Pavel Ignatov - Fotolia
Cisco has answered the Australian government's call for intellectual support from the IT comunity as it puts its cyber defences together.
Australia is one of the most hacked countries in the world. Despite having a relatively small population, globally it ranks just behind the US as a target for malicious hackers.
The Australian government is well aware of this, and has been attempting to find the right response. Part of that process is an ongoing review of the nation's cyber-security policies and strategies.
Various major firms have weighed in with their opinions on how the Australian government can better protect its businesses and citizens from hackers and malware. Cisco is the latest, with its report, Australian Government Cyber Security Review, The Cisco Response.
Jon Stewart, chief security and trust officer at Cisco, acknowledges the issues and the scale of the challenges faced, along with the benefits that effective security can bring to the country. He approves of the government's approach to this issue: “Undertaking a national review, of any nature, is difficult for governments – however, actually implementing recommendations is even harder.
"At Cisco, we are pleased the Australian Government has accepted the challenge of proactively protecting the nation’s digital future, by seeking safer cyber security practices.”
Cisco's online summary includes these recommendations:
- A National Cyber Security Strategy that aligns national resources to drive a "cyber-enabled" national economy, that positions Australia such to maximise the advantage of digital market transitions;
- Uplifting national cyber security leadership;
- Using cyber security as a differentiator for international representation, through multilateral and bilateral frameworks and trade;
- Multi-sector information sharing, including threat research and intelligence;
- Developing state-based cyber centres/learning hubs as an extension of the Australian Cyber Security Centre (ACSC);
- Introducing incentives for accelerating innovation, as well as positive cyber security behaviours and outcomes;
- Building the national capacity engine, skills education and training.
Phil Vasic, regional director for Australia and New Zealand, at security company FireEye, said: “The government needs to go even further to improve Australia’s cybersecurity. It should legislate that certain data breaches affecting citizens be publicly disclosed.
"We need to acknowledge we’re up against people, not malware. In this fight, one of the best weapons in our arsenal for defending against attacks is sharing intelligence about attackers’ tools, tactics and procedures. When attacks are not made public, security professionals don’t learn what to watch out for.
"The absence of breach disclosure creates a false sense of security which makes the attackers’ jobs easier.”
Regarding Cisco's recommendations, Jason Ha, national manager of security practice at Dimension Data in Australia, said of the third recommendation: "I don’t think this goes far enough – what if Australia could position itself as one of the most cyber resilient and safest nations on the planet? Cyber safety can become a tipping point of trade and market gain."
He also commented on point five: "The ACSC does not undertake the activities suggested by this point and fundamentally is not everything to everyone, as it is politically portrayed. Developing multi-agency centres of excellence and the establishment of an industry model similar to the NCFTA in the USA would be of more benefit."
According to Phillip Simpson, principal consultant APJ at Dell Secureworks: “Due to the size of the cyber security industry here, it's naturally more collaborative as many of the key players all know each other, both in the private and the public sector.
"This presents a unique opportunity for these two groups to work together for the greater good. Perhaps more importantly, if this doesn't happen, the market will constantly compete for scarce security resources, limiting any individual organisation's ability to complete security projects.”
Read more about cyber security in Australia
Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from.
The ACSC wants more organisations to take responsibility for protecting their information resources and computer systems.
What are the cyber security risks facing businesses in Australia and New Zealand and how are organisations addressing them?