Stilgherrian

The week of Monday 9 to Sunday 15 October 2017 was quite productive, as you’ll see. Read on!

Articles

The first of these articles is the final one related to the launch by foreign minister Julie Bishop of Australia’s first International Cyber Engagement Strategy. See last week’s wrap for the first two.

• Cyber attribution isn’t so important, even for nation states, ZDNet Australia, 9 October 2017.

On Tuesday, the Australian Cyber Security Centre (ACSC) released its 2017 Threat Report. The next day, at the national conference of the Australian Information Security Association (AISA), an Australian Defence Signals (ASD) officer told us more about an incident in that ACSC report.

• ACSC Threat Report highlights deplorable ignorance, ZDNet Australia, 10 October 2017. The ignorance of the media and politicians, that is.
• Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack, ZDNet Australia, 11 October 2017. This is the story that exploded, introducing the world to APT ALF, and Alf’s Mystery Happy Fun Time.
• Blaming government for defence contractor’s lax cybersecurity ‘a stretch’: Pyne, ZDNet Australia, 12 October 2017. If you read this column, you’ll see that I disagree with Minister Pyne’ view.

Podcasts

None by me, but…

Media Appearances

• I was the guest on this week’s Covert Contact podcast, the episode titled Australian Cyber Policy.

Then the world decided to follow up my story on that Australian defence industry data breach.

It began in Australia and expanded from there, with stories in the Sydney Morning Herald (in the front page!); The Australian; ABC News; the Guardian; News.com.au; BuzzFeed; The Express in the UK; Voice of America; RT; Arab Times in Kuwait; via AAP to outlets including Sky News Australia; and via Reuters to others. If I tried to find them all, and link to them all, I’d be here all night.

I saw versions of the story in Chinese, Vietnamese, Greek, Indonesian. There were doubtless others. They’re just the ones I happened to see.

To quote ZDNet security editor Zack Whittaker in New York, it ran everywhere — and to be honest, that surprised me. I’ve covered cybersecurity, as we call it now, for a few years. This is a pretty ordinary event. It just happened to combine “mystery hacker”, with the controversial F-35 Joint Strike Fighter, with the authority of an ASD officer.

On Thursday, I did media appearances on ABC News24; ABC Radio’s The World Today; ABC TV’s 7.30; and Channel Ten’s The Project. On Friday, I appeared on BBC World’s Newsday.

I can’t possible list all of the follow-ups, but here’s a few that I’d like to mention:

• Oz military megahack: When crappy defence contractor cybersecurity ‘isn’t uncommon’, surely alarm bells ring?, by Richard Chirgwin at The Register.
• Australian defense firm was hacked and F-35 data stolen, DOD confirms, by Sean Gallagher at Ars Technica, confirming the breach from the American end of the supply chain.
• ASD disclosure is a good thing, by James Riley at InnovationAus.com. It’s a point I agree with.

The story also morphed as it was re-reported, sometimes drastically changing the meaning of the event. One publication, which I won’t name, even reported that the ASD had been hacked, at least until I contacted them. I hope to find the time to write up that evolution, but for now here’s a few tweets.

Corporate Largesse

• On Wednesday, there was food and drink at the AISA National Conference, which was held at the Hyatt Regency Sydney. Hivint offered a beer. I accepted. It was nice. Telstra gave me a t-shirt.

The Week Ahead, and Further Ahead

I’ll play it by ear. At this stage, there’s nothing special through to the end of the year, so now is your chance to fix that.

[Photo: Mountain Life, with Fog, The entry road to the Carrington Hotel, Katoomba, photographed through the evening fog on 10 October 2017.]