Former director of the United States National Security Agency (NSA), Keith Alexander, has called upon the United States, Australia, and other allies to operate under a unified cyber defence ‘radar’ to defend against international cyber attackers and protect critical infrastructure.
Speaking at an Australian Strategic Policy Institute webinar alongside the head of the Australian Cyber Security Centre (ACSC), Alexander stated that cyber defence was vital in the modern era given the potential ease of attack from remote locations.
“Cyber is going to be hugely important for our future,” Alexander said. “It’s the one area where adversaries can attack Australia and the United States without trying to cross the oceans.”
In particular, Alexander suggested a radar-like mechanism that would allow organisations to report cyber attacks to a centralised location visible by the cyber security departments of both governments and private organisations.
“We need an ‘event generator’ that shows events that are hitting companies at network speed, that can be anonymised, pushed up to the cloud, and create a radar picture so you can now see all the companies where these types of events are hitting.”
“Imagine if we built a radar picture for cyber that covered not only what impacts Australia, but what impacts other countries, and we could share in real time threats that are hitting our countries and protect from that,” Alexander said.
Alexander highlighted that a rising threat of cyber actors was becoming increasingly difficult to face, especially without cooperation from vulnerable industries.
“I think the biggest problem that I faced in government, and that we face today, is governments鈥攏ot just ours, but yours as well鈥攃an’t see attacks on the private sector. Yet the government is responsible for defending the private sector,” Alexander said.
Cyber incidents have flourished in Australia and globally, with a worryingly growing number of attacks on vital infrastructure across government, hospitals, food producers, communications, media, and educational institutions. In all, Australia has received a 13 percent jump in cyber crime in the last 12 months, with the ACSC receiving a report on average once every eight minutes.
While some of these include independent ransomware attackers, others include state-based actors鈥攕uch as the Russia-linked SolarWinds attack, and the China-linked Microsoft email server attack.
However, regardless of source, Alexander argued that almost none had been brought to justice with repercussions often limited solely to verbal condemnation.
“We have to attribute who’s doing it and make them pay a price right now,” Alexander said. “ ransomware guys, and Russia, predominantly get off pretty much free.”
“Imagine if we indicted [them] and put their picture up and said ‘that’s the guy,’” Alexander said. “And if we can, we will arrest you. You can’t move out of Russia, you’re gonna have to stay there for the rest of your life … we got you, we know who you are.”
Typically, governments have been incapable of cooperating with private organisations to the extent necessary to address cyber threats.
However, this is set to change in Australia with the proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020 (pdf) that seeks to fortify Australia鈥檚 critical infrastructure against cyber attacks by mandating incident reporting for organisations.
While receiving largely positive feedback, an inquiry into the bill drew angered responses from big tech operating data warehouses鈥攎eaning they too would become subject to laws which, in some instances, could see the government install their own cyber security software on their systems.
ACSC Head Abigail Bradshaw pointed to occurrences worldwide that had targeted critical infrastructure鈥攕uch as hacks of the United States’ Colonial Pipeline and JBS meatworks鈥攈ighlighting the importance of the reporting mechanism.
Bradshaw said that while an optional reporting system was already in place, more government involvement through a mandatory system would be necessary to identify future threats.
“ threat against critical infrastructure is real,” Bradshaw said.
“We analysed that at least a quarter of those attacks which were recorded relate to entities which we would regard as critical infrastructure. That’s a scary statistic. It’s more scary when we know that the instances of attacks are severely underreported.”
“We are in hand-to-hand combat with the bad guys every day. We know what they look like, probably because we’ve seen them before. We can establish patterns … and we draw those patterns together and use the full range of our intelligence capabilities to make assessments as to who might be next.”
Pezou : Former NSA Chief Calls for Allied ‘Radar’ to Defend Against Cyber Criminals