James Sankar, AARNet’s Director, Enterprise Services reports
This year was very different from previous years because the traditional threat-factor focus shifted localised issues to nation states, following the series of revelations from Edward Snowden. There were many talks at technical to governance levels and the highlights here only relate to the sessions I attended. Therefore, this summary is by no means a complete representation of all the topics covered during the conference.
The world today is an online environment where we must assume we will be compromised. Instead of focusing on infrastructure hardening we need to explore other layers of the stack, such as:
Organisations also need to know who should have access to what data and to communicate to the CIO what the critical data or business critical event that depends on securing that data is to enable the CIO to divert resources appropriately, not after an incident.
Institutions need to recognize their risk tolerance and make smart decisions on security investment, to outsource or partner with experts under suitable clearance and non-disclosure provisions to lower the reputational risk profile.
Protecting disclosure needs to balance with the benefits of access to a trusted community to share incidents and resolution approaches to improve awareness and best practice without attribution.
An example of such a community is National Cyber-Forensics & Training Alliance (http://www.ncfta.net/) however, you have to commit active participation at quarterly peer group meetings, two–way collaboration and cooperation, the sharing of intelligence via technology enhanced methods, participation in the strategic and technical development of listed initiatives and agree to the non-disclosure of shared information outside of your own organization to the group in order to remain a member.
The community noted the use of social engineering of systems themselves as a target attack opportunity. All this means that a multi-faceted approach to security is required. Institutions must determine likely threat actors and scenarios in your own industry vertical, to also understand your institutional specific threats and asset values and to then bring these together into a plan for investment on enhancing technology, people (education) and processes at work, home or when travelling overseas.
At a board level this is all about risk mitigation, by applying suitable responses to highest risk impacts and likelihoods, for both the institution, its stakeholders and even the supply chain that you or they are depend on.
Dr. James Fox gave an excellent talk on motivation and how to utilize gamification to deliver progress and feedback with the belief that companies will need to adopt in order to attract and progress through such mechanisms. However, the purpose and impact on individuals remains in the balance on positive versus negative outcomes.
Dan Klein also shared facts for the same errors in code and systems that continue to deliver vulnerabilities and exploits, but on a bigger scale than in the past. He advocates a new approach to code audit, review and check to proactively improve our online ecosystem. Big Data offers lots of advances to benefit from, however, incentives for the good guys and more disclosures security and privacy risks will continue and grow.
Aug 15, 2017
REGISTER NOW FOR GLIF 2017 - the 17th Annual Global LambdaGrid Workshop, hosted by AARNet at Sydney University 25-27 September This event brings together leading network experts from around the world to collaborate and exchange knowledge on new networking technologies, pathfinding, middleware and applications. The workshop has a specific focus on how global...
Aug 9, 2017
The answer is Identifiers. AARNet is involved in activities in both the eResearch and GLAM (Galleries, Libraries, Archives and Museums) communities that involve connecting identifiers in order to unlock significant opportunities for enabling research collaboration and data sharing across Australia and internationally, and, building rich discovery layers to Australia’s cultural...
Aug 4, 2017
Technologists working on networking and networked technologies at AARNet-connected universities and research institutions gathered in Melbourne on 22 & 23 June 2017 for Networkshop. Watch the video to hear what some of the highlights were for delegates. Networkshop 2017 was a two-day technical community-building event with an emphasis on technical...