Cyber resilience in the COVID-19 era: Lessons for the defence industry
By Ian Martinus & Tony Marceddo
- In the new environment of COVID-19 and distributed workforces the nature, type and volume of cyber attacks have increased. Cyber criminals and malign state actors are using the crisis to exploit vulnerable government and business supply chains with intent to disrupt or cripple.
- As a critical sovereign industry the defence sector is increasingly vulnerable in this setting and will need to be adaptive and resilient in order to limit an adverse impact to its supply chain and operations.
- By seeking advice from established and trusted institutions and implementing credible cyber countermeasures defence industry can mitigate the impact of current and emerging cyber threats.
Defence industry in Western Australia contains more than 200 SMEs that manufacture products and offer services to markets in Australia and overseas. As well as every other critical service provider, defence industry is also currently in the process of assessing its response capabilities due to the fast-moving macro environment created by the COVID-19 pandemic. What is becoming increasingly relevant is the way fortification of essential industries and their critical supply chains is being considered. Securitisation of business information, intellectual property, personnel and business systems needs to be priority at this time of global strategic transition.
In a rapidly evolving environment of establishing new short-term goal setting, companies and government agencies are required to establish and agree to new objectives and key result tools. A scattered and offsite workforce now has the same vulnerabilities of an unsecured third-party supply chain that is not subject to the same standards and compliance measures of a company that houses employees in one location. We have not even begun to test the robustness of governance, risk and compliance issues when a work-from-home employee or supplier is compromised.
The rapid adoption of work-from-home technologies over the past few months has exponentially increased the use of online communication platforms such as Zoom, Google Hangouts, Skype and Microsoft Teams. Like any internet-enabled service, the scope of exploitation becomes substantially wider and porous for cyber criminals and malign state actors. Cyber criminals have always worked from home, and now companies and employees alike have rapidly moved into the cyber criminal’s domain of comfort and preference.
One example of a practical collaboration with the security of critical infrastructure is between the WA AustCyber Innovation Hub, Edith Cowan University Security Research Institute and two major critical infrastructure providers. This ‘Honeypot Research’ has allocated ECU research students to work with the power companies to build prototypes of certain control systems in their operating technology environment that mimic actual systems. Researchers can then study the threat signatures, attack methods and sophistication in order to gather cyber threat intelligence. This learning will translate directly to the way critical infrastructure providers such as energy , water and defence companies think about their cyber defence and vulnerabilities.
Implications for Defence Industry
Defence industry contractors need to understand the inherent weakness in monitoring and defending systems when they rely on a diversified workforce who are now managing some of those operations from home. Architectural weaknesses inherent in this include unsecured data transmissions, sub-optimal security policy and process enforcement, unsecured personal devices and tools: and a lack of normal workplace controls. In the event of an attack, it is also now much harder to assemble decision-makers in one location to work together to come up with an agreed solution. The distributed workforce model also gives the attacker a time advantage.
The WA AustCyber Innovation Hub has strong linkages with private sector cyber companies, industry associations and government agencies across the state to ensure the message of cyber awareness is spread and amplified. The Australian Cyber Security Centre offers COVID-19 Threat Updates is also a reliable source of information throughout the pandemic for SMEs.
AustCyber recognises that Defence provides many opportunities for sovereign cyber security companies. This year, AustCyber is involved with the MilCis 2020 conference and expo to be held in Canberra in November in support of Team Defence Australia for missions and cyber-focussed delegations to strategic global markets. Support will also continue for the Centre for Defence Industry Capability in their Global Supply Chain Program.
The WA AustCyber Hub has also partnered with ECU since 2018 to relaunch the Cyber Check Me program to assist small businesses and not-for-profits with their basic cybersecurity safeguards. Foundation partners include the Cities of Joondalup and Wanneroo and North Metropolitan TAFE. Advice is provided in line with the Essential 8 Cyber Mitigation Strategies which provides easily understood cyber hygiene practices.
A small cyber army of predominantly second year computer science students with a major in cybersecurity and Advanced Diploma students from North Metropolitan TAFE deliver the program through pop-ups at industry events (pre-COVID) with a migration now to online consultations with businesses.
Practising Cyber Hygiene
Further, here are some simple steps that defence industry SMEs could take to protect their business from cybercrime:
- Baseline cyber hygiene should emphasise:
- strong passwords for all devices and for your home WIFI,
- having a reliable VPN technology installed to secure remote connections,
- checking the software you use is patched with the latest versions and updates.
- Be aware that cyber-attacks are rising in the COVID-19 era and ensure that emails and texts are from reputable sources before you choose to respond or act.
- Be aware of Multi-Factor Authentication and set up if you are able.
- Make sure that key staff members can be reached instantly if a critical decision needs to be made if there is an incident or breach.
- Consider what you would do in the event of an incident and who you would call for assistance.
The COVID-19 global pandemic has created a new environment that almost solely relies on trusted digital interactions. Business continuity now firmly lies within the context of a risk posture and framework. The nature, type and volume of cyber attacks has increased and will continue to increase into the foreseeable future. Cyber attacks will rely on users becoming fatigued with controls, permissions and safeguards. Therefore the defence industry must be aware of the sources of truth they access to remedy any cyber challenges they face. AustCyber and organisations like it offer up-to-date free advice and links to Australian organisations and technologies that can navigate businesses through this transition time.
Disclaimer: The views expressed in this article are that of the author’s only, and do not necessarily represent the views of WA DEFENCE REVIEW.