{"id":29126,"date":"2016-10-13T06:00:35","date_gmt":"2016-10-12T19:00:35","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=29126"},"modified":"2016-10-17T13:17:59","modified_gmt":"2016-10-17T02:17:59","slug":"acsc-threat-report-useful-contribution-cyber-conversation","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/","title":{"rendered":"The ACSC Threat Report: a useful contribution to the cyber conversation"},"content":{"rendered":"<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"427\" class=\"alignnone size-full wp-image-29127\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z-205x137.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z-332x221.jpg 332w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>Yesterday the Australian Cyber Security Centre (ACSC) released its second annual <a href=\"https:\/\/www.acsc.gov.au\/publications\/ACSC_Threat_Report_2016.pdf\" target=\"_blank\">Threat Report<\/a><u> (PDF)<\/u>, outlining the cybersecurity challenges Australia faces and further developing Australia\u2019s approach to cyberspace. This year\u2019s ACSC report offers a detailed breakdown of cyber terminology, a strategic assessment of the threat environment and a refreshingly candid narrative.<\/p>\n<p>The report emphasises the importance clarifying the language used to describe the cyber threats facing Australia. The ACSC goes to great pains to point out that indiscriminate use of the term \u2018cyber attack\u2019 by \u2018media, academics and foreign governments\u2019 has undermined a mature understanding of the cybersecurity challenge. The report highlights the range of nefarious behaviours possible in cyberspace and the need to label them accordingly. That echoes the sentiment of Prime Minister Malcolm Turnbull in his <a href=\"http:\/\/www.malcolmturnbull.com.au\/media\/keynote-address-at-the-australia-us-cyber-security-dialogue\" target=\"_blank\">keynote speech<\/a> at the recent Australia\u2013US Cyber Security Dialogue, where he raised the \u2018problem of cyber lexicon\u2019 and the importance of standardising terminology across government, business, media and academia. Having a clearer understanding of what the various threat vectors are and of the dangers they pose is useful in creating broader understanding across the community. The report makes a concerted effort to address that issue, categorising cyber behaviours, from state-sponsored aggression to hacktivism, in terms of intent, methods and risk.<\/p>\n<p>However, the addition of \u2018cyber terrorism\u2019 as a sub-class of online behaviour has us worried. The term is frequently used by authoritarian governments with a strict interpretation of what represents acceptable \u2018freedom of speech\u2019 online. The term is used to facilitate the prosecution of individuals who\u2014within an Australian interpretation\u2014would merely be expressing their opinions online, rather than facilitating or participating in terrorism. Having this term in an official Australian document doesn\u2019t help the discussion around appropriate rules of the road for cyberspace, and makes arguing for an open, safe and secure internet more difficult.<\/p>\n<p>More broadly, the report identifies an important strategic trend: the pattern of malicious actors using cyberspace \u2018to seriously impede or embarrass organisation and governments\u2014equating to foreign interference or coercion\u2019. Traditional conceptions of \u2018cyber attacks\u2019 focus on the potential link between computer keyboards and kinetic disruption, and rightly direct attention to the cybersecurity and resilience of critical national infrastructure and core government networks. However, as the report points out, the list of potential targets has significantly grown to include political organisations, media and \u2018other sectors considered important Australia\u2019s economy and identity\u2019. Recent incidents of state-sponsored hacking and data breaches haven\u2019t been a precursor to, or enabler of, physical conflict, but are instead favoured by adversaries as a low-intensity tool of statecraft by which to achieve broader strategic ends.<\/p>\n<p>Regardless of whether the released information is falsified or authentic, these \u2018targeted disclosures\u2019 offer an effective way to conduct information operations and undermine public confidence in organisations and governments. With direct reference to the <a href=\"https:\/\/www.theguardian.com\/us-news\/2016\/jul\/23\/dnc-emails-wikileaks-hillary-bernie-sanders\" target=\"_blank\">US Democratic National Committee breach<\/a>, the report voices concern over the increasing frequency of such \u2018brazen\u2019 behaviour and the impact this may have on international norms of behaviour in cyberspace.<\/p>\n<p>Overall, this report offers a transparent look into government cybersecurity, including its weaknesses and capabilities. The report provides surprising specifics on the <a href=\"http:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\" target=\"_blank\">Bureau of Meteorology hack<\/a> in December, detailing the methodology of the intruder, the compromise of agency data as well as other government networks, and the admission that \u2018the security controls in place were insufficient\u2019. It\u2019s encouraging to see the Australian government leading by example on the importance of breach disclosure, in order to ensure that the private sector continue to do so themselves. Increasing broader awareness of the risks and responses is vital in this area.<\/p>\n<p>The report also offers a fairly bold statement on Australia\u2019s attribution capabilities. It challenges the perceived difficulty of identifying cyber adversaries, and asserts that Australia can achieve detailed attribution, even of individuals, \u2018in a timely manner\u2019. But although the report details technical incident response procedures, it leaves us guessing as to what the ACSC would deem an appropriate response to an attributed adversary, should a cyber\u2013physical or cyber-coercion incident take place in Australia. Current deliberations over <a href=\"http:\/\/blogs.cfr.org\/cyber\/2016\/10\/10\/after-attributing-a-cyberattack-to-russia-the-most-likely-response-is-non-cyber\/\" target=\"_blank\">what action the US should take<\/a> now that it\u2019s officially attributed the recent spate of cyber intrusions to Russia, highlights the need to address the lack of established post-attribution policy options.<\/p>\n<p>It may be the case, as the report claims, that Australia is unlikely to fall victim to such an incident in the next five years. However, recent international events indicate Australia needs to take seriously the risk posed to both soft and hard power targets, and the government should start developing the technology and policy needed to operate in today\u2019s online threat landscape.<\/p>\n<p>Increasingly careful use of cyber terminology, attention to strategic changes and more open conversations are essential elements of a more secure online environment. The new ACSC report offers important progress in this effort, and reinforces cybersecurity as a policy priority for the Turnbull government.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday the Australian Cyber Security Centre (ACSC) released its second annual Threat Report (PDF), outlining the cybersecurity challenges Australia faces and further developing Australia\u2019s approach to cyberspace. This year\u2019s ACSC report offers a detailed breakdown &#8230;<\/p>\n","protected":false},"author":390,"featured_media":29127,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[531],"tags":[391,95,1597,728],"class_list":["post-29126","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","tag-cyber","tag-cyber-security","tag-cyber-strategy","tag-hacking"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Yesterday the Australian Cyber Security Centre (ACSC) released its second annual Threat Report (PDF), outlining the cybersecurity challenges Australia faces and further developing Australia\u2019s approach to cyberspace. This year\u2019s ACSC report offers a detailed breakdown ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-12T19:00:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-17T02:17:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"427\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zoe Hawkins\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zoe Hawkins\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg\",\"width\":640,\"height\":427},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/\",\"name\":\"The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#primaryimage\"},\"datePublished\":\"2016-10-12T19:00:35+00:00\",\"dateModified\":\"2016-10-17T02:17:59+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3c83e374221e7d4e6ccdabb43f9a1701\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The ACSC Threat Report: a useful contribution to the cyber conversation\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3c83e374221e7d4e6ccdabb43f9a1701\",\"name\":\"Zoe Hawkins\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e4e7cfaeb94c847b758be1d5c1c2f346?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e4e7cfaeb94c847b758be1d5c1c2f346?s=96&d=mm&r=g\",\"caption\":\"Zoe Hawkins\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/zoe-hawkins\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/","og_locale":"en_US","og_type":"article","og_title":"The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist","og_description":"Yesterday the Australian Cyber Security Centre (ACSC) released its second annual Threat Report (PDF), outlining the cybersecurity challenges Australia faces and further developing Australia\u2019s approach to cyberspace. This year\u2019s ACSC report offers a detailed breakdown ...","og_url":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2016-10-12T19:00:35+00:00","article_modified_time":"2016-10-17T02:17:59+00:00","og_image":[{"width":640,"height":427,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg","type":"image\/jpeg"}],"author":"Zoe Hawkins","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Zoe Hawkins","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/10\/18685871221_29b396292e_z.jpg","width":640,"height":427},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/","url":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/","name":"The ACSC Threat Report: a useful contribution to the cyber conversation | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#primaryimage"},"datePublished":"2016-10-12T19:00:35+00:00","dateModified":"2016-10-17T02:17:59+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3c83e374221e7d4e6ccdabb43f9a1701"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/acsc-threat-report-useful-contribution-cyber-conversation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The ACSC Threat Report: a useful contribution to the cyber conversation"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3c83e374221e7d4e6ccdabb43f9a1701","name":"Zoe Hawkins","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e4e7cfaeb94c847b758be1d5c1c2f346?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e4e7cfaeb94c847b758be1d5c1c2f346?s=96&d=mm&r=g","caption":"Zoe Hawkins"},"url":"https:\/\/www.aspistrategist.ru\/author\/zoe-hawkins\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/29126"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/390"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=29126"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/29126\/revisions"}],"predecessor-version":[{"id":29131,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/29126\/revisions\/29131"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/29127"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=29126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=29126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=29126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}