Being an American, reports of cyberattacks back home rarely catch my attention these days. Even a letter from the CIO of the U.S. Office of Personnel Management in Washington advising me that my personal data as a former US Government employee may have been compromised in the recent US government hack– didn’t get much of a read. Perhaps it’s because it took 30 days to make its way to Australia by snail mail, and by then the news had already started to simmer. Or perhaps it’s because I knew I was one of 20 million other Americans affected (that’s 7 % of the U.S. population), and surely someone is working to fix the problem.
Here in Australia, the Australian Cyber Security Centre (ACSC) recently called attention to the worrying state of cyber affairs in its first unclassified “Threat Report” released last week. Among the major (but hardly surprising) findings are that cyberattacks in Australia have increased three-fold over the last three years, and it predicted that cybercrime will continue to increase over the next five years. Also came the sober reminder that the attacks we read about in the press are “just the tip of the iceberg.” In other words, it’s what we don’t hear about that should keep us up at night, and the fact that the attacks are outpacing defenses by leaps and bounds.
The punchline of the ACSC report did not come as much of a shock either: More resources are needed as soon as possible from both government and industry to harden Australia’s cyber border. And it will be expensive. But like any good insurance policy, the ROI on upfront costs to help protect against potentially disastrous consequences down the road is hard to measure until it is too late. Most cyber experts agree on one thing: its not if, but when a major cyber attack will occur.
While resources and vigilance against cyber attacks are clearly on the rise, the fact remains that they simply cannot keep up with the number, sophistication and sheer persistence of these adversaries. Reasons for such attacks range from crime, to espionage, to activity where motivations are simply unclear.
What is clear, however, is that Australians are becoming more connected than ever, relying on the Internet for just about every aspect of life. The Australian Bureau of Statistics (ABS) reports over 90% of businesses use the internet, with the greatest increase being the proportion of businesses that place orders online – jumping 4 percentage points to 55% between 2010-11 and 2011-12.
Taking it up a notch from online orders: consider financial apps becoming more commonplace, ubiquitous driverless cars in the not-so-distant future, as well as connected homes, schools, hospitals, cars,and yes, people. Not to mention the nation’s critical infrastructure being controlled remotely, such as the electrical grid, water supply, and defense systems. Risks range from the very low end of customer frustration over a brief interruption of an online service, indeed bad for business, to the much higher end of the potential for physical danger or even death, as was demonstrated by the successful remote hacking of a Jeep Cherokee in St. Louis last month.
Intel prioritizes consumer trust above all else as a fundamental tenant of our business. Revelations of hacking and data breaches erodes that trust not just of our brand, but of the entire technology ecosystem in every country worldwide. We need to respond holistically—not as just one company investing more of its operating budget to its own silo of cyber defenses. Investing in effective cybersecurity is essential across the world from all stakeholders.
As Intel Security’s Senior Vice President Chris Young recently explained, we must “pay down the cyber debt”—that is think about future generations with a generous down payment now towards a safer place to connect, do business, communicate, drive, and live, in the future. And speaking of the future, Chris also called for the creation of “Cyber Corps” to train young people with the right skills to defend against increasingly complex cyber attacks. Simply put: we will never get ahead of the attackers if we don’t learn how to outsmart them.
We could compare increasing cyber resources to preparing for the prediction of a natural disaster that has the potential to displace homes and businesses and critically fracture national security. The trends cited in the ASCS report are more of a dire and very accurate prediction, unlike weather forecasting. And it’s a long term proposition, requiring investment in future skills, training, programs and strong collaborative frameworks across government and industry.
Intel applauds the ACSC report and the spirit of transparency and education that accompanied its release. The Australian Government laudably is in the midst of its Cyber Security Review, led by the Department of the Prime Minister and Cabinet. The Government has reached out to other governments, businesses and academia throughout the process, which demonstrates the need for close engagement across all sectors in this new era cyber insecurity.
The final report from the Review will hopefully continue to make the case for closer public-private sector cooperation, development of skills for students, and a commitment of robust resources for making all Australians safer online.