asd – Page 5 – Stilgherrian

30 July 2015

Talking the ACSC cyber threat report on 1395 FIVEaa

The (relatively) new Australian Cyber Security Centre (ACSC) released its first-ever unclassified threat report yesterday, but as I wrote at ZDNet, I was disappointed.

The report (PDF) has dropped, and indeed it contains few surprises. It tells the now-familiar story of serious and organised criminals, foreign state-sponsored actors, and other “cyber adversaries”, all of whom are getting better at what they do.

“The cyber threat to Australian organisations is undeniable, unrelenting and continues to grow. If an organisation is connected to the internet, it is vulnerable. The incidents in the public eye are just the tip of the iceberg,” begins the report’s foreword.

“Cyber adversaries are aggressive and persistent in their efforts to compromise Australian networks and information. They are constantly improving their tradecraft in an attempt to defeat our network defences and exploit new technologies,” it says later.

“Australia is an innovative country with a globally important resources sector. We are a regional leader with global interests and important partnerships. This makes Australia a target-rich environment for cyber adversaries.”

All of which is true, of course, but all of which has been said so many times before.

I spoke about the report today with Will Goodings on 1395 FIVEaa Adelaide — with somewhat less disappointment in my voice.

Podcast: Play in new window | Download (5.5MB)

07 June 201511 June 2015

Weekly Wrap 261: Two conferences, two states, many cybers

My week of Monday 1 to Sunday 7 June 2015 has been both productive and exhausting, covering two conferences in two states.

It’s a long time since I’ve written five articles in week. It’s at least six months since I’ve done four, which is as far back as I could be bothered scrolling let alone five. But of course, there’s podcasts and other projects that have generated revenue, including random geekery and technical consultancy, so “number of articles” isn’t a fair measure.

Still, this has been one of my most productive weeks in a while. Excellent.

Articles

ASIC still able to wield its magic hammer online, Crikey, 2 June 2015. The hammer I refer to is section 313(3) of the Telecommunications Act 1997.
Australia’s cyber defence ‘pretty ordinary’ before ASD’s Top Four, ZDNet Australia, 3 June 2015. This piece quotes Major General Stephen Day, who heads up the defensive side of the Australian Signals Directorate (ASD). This and the following piece were generated from Check Point’s Cyber Security Symposium in Sydney.
Tâ€‹elstra CISO blasts cyber ‘attribution distraction’, ZDNet Australia, 4 June 2015. Mike Burgess is said CISO.
Air gaps still a cheap and effective defence for critical networks: Kaspersky, ZDNet Australia, 4 June 2015. This is the first of two articles that came out of the AusCERT Information Security Conference, and there’ll be more next week.
Islamic State has ‘best cyber offence’ of any terrorist group, ZDNet Australia, 5 June 2015. This article cites Mykko Hypponen, chief research officer at F-Secure in Helsinki.

Podcasts

None. The next episode of The 9pm Edict is scheduled for Monday 15 June, or the day after.

5at5

There were two editions of 5at5 this week, on Monday, and Sunday. To save me having to tell you this, you could just subscribe.

Media Appearances

On Monday, I spoke about Chinese ATMs with face recognition on ABC 891 Adelaide.
On Friday, I took part in the AusCERT Speed Debate. The Livestream recording has bad audio, so I’ll link to the YouTube version when it becomes available.
Also on Friday, I was interviewed by the University of Melbourne student newspaper Farrago. I’ll link to that story when it goes live.

Corporate Largesse

On Tuesday, I went to the Check Point Cyber Security Symposium in Sydney, or at least part of it. The goodie bag included a signed copy of Brian Krebs’ book Spam Nation, a Check Point branded notebook, a chocolate from A10 Networks, and of course copies of Check Point’s promotional material. Food and drink were supplied.
From Tuesday night through to Friday, I was at the AusCERT Information Security Conference as AusCERT’s guest. They provided return flights from Sydney to the Gold Coast, airport transfers, three nights accommodation at RACV Royal Pines Resort, and of course all the conference food and drink — and there was plenty of that. For taking part in the Speed Debate, I was given a bottle of Jim Barry The Lodge Hill Shiraz 2012 from the Clare Valley. And everybody got a copy of Bruce Schneier’s book Data and Goliath, an AusCERT-branded shirt, and a rather well-made courier bag. From CyberArk: A macaron, delivered creepy-like into my hotel room while I wasn’t there. From Firemon: A branded glass-cleaning cloth. From Mimecast: a keyring bottle opener. From NCC Group: a golden bath duck. From the US Naval Criminal Investigative Service: an NCIS cap — yes, from the real NCIS, not the TV show.

