Modern Australian
Men's Weekly

.

How Australian universities can get better at cyber security

  • Written by Greg Austin, Professor, Australian Centre for Cyber Security, UNSW
How Australian universities can get better at cyber security

The cyber security practices of Australian universities are in the spotlight after the Australian National University (ANU) reported last week it had been the target of a serious attack. Hackers – reportedly based in China – infiltrated ANU’s networks some time last year and have proven difficult to remove.

According to the Australian Cyber Security Centre’s 2017 Threat Report:

Targeting of the networks of Australian universities continues to increase. Universities are an attractive target given their research across a range of fields and the intellectual property this research is likely to generate.

Anecdotal information suggests university performance in cyber security is quite weak. The problem is not widely studied by scholars. But there are things they can do to improve.

It’s important that they do because university networks hold important intellectual property data; sensitive political, business, and social data from background interviews and surveys; and valuable personal information about students who go on to become political, business and national security leaders.

Read more: Is counter-attack justified against a state-sponsored cyber attack? It's a legal grey area

This is a global problem

Cyber attacks targeting universities aren’t limited to Australia.

Chinese universities were among the major victims of a global ransomware attack involving the Wannacry malware in 2017. The attack, which locked up user files and demanded a ransom, came just on the eve of submission of final theses for the academic year in Chinese universities. Social media reporting suggests the disruption was serious.

Indeed, universities figure rather prominently as victims of cyber attacks in China. In 2016, according to a Chinese study, the country’s universities accounted for the highest proportion (40%) of targets of the most serious form of threat.

Known as Advanced Persistent Threat (APT), this form of attack is usually associated with government intelligence or military agencies. My own work suggests that in general the institutions targeted had bad security practices – either by not installing software updates on the day of issue or by using pirated software.

Better reporting is required

So how good are Australian universities at cyber security?

There is scant public evidence assessing the cyber security practices of Australian universities so it’s hard to say. According to a senior official of a small regional university who I spoke to last month, his institution simply has not been equipped, staffed or funded in the past to engage with the challenge.

What about the country’s top universities?

To answer this, some consistent and public reporting on security incidents would be required. If we had information on the size of security staffs, the type of outsourced security arrangements, and the total annual budget for cyber security in our universities we could make a reasonable judgement. These types of data are difficult to find, but we can make judgements in other ways.

First and most simply, do universities utilise two-factor authentication? Do they prohibit staff and visitors from bringing their own devices and USBs? Most Australian universities probably fail these two basic tests.

Read more: How suppliers of everyday devices make you vulnerable to cyber attack – and what to do about it

Second, since most Australian universities don’t insist on mandatory training in simple security measures, such as how to avoid “phishing” emails that carry malware, we can assume serious vulnerabilities exist.

In 2018, the University of New England released a comprehensive three-year information security plan. It is an impressive assessment of the threats, risks and challenges for the university – and it updated a previous plan for 2015-17. The scale of the challenge is well captured by one sentence in its executive summary:

…yesterday’s security defenses are not effective against today’s rapidly evolving threats.

Not all Australian universities have such an easily accessible and comprehensive plan.

What is to be done?

Mature organisations in the corporate world do not leave cyber security management in the hands of the information technology managers. Rather they place responsibility in the department of risk management, directly under the CEO or Board of Directors. One reason is that cyber security is a socio-technical problem, not just a technology problem.

There is an additional option uniquely available to universities: to ensure that those who manage security of networks and data work closely with those who research and study the same problem.

This happens in Oxford University, where the academic staff in the field are seen as part of the solution. Oxford convenes a monthly meeting of its Information Security Special Interest Group (SIG) and its members help manage the university’s annual baseline cyber security assessment.

Read more: Deterring cyber attacks: old problems, new solutions

Oxford also has its own Computer Emergency Response Team (CERT), a type of organisation used globally, though often only at the national level, to manage certain aspects of cyber security. The CERT is developing the university’s own security analytics platform (SAVANT).

