​Government IT security under the spotlight after BoM cyber attack

The recent cyber attack on Australia’s Bureau of Meteorology (BOM) has raised fresh concerns about the ability of government departments to withstand sophisticated cyber attacks.

According to ABC news reports quoting multiple official sources, the attack has raised fears that potentially sensitive national security information may have been compromised. Details of the extent of the attack are yet to be confirmed by the BoM.

The concerns have been amplified by the fact that the BoM operates one of the country’s largest supercomputers and has direct data network links with other government departments and agencies. Authorities fear that, because attackers gained access to BoM computers, this may have provided them with a gateway into other parts of the wider government IT infrastructure.

As well as providing weather forecasts, the BoM uses sophisticated software to undertake complex climate modelling and long-range analysis. This data is used by other areas of government including the Department of the Environment and the Department of Defence. The BoM also provides climate information to commercial airlines and shipping companies as well as conducting analysis of Australia’s water supplies.

The BoM attack is the latest in a string of high-profile security breaches affecting government computer systems around the world. In another recent case, hackers gained access to the United States Office of Personnel Management which holds sensitive data such as the personal details of government employees and their families. Concerns were raised that attackers could use this illegal access to potentially give security clearance to individuals who had not been properly vetted.

Cyber Attacker motivation

While the identity of those responsible for the BoM intrusion is yet to be confirmed, motivation for the attack could have come from a variety of areas.

Data stored on BoM servers, or on those of other departments with which it has network links, could be deemed valuable to foreign governments or criminal organisations. The sophisticated software applications and algorithms used for analysis could also be worth money on the black market.

Motivation may also have come from wanting access to other areas of government. Once BoM servers had been compromised, attackers may have had the potential to send phishing emails to staff in other departments that would have appeared to have come from a legitimate source. If successful, such emails may have resulted in illegal access to other systems and databases, blackmail or successful acts of espionage.

Potential attack vectors

Attacks of this type, whether conducted by nation states or criminal groups, usually follow one of two attack vectors but compromised privileged accounts are the common denominator in nearly all devastating breaches. Once attackers gain control of a privileged account – they can escalate privileges and move laterally throughout the network - undetected.

One strategy used is phishing emails which are directed at staff working in the target agency. Usually carrying an attachment containing malicious code or links to an infected website, if triggered these will allow the attackers to gain access to the agency’s systems and networks. This type of attack is often a means to gaining access to privileged credentials with attackers hopping from endpoints to servers to find the valuable information they want.

Another strategy is to seek out servers at the edge of the agency’s networks that are somehow deficient in their security precautions. These could be systems that have not received the most recent software patches or those with flawed access requirements. Once an attacker has access to one of these servers, it is possible for them to rapidly reach into other parts of the target infrastructure.

Thwarting future attacks

The BoM and OPM breaches are just two examples of a long list of cyber attacks carried out on government departments and agencies around the world. They provide compelling evidence that governments need to make a fundamental shift in their overall security strategies.

While debate often centres around the need for more investment in IT security, the bottom line is that many governments are simply failing when it comes to the basics – they can’t pass Security 101.

These basic but critical steps include patching servers, implementing regular system updates, and tightening controls around privileged accounts and administrator credentials.

However, a recent survey by Dimensional Research* found that 43% of executive teams in government don’t receive regular security reports and metrics to evaluate the effectiveness of their programs. At the same time, 75% of IT security professionals cite budget as a barrier to proper security.

Read more: Ascendant CSOs becoming “guardians of big changes” as IT security shapes digital business: Gartner

In almost every breach that occurs whether in a government agency or in the private sector, it is eventually revealed that, once they had gained initial access, attackers exploited privileged credentials that enabled them to move laterally across the network. This process often includes conducting undetected reconnaissance for long periods of time, and the theft of sensitive data.

Because these behaviours are seen time and time again, tightening policies and practices for managing, monitoring and securing privileged users and accounts, and accelerating the implementation of multi-factor authentication are important places to start when it comes to shoring up security. Indeed, most organisations typically have three to four times more privileged accounts than employees and agencies must first start by working to identify these accounts and then focus on monitoring, managing and securing them.

Some experts argue that proper data encryption is the best way to prevent these kinds of cyber attacks. However, close analysis of how the criminals operate shows that this would be too narrow a view.

To be successful at warding off future cyber attacks, government departments and agencies need to design their security strategies from the inside out, taking the view that attackers may have already found their way into the IT infrastructure.

The bottom line is that powerful, privileged credentials, sometimes termed the ‘keys to the IT kingdom,’ must be securely locked down, controlled and continuously monitored. This will limit lateral movement within the network, thereby containing the attack and lessen damage.

By taking this proactive, inside-out approach to network security focused on securing access to the organisation’s most sensitive data and information, departments and agencies can be more confident about mitigating the risk of a devastating breach that could potentially bring every day operations to a grinding halt.

“The Gap Between Executive Awareness and Enterprise Security” survey was conducted by Dimensional Research.

Join the CSO newsletter!

Error: Please check your email address.

Tags ​GovernmentBoM cyber attackAustralia’s Bureau of Meteorology (BOM)cyber attackIT Security

More about Bureau of MeteorologyDepartment of Defence

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sam Ghebranious

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts