ACSC Conference 2018 a huge success
The need for a coordinated, global approach to cyber security was highlighted repeatedly at the Australian Cyber Security Centre (ACSC) Conference 2018.
More than 1,500 delegates attended the conference at the National Convention Centre in Canberra last week (11-12 April), bringing together the world’s top policy and operational experts in national and international cyber security.
Opening proceedings, Minister for Home Affairs, the Hon Peter Dutton MP, said a safe cyber space is essential for a prosperous and secure nation.
The Minister said the ACSC Conference provided a platform for ongoing partnerships to counter cyber threats.
"We are pleased to have international partners sharing their experiences with us. As we know, the threat isn't constrained by borders."
The Minister for Law Enforcement and Cyber Security, the Hon Angus Taylor MP, said the conference was a unique opportunity to collaborate and advance Australia's national cyber defence capabilities.
"Strong partnerships with industry are integral to achieving this," Mr Taylor said.
Keynote speaker, Richard Driggers from the United States Department of Homeland Security, agreed.
Mr Driggers is the Deputy Assistant Secretary of the Office of Cybersecurity and Communications.
Partnering with the private sector was “extremely important” in helping to share information about cyber security, he said.
The US was continuing to look at different ways to engage with the private sector on cyber, he said, including forming informal relationships with private companies.
Mr Driggers praised Australia’s Joint Cyber Security Centres, which are partnerships between business, government (local, state and Commonwealth) and academia to enhance collaboration on cyber security – and is a key initiative of the Cyber Security Strategy.
An international issue
Mr Driggers pointed out that cyber security “does not end at national borders”, as was made evident during the WannaCry incident in 2017.
The impacts of WannaCry could have been a lot worse “if we had not spent time and energy building our international partnerships,” he said.
“We want to do everything possible to help Australia and our other international partners.”
Mr Driggers also raised that building up the cyber workforce is a challenge in the US, just as it is in Australia.
“It is an international problem,” Mr Driggers said, pointing out that it wasn’t just about hiring but also retaining staff.
We need the ‘right’ people
Another keynote speaker at the ACSC Conference was Dean of Engineering and Computer Science at the Australian National University, Professor Elanor Huntington.
Prof Huntington said she was concerned about the skills shortage in the cyber space.
“What we need is people who understand both technology and people,” Prof Huntington said.
“One of the really interesting things about cyber security is that it inherently involves the bringing together of people and technological systems as well as some deep science to do basically human things.”
Women in cyber
The 2018 ACSC Conference had a specific focus to promote, inspire and support women to embrace a career in cyber security.
Women make up just 11 per cent of the cyber security industry.
In a panel discussion on women in cyber, panellists agreed that cyber “language” needs to change to attract more women to the industry.
Australian Signals Directorate Director-General Designate Mike Burgess went further.
“Of course we need to change the language, but the most fundamental thing is to change thinking,” Mr Burgess said.
“You’ve got to challenge your thinking and take steps to make progress, otherwise it won’t happen.”
A focus on increasing knowledge
The ACSC Conference program was geared towards increasing the knowledge of delegates. Presenters focused on providing specific operational advice, including through a range of training activities that were offered to delegates free of charge.
The ACSC’s Jason Pang and Mitchell Clarke co-instructed a technical course on incident response as part of the program.
Participants were taught methodologies on conducting effective incident response, but also acted as incident responders by analysing key artefacts derived from a simulated incident.
“By getting hands-on with some of the tools the industry uses, participants were able to get a very clear picture of what is actually involved from a technical perspective and what needs be prioritised”, Mr Pang said.
The simulated incident included sophisticated actor tradecraft observed in ACSC incident response investigations, giving participants a first-hand look at some of the techniques used to target Australian organisations.
Cyber is ‘surging’
Closing off the conference was a panel discussion with the ACSC leadership team, including the Head of the ACSC, Alastair MacGibbon.
The panel discussed the new structure of the revitalised ACSC, which was established by the Australian Government to ensure that Australian networks are among the hardest in the world to compromise.
The ACSC is now a cross-agency organisation, bringing together all of the Australian Government’s cyber security expertise.
“The time for incremental shift is over,” Mr MacGibbon said.
“The scale and types of incidents cannot be handled by government alone.” He said the ACSC would provide the necessary “surge” by government and industry to meet the demands of the increasing threat level of cyber on the Australian economy.