The new security posture
Make no mistake about it: one browser exploit, social engineering, spambot and distributed denial of service (DDoS) attack at a time, they are coming for you. Will you be ready?
Whether today, tomorrow or next month, your high visibility and political value will see one sort of attack or another. As the manager of crucial data within a government context, you are intrinsically vulnerable to the ravages of the malicious unknowns – and signs are that things are getting much, much worse.
The general security posture online has become so intense that, among other things, it was recently revealed the Department of Parliamentary Services had had to block the entire .info top-level domain within Parliament House to protect from a perceived high rate of malicious attacks from sites in that domain; the block was eventually rescinded, but not before causing an uproar from Parliamentarians who were less than happy that access to 5.2 million Web sites had been unceremoniously barred as a security precaution.
Access versus security; user expectations versus prudent risk management. Such is life in government where – whether you're running a small local council or a large federal department – you're front and centre in the battle to protect the precious data of your organisation and its thousands or millions of customers.
It's getting worse: the latest Australian Computer Emergency Response Team (AusCERT) annual report found that the number of notifications about compromised Web sites was up 255 percent in 2010 compared with the previous year. AusCERT also saw the number of sites hosting malware jump 111 percent, and the number of compromised hosts or computers surge by 296 percent – correlating with a significant increase in the sophistication of organised 'bot' networks having sophisticated command and control structures.
Fundamental changes in the threat landscape mean that most government bodies, which may have had the same security protections in place for many years, are more than overdue for a security audit and infrastructure upgrade.
Some have already begun this process in a response to the new threats posed by growing mobile usage – which became very real recently after a stolen NASA laptop was confirmed to have contained command codes for controlling the International Space Station. Things are so bad that mobile vendor Research In Motion recently began lobbying the government to provide support for enterprises and departments that began comprehensive reviews of their security provides.
Yet mobility is only one part of the story. Despite security bolt-ons to address issues with mobility, many government bodies are still using old security frameworks and technologies to protect environments that have embraced new technologies such as server virtualisation and cloud computing – each of which brings its own range of issues. Large virtualised environments, for example, require a centralised security infrastructure capable of interfacing with virtualisation hypervisors to proactively scan for threats before they can get near the precious VMs.
Aiming to provide a holistic defence against these and other threats, security vendors are converging around updated 'next generation firewalls' (NFGWs) that group a broad range of security technologies under a common management umbrella.
The NGFW approach is the industry's response to the fast-moving nature of external threats, offering a modular architecture rather than the loosely-affiliated point solutions that typified security platforms in the past.
Next-generation firewalls address a range of Web 2.0-styled threats, anti-bot technologies, DDoS management tools and the like. They also typically interface with cloud-based security tools to keep up with recent developments as they're reported by users, then aggregated by sophisticated reporting engines.
While NGFWs represent new ways of thinking about security on the ground, industry initiatives are working to extend security paradigms to increasingly-popular cloud solutions – a particularly troublesome area given the differing security postures of different cloud providers.
Cloud paradigms also raise issues of data security, privacy of customer information, data sovereignty and more – all of which are being addressed by efforts such as the multi-vendor and user driven Open Data Center Alliance (ODCA), which is developing cloud interoperability standards based on eight indicative usage models.
Such efforts will bear fruit slowly and steadily, as the industry turns itself around a corner and helps guide its customers towards comprehensive threat management platforms. There is still much to be done – but if you haven't started working to identify potential weaknesses in your security perimeter, you're already on the back foot. – David Braue
Federal Police tackle Pacific cyber-security
To protect Australia’s borders, the Australian Federal Police is helping Pacific nations teach their citizens about cyber security Hulking National Rugby League (NRL) stars are helping to protect Australia’s online borders, as part of a program led by the Australian Federal Police (AFP) and the Pacific Islands Chiefs of Police (PICP). Cyber Safety Pasifika, conducted in February 2012, saw two representatives of Police forces from the Cook Islands, Niue, Samoa, Tonga and the Federated States of Micronesia attend a training session in Australia where AFP officers explained how to educate their citizens about online safety. NRL stars with Pacific backgrounds feature in the campaign, which was launched at the home of the Gold Coast Titans.
“If we can get people thinking that they need to be conscious of protection, hopefully we can mitigate the problem,” said Commander Grant Edwards, Manager of Cyber Crime Operations at the AFP. “If fewer malware emails reach Australia as a result, it is a win.”
Edwards told GTR the program was developed because uptake of technology in the Pacific is rapid, but education has lagged behind. Training local Police forces to better educate citizens is therefore an extension of the AFP’s role to offer crime mitigation strategies to neighbours.
“We do that physically with our deployment groups,” Edwards said. “This program aims to give Pacific nations skills to protect from threats in cyberspace as well. We want to give Police in the Pacific that chance to get on the front foot and protect children from cyber criminals. We’ve seen how criminals have taken opportunities online in the developed world. Criminals from countries that don’t have legal systems as robust as ours find it easy to act with impunity around the world.
“The idea was for officers to go into the community and talk to kids and make them aware of the risks. It is not a scare campaign. We want to alert schools and parents and teachers and carers to be careful of the risks.”
The train the trainer day conducted in February was a pilot program developed and offered what Edwards called a “rudimentary level” of education. The next planned step is more detailed training for officers from more Pacific nations, so that each nation’s police force can start and continue their own local education campaigns.
“It was PICP who pushed this,” Edward said.
“We just started it off.” – Simon Sharwood
Agencies must accept the need to shift to the cloud and therefore choose a solution that properly...
South Australia's Auditor General has uncovered a range of deficiencies in the IT security of...
In our annual Leaders in Technology series, we ask the experts what the year ahead holds. Today...