Last week, the Department of Prime Minister and Cabinet confirmed that Australia’s new cyber strategy will be released this Thursday. The update will be the first since the release of the 2009 strategy. Expect to see a big focus on skills, private sector collaboration and information sharing—and an increased focus on how Australia can leverage the international components of its cyber relations and engagements. Check back on The Strategist from Thursday afternoon for in-depth coverage of the Strategy from the ICPC team.
The Strategy’s launch was announced at the Australian Cyber Security Centre’s annual conference held last week. The ACSC conference is one of the few of its kind, bringing together both technical and policy experts from government and the private sector. This year over a thousand people attended the conference to hear numerous interesting presentations from government and private sector leaders. It was particularly refreshing to see such candidness from leaders representing both sectors as to the type of online challenges they face each day, and how they go about trying to tackle them.
The UK Cabinet Office has released its final Annual Report on the UK Cyber Security Strategy 2011–2016. The Annual Report, which is presented to Parliament by the Minister for the Cabinet Office, is an opportunity for the government to outline how it is working to achieve the key objectives laid out in the original strategy. It shares practical information on program outcomes and achievements and details funding allocated to each thematic area over the five year program. Unsurprisingly, defence took the largest piece of the funding cake with AU$815.5 million dedicated to National Sovereign capability to detect and defeat high end threats. Law enforcement and cybercrime prevention efforts received $215.9 million and international engagement and capacity building $14.3 million. The Government is currently producing the UK’s next cyber strategy which is expected to be released later this year.
Last week President Obama alluded to US operations taking place online against ISIS. While this is the first time the President has acknowledged the US is carrying out cyber operations against ISIS, he was non-descript about what form those operations took. This week US Defense officials were more forthcoming, sharing with the Daily Beast that the operations have moved beyond basic disruption—such as the blocking of encrypted communication channels—to more targeted campaigns. That includes the infiltration of individual members’ computers via spear phishing and the gathering of intelligence on their networks using malware.
The US and Russia are set to carry out a high level bilateral meeting on cyber issues this week, but that won’t affect the wider freeze in dialogue between the two countries following Russia’s annexation of Crimea. The US State Department was quick to stress that the talks—which will take place in Geneva with representatives from the White House, State Department and FBI—weren’t a restart of the stalled Bilateral Presidential Commission working group. It appears that the US is keen to keep dialogue open on cyber issues—in particular the 2013 Bilateral US–Russia Cyber confidence-building measures that led to the installation of the ‘Cyber hotline’ that exists between both counties among other measures.
Bangladeshi police, working in collaboration with INTERPOL, believe they’ve identified 20 individuals involved in the theft of over US$80 million dollars from the Bangladesh Central Bank. The robbery, which was carried out by a group of hackers from the Philippines and Sri Lanka, is estimated to be one of the largest ever bank heists. The hackers’ details have been shared with counterpart police forces, and the Philippines Senate has already begun an inquiry as to how ‘the money stolen from the Bangladesh central bank wound up with two casinos and a junket operator in the country’.