Prime Minister Malcolm Turnbull is in Washington DC this week, and cyber issues have featured prominently on his agenda. During a poignant address on regional and international security at CSIS, Turnbull pushed several international cyber issues, including the of promotion of norms for responsible behaviour in cyberspace and the need for an open and free multistakeholder internet. Watch the PM’s remarks at CSIS here.
Turnbull and President Obama met at the White House earlier today and discussed a series of mutual issues. A fact sheet released by the White House on the meeting contains a section on cyber cooperation. It contains a nod to the aforementioned norms and open internet, but also a list of practical bilateral initiatives, including plans to map incident response structures and expand cybercrime cooperation, exchanges and regional capacity building.
Also coming out of discussions at the White House was an agreement to hold an annual 1.5 track cyber dialogue. PM Turnbull announced that this dialogue will be convened by ASPI’s International Cyber Policy Centre and our colleagues at the Centre for Strategic and International Studies.
Justice Minister Michael Keenan has shared some interesting stats gathered by the Australian Cybercrime Online Reporting Network (ACORN). ACORN was set up by the government in late 2014 to gather reports of online crime from members of the public and organisations with the aim of better understanding emerging types of online crime, and to share details on how to remain secure in cyberspace. In 2015 ACORN received 39,000 reports. Taking the top spot for the highest type of reported crime was online fraud and scams, which accounted for 49% of total reports. Coming in at number two were online trading issues, with 8,363 reports received from Australians affected by crime when buying or selling goods online. Unsurprisingly, email, social networking and website advertising were the top three means used to carry out online crimes.
After just recovering from the high profile infiltration of three Ukrainian power companies in late December, Kiev is in trouble again. It was discovered earlier this week that malware similar to that used during the electricity grid compromise was uncovered on a network at the country’s largest international airport. The network was home to the airport’s air traffic control system. Finger-pointing at the official level is yet to begin, but a Ukrainian defence spokesman did share that the Malware had been linked to a Russian server. Ukraine’s national Computer Emergency Response Team, CERT-UA, is expecting further attacks and has called on system administrators to remain vigilant.
For the first time, the Nuclear Threat Initiative has included in its annual threat index (PDF) a set of indicators designed to measure ‘how well states are prepared to handle cyber threats and potential acts of sabotage to nuclear facilities’. According to the report, 20 countries possessing either civilian or military nuclear programs ‘do not even have basic requirements to protect nuclear facilities from cyber attacks’. The indicators used in the cyber assessment covered regulatory, legal and policy mechanisms that were present (or not) in each country.
The Nihon Keizai Shimbun has reported 40 large-scale Japanese businesses, including Toyota and Sony, are joining together to share threat-intelligence and develop cyber countermeasures. In support of that goal, the group will also combine forces to develop a deeper pool of information security professionals who are able to tackle those threats.
In case you missed it, make sure you check out Simon Hansen’s new ASPI Special Report on Australia–China cyber relationships in the next internet era. The report is a product of Simon’s placement at China Institute of International Studies (CIIS), and is a great study on why we need a closer cyber dialogue with China, and how we might go about achieving it.