The government’s ongoing efforts to better share cyber threat intelligence with agencies and the private sector have been dealt a blow by the findings of an Australian Cyber Security Centre (ACSC) survey.
The ACSC survey of 68 ‘major businesses of national significance’ and 45 government organisations, published today, found that only only seven per cent of respondents believed ‘information and intelligence sharing’ – the stated aim of the government’s new Joint Cyber Security Centres (JCSC) – to be an important factor in mitigating cyber security risks.
Only one per cent of respondents considered ‘industry collaboration’ a factor in defending from cyber threats.
In its 2016 cyber security strategy, the government committed $47.3 million towards establishing JCSCs – the first of which opened in February – as well as an online threat sharing portal.
“Securing Australia’s cyberspace is not something the Commonwealth can do alone,” said Minister Assisting the Prime Minister for Cyber Security Dan Tehan at the first centre’s opening in Brisbane. “This collaborative approach will provide up-to-date information about the nature of cyber threats, help partners better understand cyber risks, and allow them to collaborate on shared challenges,”
Similar hubs are planned for Sydney, Melbourne, Adelaide and Perth.
A joint statement by Attorney-General George Brandis and Tehan today said the survey’s findings highlighted “the need to better explain and demonstrate the benefits of building relationships and sharing information”.
Cause for concern
“This lack of importance placed on information sharing and collaboration … is cause for concern for two reasons,” the Australian Cyber Security Centre report states.
“Firstly, the need for sharing actionable and tactically useful indicators has long been understood. The recent move towards security automation and cyber threat intelligence can play a significant role by filtering out the noise created by unsophisticated and untargeted threats, providing insight to the evolution of sophisticated adversary tradecraft, and validating defensive security and response measures.
“Secondly, sharing indicators of compromise along with indicators about the vulnerabilities, infrastructure, and tactics, techniques or procedures used by an adversary with other potential targets can increase the costs (time and money) and limit the effectiveness of malicious actors.”
The survey found that whether organisations were deemed cyber resilient or not, had no effect on how unimportant they believed intelligence sharing and collaboration to be.
The most important factors in mitigating cyber risks were considered to be senior leadership support, risk management and technical controls.
Ninety per cent of the organisations in the survey experienced attempts to breach their security in 2015/16. Phishing and social engineering was reported by 84 per cent of organisations, malware by 68 per cent and denial of service attacks accounted for 23 per cent of attacks.
“It confirms that many Australian organisations … are experiencing some form of attempted or successful cyber security compromise, and that some are being targeted up to hundreds of times per day,” the government said in a statement.
“Importantly, the survey demonstrates a high level of ability of organisations to prepare for and recover from cyber threats. However the continually changing threat environment means more needs to be done to prepare, adapt and detect potentially malicious activity.”
The release of the survey marks the first anniversary of the launch of the government’s $231.1M cyber security strategy.