BLUF
Cybersecurity focused on defence, and law enforcement might not protect Australian organisations that use externally provided cybersecurity software.Summary
On 12 December, cybersecurity firm FireEye stated that it had detected an alleged Russian cyberattack that had compromised SolarWinds security software used on its Orion network. Solar Winds said hackers had inserted malware into a service that provides software updates for the Orion platform. Note the US government and many private companies use Orion software to monitor their IT networks. To put it simply, it is the equivalent of a security company unwittingly making available the keys of the properties they are supposed to be looking after. The 2020 Defence Strategic Update allocates $15B to cyber and information. However, the Australia Cyber Security Strategy 2020, probably does not go far enough, and the government needs to do more. The author argues that the entire Australian economy, including both government and private organisations, must focus on cybersecurity. How do you think we can better protect ourselves from a cyberattack?
References
- June 2019 REUTERS Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers
- 06 Aug 2020 Australia’s Cyber Security Strategy 2020
- 20 Dec 2020. The Guardian. What we know – and still don’t – about the worst-ever US government cyber-attack
- 31 Dec 2020. Engadget. SolarWinds hackers accessed Microsoft source code
- 30 Dec 2020. ABC News. The Sunburst hack was massive and devastating. Here are 5 observations from a cybersecurity expert
- 31 Dec 2020 SolarWinds Security Advisory
- Dec 2020 Krebson Security SolarWinds Hack Could Affect 18K Customers
