Korea-Australia-New Zealand (KANZ) Broadband Summit 2011

Cyber space: Our new front line

Dr Kim-Kwang Raymond Choo

Senior Lecturer / 2009 Fulbright (DFAT Professional) Scholar University of South AustraliaVisiting Researcher ARC Centre of Excellence in Policing and Security, Australian National University

Source: http://www.internetworldstats.com/stats.htm

Cyber space: Our new front line

KANZ Broadband Summit 2011

Cyber space: Our new front line

KANZ Broadband Summit 2011

Digitisation of information

• Lower entry barrier for digitisation of information• Broadband connection, technological innovations, declining cost of electronic

data storage devices, etc …

Cyber space: Our new front line

KANZ Broadband Summit 2011

A world of connectedness

• If Facebook was a country, it would be the 3rd largest in the world

Cyber space: Our new front line

KANZ Broadband Summit 2011

Securing our cyber space

• 360-degree challenge• Cyber threats, top tier

national security priorities (e.g. Australia’s National Security Statement 2008; UK Home Office National Security Strategy 2010)

Cyber space: Our new front line

KANZ Broadband Summit 2011

Cyber threats• Official statistics unlikely to be indicative of the entire

cyber threat landscape

Categorising cyber threats• Syntactic attacks (attacking the hardware/software)• Semantic attacks (attacking the users)• Blended attacks (e.g. Phishing)

Increased variety and volume of cyber attacks inevitable

• Phishing

Blended attacks• Phishing

– Financial loss

• Direct costs

• Indirect costs

• Lost opportunity costs

Semantic attacks (attacking the users)

Some of our findings

– Almost all fraudsters wanted us to ship our merchandise to an address in Nigeria

– “Payment” methods: PayPal, Western Union and Credit Cards

– Nigerian scammers are bullies

– Nigerian scammers know what they want • Small and expensive electronic items

Cyber space: Our new front line

KANZ Broadband Summit 2011

Syntactic attacks (attacking the computers)

• Malware– 2010: > 20 million new malware detected

(McAfee 2011)

• Vulnerabilities– 2010: 8,562 vulnerability disclosures, a

27% increase over 2009 (IBM X-Force 2011)

Strategic disadvantage:

Attacker needs to find only one vulnerability and successfully exploit it to gain access

Cyber space: Our new front line

KANZ Broadband Summit 2011

Cyber attacks more sophisticated and going ‘under the radar’

Cyber space: Our new front line

KANZ Broadband Summit 2011

The way forward• Why are cyber criminals so successful?

• Awareness and education/training• Basic online security

• Getting users to think critically• Maintain current knowledge of latest cyber criminal activities and

best cyber crime prevention measures

• Need for coordinated action by government agencies, researchers and the private sector (Australian Government House of Representatives Standing Committee on Communications 2010, Recommendation 31)

Darwinism: Survival of the fittest

Cyber space: Our new front line

KANZ Broadband Summit 2011

The way forward• Evidence-based policy response • Public Private Partnership (PPP)

• (Appropriately vetted) Volunteer cyber defenders• E.g. Cyber Defense League, an Estonian volunteer organization;

Professional Cyber Defender Programme in Singapore

• Joint user awareness and education initiatives• Joint Research and Development (R&D) initiatives

• E.g. How do we address the technical and operational challenges associated with securing fundamental ICT infrastructure against cyber attack and resultant cyber crime? How do we more accurately identify, analyse and attribute the source of a cyber attack in a timely fashion?

A better prepared society against cyber attacks

Untold riches await those who can design systems that are easy to use, but difficult to exploit

Cyber space: Our new front line

KANZ Broadband Summit 2011

raymond.choo@unisa.edu.au

raymond.choo@fulbrightmail.org