Home' Asia Pacific Defence Reporter : APDR March 2014 Contents Cyber seCurity
THE JULY/AUGUST 2014 EDITION OF APDR WILL MARK
40 YEARS OF HIGH QUALITY DEFENCE ANALYSIS, DEBATE,
INFORMATION AND COMMENT – MAKING US BY FAR THE
LONGEST RUNNING AND MOST FREQUENTLY QUOTED
PUBLICATION IN AUSTRALIA AND THE REGION.
40 years ago the Cold War was at its height, the Vietnam War was
raging – though Australian troops had come home – terrorists had
disrupted the Olympic Games two years before and massive nuclear
weapons stockpiles could have destroyed life on the planet several
times over. While many conventional threats remain the same, what
has really changed in the last four decades is the coming of the
internet – and with it undreamed of opportunities, but also threats
from both State and non-State actors.
To mark our 40 years of independent and in-depth analysis, the
July/August edition will be themed ‘The new frontier –
cyber warfare, cyber security and cyber crime’. As
an important part of this issue, we invite companies with relevant
experience in these domains to contribute up to 950 words describing
in their own terminology how they see future cyber trends and what
needs to be done so that internet is safe and secure – not only for
military users but for entire nations.
It is suggested that companies use the opportunity to outline their
own skills and how they are involved in this rapidly expanding
domain. References to developments in the Asia-Pacific region will
be appreciated – though the cyber world does not recognise national
boundaries. Because there has to be some limits on what can sensibly
be included, we are looking for contributions from companies of
substance – so a minimum of 2 years involvement in this field, 10
or more employees directly engaged in cyber security activities and
with some reference contracts. Contributions will be published in full
and at no cost.
Submissions should reach us by 1 July 2014
and company logos can be attached:
Logos must come in High Resolution 300 DPI jpeg or pdf.
For further information on matters of content and style,
please contact the Editor, Kym Bergmann at
For information regarding advertising opportunities
please contact Mr Graham Joss at
firstname.lastname@example.org or +61(0)419492836
for full details or your local representative.
25/02/14 11:19 AM
certainly true where data storage must be mirrored in another secure site, so that loss
of the main site does not stop the organisation from functioning efficiently. High grade
encryption devices are required when moving this data between the main site and its
It is also vital to keep accurate and granular visibility of disk data storage either on
the main site or the mirrored site, to ensure that it has not been tampered with. If it has,
which set of data would you trust?
APDR has been looking at the issue of data security and COTS products which
can provide the necessary oversight. One such product, Emulex’s Endace Probe INR,
is used in high rate transaction systems in the financial services industry and appears
to be highly relevant to Defence’s networks. It is claimed to deliver low latency 100%
accurate packet capture and network recording in 10 Gigabyte Ethernet (GbE)
environments, and even faster, as well as providing nanosecond accurate timestamps
for every packet. This enables fast identification of problems, so that remediation is
prompt and accurate.
Apart from password protection of portable devices like laptop computers and
encryption of data on hard drives, DVDs, memory sticks and data cards, physical
security of these is also very important.
PHYSICAL SECURITY IMPORTANT
The reported loss of a memory stick from an officer’s rucksack in Afghanistan,
containing AUSTEO information for use by the most senior Australian military
commander and his immediate staff, highlighted the dangers of not ensuring physical
The memory stick was not returned. A reasonable conclusion would be that some
foreign agency acquired it, by whatever means, and had plenty of time to ‘crack’
(decrypt) its contents. Even if the memory stick had been returned, what confidence
could be held in its contents without an extensive verification process?
ASD’s position is that “Physical security is fundamental to all security efforts.
Without adequate physical security controls, all other information security measures
are considerably more difficult, if not impossible, to initiate.
“Physical security requires that equipment and infrastructure be safeguarded in a
way that minimises the risk of resource theft, destruction or tampering, for example
by limiting access to areas housing network infrastructure. Physical security can not
only assist in preventing malicious damage, but also reduces the risk of accidents and
inadvertent errors affecting a system.
“A single layer of physical security, such as an identification pass that allows building
access, is insufficient to mitigate the risk of compromise. A layered approach to
physical security works to progressively limit access to systems and infrastructure to
authorised personnel only, and prevent a shortfall in one security layer from leading to
a wider, more serious failure.
“This is a practical example of the defence-in-depth concept being applied to the
information security space. As an example of a layered approach, an agency could
require identification passes for building access as well as targeted swipe access
to specific rooms which accommodate lockable containers for storing information or
Disposal of equipment no longer required needs special labelling and handling. After
all, allowing a specialised piece of encryption equipment to fall into the wrong hands
could provide a means for targeting the current operational systems.
THE CYBER BATTLE CONTINUES
There will be an ongoing battle of wits and technology, without an end in sight, to
ensure that Australia’s defence information remains secure and can always be relied
on by Defence personnel, governments and our allied partners.
27/02/14 7:21 PM
Links Archive APDR Feb 2014 APDR April 2014 Navigation Previous Page Next Page