[LINK] Australian Government cyber security, situational awareness, visibility monitoring
stephen at melbpc.org.au
stephen at melbpc.org.au
Mon Feb 25 23:29:11 AEDT 2013
Australian Government likely to invest in situational awareness security ..
visibility monitoring
Patrick Budmar (ARN) 25th Feb, 2013 <www.arnnet.com.au/article/454653/>
The pledge of $1.46 billion by the Australian Government into cyber
security will potentially be used for situational awareness.
That is according to Trend Micro A/NZ managing director, Sanjay Mehta, who
draws parallels to the US$6 billion the US Government set aside for its own
initiative. The US calls it continuous monitoring and the amount is solely
for that, he said.
Situational awareness is fundamentally about visibility and what is going
on with a network on an ongoing basis, combining both technology and
people who understand it, according to him.
For that reason, Mehta expects the Australian Governments approach is not
going to be too different from any other major Governments.
They are all worried about targeted attacks, the ones that are unknown and
unseen in nature, he said.
Unlike the old style of attack, which would appear and cause havoc, the new
approach is to covertly plant the malware in systems and which may then lay
dormant for months.
As a result, the presence of the malware may not be immediately clear until
it wakes up to carry out the attack.
Mehta characterises it as a very slow and calculated attack, but, when it
affects the system, it is usually in a bad way.
Getting the insight into what is going on in the environment and picking
up on that early before it really bites is a huge focus, and it will be a
big focal point for cyber efforts here, he said.
One of many
The $1.46 billion amount is quite specific, and Mehta admits to being
curious in how the Australian Government came up with the number.
Whether it is one million or six billion, they are huge sums of money and
it is a good start, he said.
It is certainly a lot better than zero.
While Mehta is unable to speculate on how the money will be split up, he
expects lots of integrators will be involved and there will be tons of
technologies along the way, not to mention bureaucracy.
Where that money goes is fairly masked to everybody, he said.
As for how much is actually targeted at the problem itself, it is tough to
say.
One thing Mehta is willing to bet on is that the investment by the
Government, while sizable, will not be the last one it makes into cyber
security.
Ive worked in the industry for 15 years, and every time someone announces
a be all end all solution, the bad guys turn around and adjust the attack
vector by a few degrees, and off goes the chase again, he said.
Mehta reiterates that there is no silver bullet to the security problem,
and since the threat environment changes so quickly, the $1.46 billion may
not be enough.
They have list of things to achieve with that $1 billion dollars, and
those priorities will change as we move forward and the threat profile
changes, he said.
It will be reprioritised as the years go by and threats change, but its a
good start.
--
Cheers,
Stephen
More information about the Link
mailing list