In December, the Canadian universities and colleges association issued a workshop report on what their member institutions needed to do to address this problem. It advocated, among many other steps, a national university-based cyber security network.

Participation in a shared Australian network of this kind will be the only solution available to Australia’s smaller universities with low security capability, but also an essential component of the cyber security work for our largest.

Authors: Greg Austin, Professor, Australian Centre for Cyber Security, UNSW

Read more http://theconversation.com/how-australian-universities-can-get-better-at-cyber-security-99587

Powering Shepparton’s Businesses: Expert Commercial Electrical Services You Can Count On

When it comes to running a successful business, having reliable, compliant, and efficient electrical systems is non-negotiable. From small retail ou...

Maximise Efficiency: Cleaner Solar Panels for Optimal Performance

Solar panels are a smart investment in energy efficiency, sustainability, and long-term savings—especially here in Cairns, where the tropical sun ...

7 Common Air Conditioner Issues in Melbourne – And How to Fix Them

Image by freepik Living in Melbourne, we all know how unpredictable the weather can be. One moment it’s cold and windy, the next it’s a scorchin...

Powering Palm QLD with Reliable Electrical Solutions

Image by pvproductions on Freepik When it comes to finding a trustworthy electrician Palm QLD locals can count on, the team at East Coast Sparkies s...

The Smart Way to Grow Online: SEO Management Sydney Businesses Can Rely On

If you’re a Sydney-based business owner, you already know the digital space is crowded. But with the right strategy, you don’t need to shout the...

What Your Car Says About You: The Personality Behind the Vehicle

You can tell a lot about someone by the car they drive—or at least, that’s what people think. True Blue Mobile Mechanics reckon the car says a l...

The Confidence Curve: Why Boudoir Photography Is the Empowerment Trend You Didn’t Know You Needed

Boudoir photography has been quietly taking over social feeds, Pinterest boards, and personal milestones—and for good reason. It’s not just abou...

Understanding Level 2 Electricians: Why Sydney Residents Need Licenced Experts for Complex Electrical Work

When it comes to electrical work around the home or business, not all electricians are created equal. In Sydney, particularly when you're dealing wi...

Retirement Anchored in Model Boat Building for Waterford’s Doug Unsold

WATERFORD — When Doug Unsold sees his ship come in, it’s usually one he’s crafted with his own hands. The 67-year-old retiree from Waterford ...

The Science Behind Alarm Clocks and Your Circadian Rhythm

Waking up on time isn’t just about setting an alarm—it’s about working with your body, not against it. At the heart of every restful night and...

How to Use Plants to Create a Calming Atmosphere in Your Home

In today’s fast-paced world, cultivating a calm, soothing environment at home has never been more important. Whether you live in a busy urban apar...

How Maths Tutoring Can Help Students Master Maths

Mathematics can be a daunting subject for many students, often causing stress and frustration. However, maths tutoring has proven to be an effective...

Refurbished iPads Are Better Than New Ones (Here's Why)

Image by rawpixel.com on Freepik Apple's refurbished iPad program has quietly become one of the best deals in tech. While everyone obsesses over the ...

Your Guide to Finding the Right GP: What Perth City Doctors Offer Today

Choosing a General Practitioner (GP) is one of the most important health decisions you’ll make. Luckily, Perth’s vibrant CBD now hosts a new ge...

Why Every Mining Operation Needs a Robust Safety Management System

Mining is one of the backbones of the Australian economy, particularly in Western Australia. Back in 2019-20, mining contributed 10.4% of Australia...

Australian Classic Literature Enjoys Resurgence

Welcome back to the good old days of storytelling! As the modern world becomes increasingly more demanding, returning to childhood favourites offers...

How to Choose the Right Lawyers in Sydney for Your Situation

When faced with a legal issue, selecting the right legal representation can make all the difference. Whether you're dealing with a personal injury, ...

Building a Governance Model for Headless Content Management at Scale

Image by pch.vector on Freepik There's never been a better time to implement a headless content management system (CMS) to gain the flexibility and ...