Cybercrime initiatives require government/industry collaboration: Stratsec

Police and defence need help from IT security against cybercriminals

The local security industry must improve its engage with government and defence agencies if it is to help prevent the growing level of cybercrime attacks against Australia, industry experts argue.

Speaking at a roundtable event in Sydney, Stratsec chief executive officer, Tim Scully, said fragmentation of the security industry, coupled with a lack of government collaboration, were added problems.

"You’ve got some [security] companies who have very strong capabilities in some areas such as Stratsec but they are a niche capabilities," he said. "They don’t have the weight or resources in the market to go beyond what they do now which is security advice, governance and network penetration."

Scully added that government security networks such as intelligence agency Defence Signals Directorate (DSD), CERT Australia and the Department of Broadband, Communications and the Digital Economy did not have the resources to help end users in the community.

"This means the security industry has to take up that mantle," Scully said. "Industry has to engage with government to do that because there are ways to source information on cybersecurity."

For example, Scully said large vendors such as McAfee and Symantec had a "fantastic" source of information by which they could analyse trends and patterns.

In addition, companies like BAE Systems, which owns Stratsec, were now providing managed security services to all sectors and were collecting cybersecurity data as well.

"There has to be some information to coordinate the analysis of that data because we need some high level of coordination [from the government]," he said.

Scully added that the use of the term cyberwarfare was a problem, because it made cybercrime sound like a military problem.

"It's a societal problem because every person who uses their computer is affected by cybersecurity threats," he said. "It needs a whole of government approach and coordination of all the stakeholders, such as the police, the IT industry and defence, is needed."

He also called for the security industry to educate its end user consumers as the depth of awareness across the general community for cyber awareness was low.

Sourcefire APJ security engineering manager, Kelvin Rundle, agreed with Scully and added that state police were facing a challenge due to their defensive position.

“If you have ever played defence you will know that you are perpetually behind the eight ball, because the attacks we are talking about are fundamentally simple computer generated attacks. The challenge we have as a country is that we’re still playing a legacy defence game," he said.

"If we look at how those [cyber] threats propagate, we are talking about mums and dads who unintentionally are having their central processing unit [CPU] taken away from them to support these organised crime syndicates. Cybercrime is much easier to commit because I believe that state police do not have the resources available to prevent these overseas attacks."

The call for greater collaboration with government follows comments by federal Justice Minister, Brendan O'Connor, that he was looking at ways of mitigating cybercrime, adding that local victims of attacks were usually too embarrassed to come forward.

The comments follow similar calls from Queensland Police Service officer, Brian Hays, who said officers were behind the eight ball when it came to cybercrime because they were not "at the coal face" of security.

Speaking at AusCERT 2011, Hay said a lack of communication and collaboration between policing entities was hindering the fight against cybercrime, with a lack of crimes being reported to members of police.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags sourcefiresecuritystratsec

More about BAE Systems AustraliaCERT AustraliaCisco SecurityCisco SecurityetworkMcAfee AustraliaSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place