What if? - asking the hard questions at the UNSW Canberra Cyber Hypothetical
"If a system is simpler then inherently you can make it more secure."
"We need to make it harder for people to do the wrong thing."
"How do we get people to not follow human instinct?"
These were just some the thoughts raised by a panel of experts at UNSW Canberra’s recent Cyber Hypothetical.
The year is 2025, and we’re in the lead up to a federal election that will, for the first time, feature electronic voting. An email has been sent asking people to change their password and so began a series of questions based around the "what if" in relation to a cyber-attack. From phishing attempts and fake news to the large-scale theft of Industrial IP, the discussion was in depth and wide-ranging.
Kate Carruthers, Chief Data & Insights Officer at UNSW said that the main part of phishing is training people to recognise what it is.
"The other side is that technology professionals need to stop asking them [people] to click links in emails and that is the fundamental shift that we actually need to make," she said.
This thought was echoed by Mr Justin Warren, a journalist and twenty-year veteran of the IT sector.
"I think that we as IT professionals particularly need to spend some time changing the way that we build these systems so that it is harder to do the wrong thing."
UNSW Canberra Rector, Professor Michael Frater, touched on the corporate social responsibility of large organisations in these situations.
"t's about the whole way we design our interaction with others and making sure that we're wanting to design it so that at the very least, we're not trying to be phished," he said.
Although the scenarios raised on the night was purely hypothetical, the potential for a large scale cyber-attack on Australia is a very real possibility.
Major General Marcus Thompson, head of the Australian Army's Information Warfare Division, assured those in attendance that the capability that Australia has to face a cyber-attack is very good.
"Any response that the government might choose to make that involves the military could occur using any capabilities that the military has available, including capabilities that sit within ADF [Australian Defence Force] and the Australian Signals Directorate [ASD]," said MAJGEN Thompson.
"A military response would be one of any number of options, or could be part of a suite of options, that the government of the day could consider."
How do we make sure we continue to be prepared for an attack, especially one that is actively designed to slip under the radar?
Ms Carruthers admits that cybersecurity is not easy.
"We are faced with the all the plethora of legacy systems and I think that we need to take a risk based approaches. We need to do sensible data governance so we understand what we need to secure. It’s a team effort, it's everyone's problem and we need to collaborate."
This article is the first in a series about cybersecurity and the issues discussed at the hypothetical panel - stay tuned for more over the coming weeks.