This article is more than 1 year old

Vulnerable utilities, telcos, top of new Aussie natsec centre's to-do list

Headcount to tip 150 tomorrow, double by year's end

The Australian Cyber Security Centre (ACSC) will increase its headcount from 90 to 150 as soon as possible, then grow to full capacity of 300 seats by year's end.

The centre's opening was delayed to allow staff to move into the new Australian Security Intelligence Organisation (ASIO) ASIO building to avoid burning taxpayer dosh on private rent.

Cyber security head Major General Stephen Day said the centre was currently forging a priority assistance list by identifying the weakest of the critical infrastructure operators.

"For example, is the retail sector more important for the Government to assist than the critical national infrastructure operators, Day told El Reg at the Australian Information Security Association (AISA) conference in Melbourne today, stressing that the agency would not avoid any sectors.

"If you are really important and your cyber security posture is really weak, congratulations you will probably end up at the top of our list.

"If you are really important and really secure, the last thing you need is me coming along."

Weak organisations in the defence, telecommunications, and resources energy sectors would form the centres top hit list as they were routinely targeted by advanced threat actors, Day said.

Advanced Threat actors are getting smarter, Day says.

The Centre, created by Australia's government in 2012, combined staff from the Australian Signals Directorate (ASD); CERT Australia; Defence; the Australian Federal Police; the Australian Crime Commission, and ASIO.

Day said security had been belted into the brains of important Federal Government ministers and executives, and noted that a Federal Government Standing Committee would be held tomorrow on how the state could improve private-public information sharing.

But the states weren't as cyber-savvy.

"The states are much more patchy ... there are some at the end of the freeway, and some at the [start]," he said.

"A change of minister could have a huge impact on the treatment of cyber security."

Day said nation state attackers have reached the "greatest evolution in their trade craft", adding they had become more conscious of their persona security and are using new tools.

"In short, things are getting harder for defence."

He recommended delegates apply the ASD top four mitigation controls including application whitelisting, least privilege user access, and patching of operating systems and applications.

Day said every successful attack against government and critical private sector entities it has worked on would have failed should those breached have implemented the top four controls.

Those four controls were able block all exploitation and execution attempts during tests of 1700 malware sets including advanced targeted instances previously foisted at Australian Government agencies.

Day will soon open a public threat sharing portal and encourage department members to speak with the public.

The Department will also hold its first security conference in April 2015. It will be open to the public. ®

More about

TIP US OFF

Send us news


Other stories you might like