Defence Magazine

The Australian Government Department of Defence

Article

By Mathew Hinge

The Defence Signals Directorate provides cyber security advice and foreign signals intelligence to Defence and Government to support military and strategic decision-making. Defence recently caught up with First Assistant Secretary Cyber and Information Security Mike Burgess to learn about the latest developments in the cyber realm.

Cyber security is a serious and pressing threat to national security.

Australia's national security could be compromised by cyber threats targeting Defence and wider governmental, commercial or infrastructure-related networks. The potential impact of such activity has grown with Defence's increasing reliance on networked operations.

The Defence Signals Directorate's (DSD) mission - 'Reveal their secrets, protect our own' - accurately sums up its role. DSD collects and analyses foreign signals intelligence, known as 'Sigint', for the ADF and Australian Government, and provides advice and assistance on cyber, information and communications security for Australian Federal and State Government agencies.

Given those two functions, DSD is both a poacher and gamekeeper of information.

DSD's support to military operations is a priority for both the signals intelligence and cyber security missions. The Directorate's collaboration with other elements within Defence has made an effective contribution to military and peace keeping operations from World War II to the present day.

DSD's role as the Commonwealth national authority on cyber security is to help the Government protect its valuable information, networks and devices from the cyber threat.

First Assistant Secretary Cyber and Information Security Mike Burgess says the cyber threat comes from a wide range of sources, including individuals, issue-motivated groups (or 'hacktivists'), criminal syndicates and state-sponsored hackers.

"Of these, state-sponsored and military hackers represent the greatest threat to Defence's information," Mike says.

"State-sponsored hackers have the resources to develop the most sophisticated intrusion and attack tools and techniques, and to direct them against Defence networks on a very large scale.

"This current activity is mainly economic in focus, looking for information about Australia's business dealings, its intellectual property, its scientific data and the Government's policy settings and intent.

"While defence and foreign policy information remains a traditional target of espionage, at least 65 per cent of cyber intrusions on Australian computers currently have an economic focus."

Mike believes security efforts should focus on identifying sensitive or business-critical information and what can be done to protect it from unauthorised disclosure or being impacted by disruption.

"DSD's aim is to make Australia a hard target for malicious cyber actors by working to ensure Government and industry apply a 'defence in depth' approach to protecting information and ICT infrastructure," he explains.

The concept behind 'defence in depth' is to create layers of security that will prevent access to networks.

"The deeper an organisation's defence, the more money and time hackers need to invest to improve their techniques to even have a chance of getting in," Mike says.

In order to achieve this, DSD has released 'Strategies to Mitigate Targeted Cyber Intrusions'. The strategies are ranked in order of effectiveness and are based on DSD's analysis of cyber security incidents and vulnerabilities.

At least 85 per cent of the cyber intrusion techniques DSD has responded to could have been prevented by following just the first four mitigation strategies. They are:

use application white-listing to prevent malicious software and other unapproved programs from running;

patch applications with updates such as PDF readers, Microsoft Office, Java, Flash Player and web browsers;

patch operating system vulnerabilities with updates; and

minimise the number of users with administrator privileges.

"These will address the vast majority of intrusion attempts and also help build a resilient network," Mike says.

"A resilient network can maintain access to its information and communications systems during and after an attack or intrusion.

"DSD has placed significant investment in new technology and analytical capabilities to guard against cyber threats and preserve Defence's edge in cyberspace. The bulk of the operational capability resides in the Cyber Security Operations Centre. This Centre hosts embedded staff from across Defence, and includes representatives from the Australian Security Intelligence Organisation, Australian Federal Police and the Attorney-General's Computer Emergency Response Team."

Establishing and strengthening cyber capabilities is a high priority for Defence. Reducing Defence's own vulnerability to offensive cyber operations is also a high priority, especially in times of conflict or heightened tensions. This includes the protection of deployed networks and information systems.

To achieve this, DSD collaborates with the Chief Information Officer Group, which is responsible for ensuring dependable, secure and integrated support to military operations and Defence business.

The internet has provided Defence with more ways to communicate and share information. The cyber threat is very real but Defence is proactively addressing the situation.