness.

Many organisations, such as the Australian Centre for Cyber Security, American Express and Distil Networks provide basic advice to help us cope with future shock and start thinking proactively about cybersecurity.

The Australia Signals Directorate (ASD) – one of our government intelligence agencies – also estimates that adhering to its Top Four Mitigation Strategies would prevent at least 85% of targeted cyberattacks.

So here are some of the top things you can do to protect yourself from cyberattack:

1 Managed risk

First up, we need to acknowledge that there is no such thing as perfect security. That message might sound hopeless but it is true of all risk management; some risks simply cannot be completely mitigated.

However, there are prudent treatments that can make risk manageable. Viewing cybersecurity as a natural extension of traditional risk management is the basis of all other thinking on the subject, and a report by CERT Australia states that 61% of organisations do not have cybersecurity incidents in their risk register.

ASD also estimates that the vast majority of attacks are not very sophisticated and can be prevented by simple strategies. As such, think about cybersecurity as something that can managed, rather than cured.

2 Patching is vital

Patching is so important that ASD mentions it twice on its top four list. Cybersecurity journalist Brian Krebs say it three times: “update, update, update”.

Update your software, phone and computer. As a rule, don’t use Windows XP, as Microsoft is no longer providing security updates.

Updating ensures that known vulnerabilities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cybersecurity expertise of experts in the field.

3 Restricting access means restricting vulnerabilities

The simple rule to protect yourself from cyberattack is: don’t have one gateway for everything. If all it takes to get into the core of a system is one password, then all it takes is one mistake for the gate to be opened.

Build administrator privileges into your system so that people can only use what they are meant to. For home businesses it could mean something as simple as having separate computers for home and work, or not giving administrator privileges to your default account.

It could also be as simple as having a content filter on employee internet access so they don’t open the door when they accidentally click on malware.

4 Build permissions from the bottom up

Application whitelisting might sound complicated, but what it really means is “deny by default”: it defines, in advance, what is allowed to run and ensures that nothing else will.

Most people think of computer security as restricting access, but whitelisting frames things in opposite terms and is therefore much more secure. Most operating systems contain whitelisting tools that are relatively easy to use. When used in conjunction with good advice, the result is a powerful tool to protect a network.

The Australian Signals Directorate released a video in 2012 with an overview of cyber threats.

Protect yourself from cyberattack: Simple things first

Following these basic rules covers the same ground as ASD’s top four mitigation strategies and substantially lowers vulnerability to protect yourself from cyberattack. If you want to delve deeper, there are more tips on the ASD site.

There are many debates that will follow on from this, such as: developing a national cybersecurity strategy; deciding if people should have to report an incident; the sort of insurance that should be available; what constitutes a proportionate response to an attack; and a whole range of others.

Each of those debates is underpinned by a basic set of information that needs to be implemented first. Future shock is something that can be overcome in this space, and there are relatively simple measures that can be put into place in order to make us more secure. Before embarking on anything complicated, you should at least get these things right to protect yourself from cyberattack.

This article was first published by The Conversation on 16 October 2015. Read the original article here.