G20 guests will benefit from Australia's "leading edge" IT security nous: expert

Australian government agencies' world-leading adoption of formal security controls will put the country in good stead to help foreign ministers better handle cybersecurity attacks when they gather in Brisbane for November's G20 meeting, a global security expert has warned.

As centres of gravity for political power, such meetings have proved to be high-profile targets for phishing attempts, as during the so-called 'Ke3chang' attacks when Chinese hackers seeking high-value information targeted ministers of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary as they visited the G20 summit in Russia.

Such attacks are surely in the works for the Brisbane event and will test Australian authorities' ability to forge collaborative relationships with visiting ministers, FireEye vice president and global government chief technology officer Tony Cole told CSO Australia.

"When you have something as large as the G20 coming out, there is obviously a tonne of infrastructure that has to be looked at from a state, locality, and federal government level," he said. "There's infrastructure going into the hotels, and redundancy added, and people brought in to monitor what's happening."

With such a range of IT security skills present in a small space, there were bound to be conflicts and challenges in encouraging a unified front against cyber-criminals, continued Cole, who recently visited Australia to meet with a range of high-level government security managers in the leadup to the G20.

"The problem you have, primarily, across the board is ensuring that people are educated on the new types of threats that are out there and the things that can happen to them," he explained. "In the conversations I've had recently, I can tell you that with the number of different agencies involved in this, many of them are not aware of the changing threat landscape – which is problematic."

Citing education on these threats as "the number-one component that needs to be done," Cole warned that the influx of foreign IT specialists would complicate things further as the G20 neared.

"Out of all the C&C servers in the Ke3chang campaign, we only had access to one of them for a week and still pulled up a tonne of very valuable information," he said. "There's nothing in my mind, looking at the research done in this area, that would tell us that they're not going to try again."

Security specialists supporting the G20 event will be connecting and servicing IT components that have already been compromised through social-engineering and other attacks – as happened in last year's G20 as well as during similar global events such as the London Olympics.

"There's an enormous amount of work going on to stop this, but there's a great chance that many of the ministers showing up with their staff are already compromised," Cole said.

"The question is whether they are willing to have an infrastructure in place that can identify callbacks to known command-and-control servers, then stop those callbacks and even have a government agency telling another one that they have systems beaconing out to known C&C servers."

Australian departments were well ahead of the curve in implementing new cybersecurity controls, Cole noted, with the SANS Institute's Top 20 Critical Security Controls and the Australian Signals Directorate's (ASD's) 35 Strategies to Mitigate Targeted Cyber Intrusions offering helpful guidance to ensure that local information security is as effective as possible.

"In Australia there are wonderful things happening," he explained, citing the requirement that agencies comply with the top 4 ASD strategies. "They are truly at the leading edge from a government perspective."

That progress had engendered a spirit of openness and "a high level of collaboration between government agencies, at least in the federal space, about what needs to be done," he continued.

"These guidelines are really breeding collaboration across government agencies, and the G20 conversations are definitely going to continue as we help governments understand what could potentially happen and what they could do about it."

Join the CSO newsletter!

Error: Please check your email address.

Tags asdTony ColeAustralian government agenciessecurityG20FireEye Ke3changcyber securityChinese hackersSecurity Controls

More about CSOFireEyeSANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place