The Week Ahead

Monday is a public holiday for the Queen’s Birthday, but nevertheless I’ll be working. I’ll be writing a feature for ZDNet, as well as returning to Wentworth Falls after a week away.

From Tuesday to Thursday, I’ll be working on another feature for ZDNet, as well as my “regular” column, as well as the running so late it’s embarrassing ebook. ~~I see there’s an Apple keynote at 0300 AEST on Tuesday, so that may feed into something.~~ [It didn’t.] And I’ve got an interview to do on Thursday afternoon.

~~On Friday, I’ll be heading down to Sydney for a media briefing by Cisco.~~ Friday is another writing day.

I’m not sure how the weekend will go, but I see that there’s Poetry in the Pub in Katoomba on Sunday afternoon. I happened to be there last month, and I thought it might be interesting for The 9pm Edict podcast. We’ll see.

Update 11 June 2015: Edited to reflect the abandoning of the Friday trip to Sydney.

[Photo: Sunset on the Gold Coast, Photographed from the 16th floor of the RACV Royal Pines Resort on 3 June 2015.]

13 October 201315 October 2013

Weekly Wrap 175: Lots of security, lots of productivity

[Update 14 October 2013, 0800 AEDT: As foreshadowed, “The Week Ahead” has been fleshed out with the current version of The Plan. However there’s evidence to suggest that this might change again later today. Update 15 October 2013, 1915 AEDT: The plan has changed again.]

My week Monday 7 to Sunday 13 October 2013 was relatively busy, although more on the research and information-gathering side rather than the final output side.

Podcasts

Corrupted Nerds: Conversations 6, being a chat with Michael Smith, head of Akamai Technologies’ computer security incident response team (CSIRT) about distributed denial of service (DDoS) attacks.

Articles

Tech boom? Innovation drives Newcastle’s (slow) renewal, Crikey, 7 October 2013, being my write-up of the DiG Festival.
Internet use: we’re more mobile, but we still need a cable, Crikey, 9 October 2013, being my response to the latest internet usage figures from the Australian Bureau of Statistics (ABC).

I also wrote my usual column for ZDNet Australia, The Full Tilt, but we’re currently waiting on a decision as to whether the planned headline is, um, pushing the boundaries.

Media Appearances

On Monday I spoke about Tor and Silk Road on ABC Local Radio across New South Wales.
On Sunday, I was a guest for the recording of this week’s Reckoner podcast.

Corporate Largesse

On Wednesday I went to a lunchtime briefing by Unisys at Wolfies Restaurant at Circular Quay — apparently it doesn’t have an apostrophe — where the food was lovely and the weather was gorgeous. They paid, of course.
On Thursday I went to the annual conference of the Australian Information Security Association (AISA) at the Sydney Convention & Exhibition Centre, where I was fed and watered. Check Point Software Technologies Ltd gave me a branded shirt. Watchguard Technologies Inc gave me a novelty USB memory device (4GB) packed with PR material.

The Week Ahead

~~The exact shape of the week will depend upon news arriving overnight, so I’ll add in the details tomorrow morning.~~

On Monday I’ll be mapping out the coming three weeks or so, including preparing some of plan for getting to Melbourne for the Breakpoint and Ruxcon hacker conferences. On Tuesday I’ll be continuing that work towards Melbourne and writing a piece for Technology Spectator that’ll due to be published on ~~Thursday~~ Friday.

~~On Wednesday I’ll be setting up the framework for another Technology Spectator yarn, as well as writing my ZDNet Australia column for Thursday.~~

On Wednesday I’ll be heading to Sydney for a lunchtime briefing by Dasault SystÃ¨mes about their new SolidWorks thingo, setting up the frameworks for Technology Spectator and ZDNet Australia stories en route. I may stay in Sydney overnight, depending on several factors. If I don’t…

On Thursday itself, I’ll be heading to Sydney again for a lunchtime briefing by NEC and Telsyte, staying overnight until Friday for a tour of the Pacnet data centre and some personal stuff.

There’s more in the schedule than that, of course, but they’re the relatively fixed pegs upon which the rest of the schedule hangs.

The weekend is currently unplanned.

[Photo: Not the ASD, photographed at the annual conference of the Australian Information Security Association (AISA) in Sydney on 10 October 2013. The signage for the Australian Signals Directorate (ASD), formerly the Defence Signals Directorate (DSD), seems to have gone astray…]