Welcome to the March/April JCSC Newsletter

NEWSLETTEr

ISSUE 7: APRIL 2018

Welcome to the March/April JCSC Newsletter.

Since the last newsletter, the program has seen an intense period of activity, from the official launch of the Sydney JCSC through to an extensive program of workshops.

national

On 17 April, the Australian Government attributed malicious cyber activity targeting commercially-available network devices around the world in 2017 to Russian state-sponsored actors. This coincided with similar attribution by the governments of the US and the UK.

The Australian Cyber Security Centre (ACSC)previously provided advice about the vulnerability and how to mitigate against it, enabling businesses across Australia to secure their devices and prevent access.

The day after the attribution, the JCSCs held a national information workshop for JCSC partners, coveringthe vulnerability, the scope of the Russian activity, and technical advice detailing clear actions to be taken to protect networks.

SYDNEY

Ministerial launch of the Sydney JCSC

L-R: Peter Harmer (IAG), the Hon Angus Taylor, the Hon Victor Dominello

The Sydney JCSC was officially opened by the Minister for Law Enforcement and Cyber Security , the Hon Angus Taylor on 21 March. Minister Taylor spoke about the importance of collaboration between government and business to improving cyber security practices. The NSW Minister for Finance, Services and Property, the Hon Victor Dominello and IAG CEO and Chief Executive, Peter Harmer echoed Minister Taylor’s message about the value of collaboration and partnership.

The launch was attended by representatives of more than 34 organisations, including those who have partnered with the Sydney JCSC. The opening included tours of the centre and a ‘capture the flag’ exercise with teams of cyber staff from JCSC partner organisations competing. Congratulations go to team Gastric Crocodile from IAG for winning the competition!

US Department of Homeland Security delegation visit

The Sydney JCSC also hosted a visit by Deputy Assistant Secretary Richard Driggers from the US Department of Homeland Security.

The Sydney Interim Steering Group, including representatives of key partners – the AFP, AGL, ASX, IAG, NSW Government, NSW Police, Qantas, Telstra and Westpac – hosted a roundtable with Mr Driggers to discuss the importance of collaboration between government and private industry and approaches to private/public partnerships in the US and Australia.

MELBOURNE

The Melbourne JCSC continues to grow its partner base, bringing on board new partners from Tasmania.

Business Email Compromise Workshop

On 6 April, the Melbourne Centre held a Business Email Compromise (BEC) and Cyberfraud workshop for over 40 participants. A panel of experts from ANZ, Secureworks, the Australian Criminal Intelligence Commission (ACIC), and the Australian Transaction Reports and Analysis Centre (AUSTRAC) provided their unique perspectives on the complex criminal networks underpinning BEC cybercrime and its impact on Australian businesses.

The Melbourne JCSC will hold another BEC workshop later in the year focusing on those most targeted by BECs, particularly real estate, medical and legal companies.

US National Cybersecurity and Communications Integration Center visit

On 10 April, Mr Chris Butera, Deputy Director of Cyber Threat Detection and Analysis in the US National Cybersecurity and Communications Integration Center presented at the Melbourne JCSC. One of MrButera’s presentations—Incident Response: The US Department of Homeland Security’s Experience—generated numerous interactions from attendees who were particularly engaged with the case study he presented on cyber activity targeting the energy sector and other critical infrastructure sectors in the US in 2017.

BRISBANE

The Brisbane JCSC is supporting a joint industry and government program that will improve cyber security in the energy sector. The Australian Energy Market Operator (AEMO) is leading efforts to establish a framework for understanding the cyber security capabilities and maturities of energy market participants.

The framework will draw on the expertise of the ACSC and the Critical Infrastructure Centre in the Department of Home Affairs to ensure that business, market and national security risks are addressed. It will support agraduated range of controls to guide future investment in the right cyber security capabilities depending on the risk and criticality of the organisation.

This is a clear example of industry and government working together to understand and improve cyber security in critical infrastructure.

Upcoming events for the Brisbane JCSC include:

• SPLUNK Capture the Flag competition (keep an eye out for a State of Origin competition later in the year!)
• Partner breach case study
• 2018 Gold Coast Commonwealth Games wrap up.

perth

The Perth JCSC is hosting weekly drop-in days for partners to visit the centre and participate in briefing sessions. The sessions will cover the current threat landscape, ACSC advisories, topical news items from open sources and the latest trends identified by CERT Australia.

On 28 April, CERT Australia ran a ‘hands-on incident management’ workshop. Industry and state government participants were taught by incident responders about methodologies and approaches to incident response. The workshop will be available to JCSC partners and plans are underway to run this course at all JCSC sites.

CONTACT US

To find out more about becoming a partner, email or visit