Jump to content

All Activity

This stream auto-updates

  1. Last week
  2. Earlier
  3. until
    What Engineers Should Know About Cyber-attacks and Defence in Organisations An Engineering Education Australia webinar: The cyber-threat landscape has shifted in recent years, with increasingly organised and sophisticated threat actors (attackers) recruiting technology experts into purpose-built teams. These teams are then deploying military-grade cyber weaponry against Australian organisations. Threat actors deny organisations access to their own information technology services, and steal sensitive information including intellectual property, trade secrets, engineering blueprints and customer data. Although cybersecurity has become the subject of much practice and research, the focus of organisations has traditionally been on identifying and mitigating technology vulnerabilities and less on organisational strategy. This webinar presents a case study of a large-scale organisation that successfully defended itself from advanced and persistent cyber-attacks over a period of years. The webinar presents the organisation’s prevention strategy and details how its cybersecurity teams respond to cyber-attacks. Understanding the broad context of cyber-attacks and defence is critical for all professionals, however particularly valuable to engineers working in critical infrastructure sectors. This webinar is the first in a series delivered in partnership with the University of Melbourne aimed to improve knowledge and capability of engineers in securing and protecting organisational data and intellectual property. This webinar is delivered in partnership with the University of Melbourne. Learning outcomes Describe and critically reflect on cyber-attacks and defence in the context of contemporary organisations Critically analyse the role and utility of cybersecurity incident response in protecting information assets in organisations Critically analyse organisational response to cyber-attacks from the integrated perspective of people, process and technology Identify key people, process and technology barriers to effective incident response to cyber attacks
  4. 5 reasons you should no longer ignore a Cyber Security Strategy Register at https://opc.com.au/free-cyber-security-webinar Aimed at business leaders within Australian SMB’s, this non-technical webinar provides practical information and advice on how to protect your business against a cyber attack. In Australia, a cyber attack happens every 10 minutes*, with 87% of small and medium businesses believing they are safe with antivirus software alone, no Australian business can afford to miss our one hour cyber security webinar. What you will learn Latest cyber security practices Emerging cyber threats and the new cyber criminal The impact of the pandemic on cyber security and the effect on Australian businesses Understand your risk of exposure to a cyber attack How to recover from an attack Why every Australian business must invest in managed cyber security Why you need to attend this webinar COVID-19 has accelerated remote working and most businesses have had to adapt to this working model even if it was unfamiliar. Remote working brings an increased risk of identity theft and corporate attack. Cybercriminals can mine for employees' identities through: Phishing scams Password credential theft Other advanced tactics Cybercriminals can enter the network under the guise of a legitimate login and then wreak havoc. There has been substantial growth in ransomware, fake apps and targeted phishing scams with over 2000 security incidents in Australia in 2020. During the 12months from July 2019 the Australian Cyber Security Centre (ACSC) responded to 2,266 cyber security incidents Cybercrime is one of the most pervasive threats facing Australia and the most significant threat in terms of overall volume and impact to individuals and businesses The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report, identified Australians lost over $634 million to scams
  5. until
    Upcoming webinar - IoT Security Guides Speaker: Frank Zeichner (CEO, Internet of Things Alliance Australia) The Internet of Things Alliance Australia (IoTAA) has published “plain language” guides to security, safety and privacy for Internet of Things (IoT) users and technology providers. The guides are the first of their type produced in Australia, according to the IoTAA, which is the peak Australian IoT industry body - although the Australian Cyber Security Centre also offers tips aimed at helping the community buy and use IoT devices securely. The IoTAA guides are designed to increase awareness of IoT risks and “actionable outcomes”. They feature tips for designing, sourcing and managing IoT technology. About Frank Zeichner Frank is a thought leader in the adoption of Internet of Things (IoT) in Australia and is foundation CEO of the IoT Alliance Australia (IoTAA), the peak Australian Internet of Things industry body, whose mission is to drive Australia's competitiveness and societal benefit through collaboration across the research, industry, government and community. Frank Zeichner is also Partner Manager for the Race2030 CRC. The Reliable Affordable Clean Energy for 2030 Cooperative Research Centre (RACE for 2030 CRC) an Industry Board member of the NSW Smart Sensing Network. Thursday 20 May 2021, 12:00pm to 1:00pm AEST Engineers Australia members: FREE Non-Engineers Australia members: $30
  6. until

    i think this is on at the same time as the following webinar. AISA Webinar: National security reform update - Changes to Critical Infrastructure?
  7. Sorry Marcus, I forgot about this post - sounds like something we should discuss further. It's something I am definitely discussing with people that I speak to at the ACSC.
  8. until
    Register for this event HERE International best practice on cyber technical and profession standards has been central to the development of cyber security as a profession. Currently it is seen as a Computing discipline and thus governed from a Professional Standards perspective by the Australian Computer Society, this has allowed Australia to establish a baseline of knowledge and skills criteria which represent the minimum expectations of cyber security technicians and professionals. Professional Standards in Cyber Security involve assertions that a standard is vendor neutral and independent, they establish the minimum professional standard of competence and built around a complete requirement for full professional formation. This is also dependent on the maintenance of competence through continuing professional development and supported by a disciplinary code with a process for public complaint and sanctions. Without Professional Standards we cannot ensure good governance, duty of care, validation and verification of results. Historically, Australia has drawn on many international workplace cyber security standards including: The United States Department of Defense Information Assurance Workforce Improvement Program National Institute of Standards and Technology, US Department of Commerce National Initiative for Cyber Security Education, Workforce Framework US Department of Labor sponsored industry Cybersecurity Competency Model This webinar looks at how NIST/ NICE standards have been drawn on in Australian professional standards and curriculum models to aid with recruitment, skilling and other workplace cyber security issues. Jill Slay Jill is the University of South Australia SmartSat Professorial Chair in Cybersecurity and leads the SmartSat Cybersecurity and Resilience Theme. She has an international research reputation in cyber security. Jill was in 2017-2019 Director of Cyber Resilience Initiatives for the Australian Computer Society (ACS) and led Federal Government work on the development of Professional Standards in Cyber Security. She has published widely and supervised >20 PhDs cyber security. She is a Member of the Order of Australia (AM), and a Fellow of ISC2 for her service in information security.
  9. Start Time: 6:00PM AEDT. Today's advanced threats from cyber criminals and state-backed organizations have undermined large utilities and critical infrastructures around the world. https://www.engineersaustralia.org.au/event/2021/02/cyber-security-and-critical-infrastructure-35626
  10. Australia's first national cyber security digital ecosystem ‘AUCyberscape’ is now available AUCyberscape is Australia’s first consolidated online destination for understanding Australia’s cyber security capabilities. The platform, which is free to users and providers, allows Australian cyber security companies to showcase their products, services, business solutions and sector experience; connect with customers; and access information to support their company development and growth. Businesses, government, investors and individuals can understand more about cyber security and their cyber security needs; search for and directly connect with Australian cyber security companies; and learn about cyber security career pathways and education opportunities. Built with 100% Australian technology and protected with 100% Australian cyber security, AustCyber has developed the platform in partnership with Insurance Australia Group (IAG), the state and territory governments of the Australian Capital Territory, New South Wales, Queensland, South Australia, Tasmania, Victoria and Western Australia, and several Australian cyber security companies. Learn more about AUCyberscape by visiting www.aucyberscape.com.
  11. until
    ACSC Challenges, Lessons Learned and Cyber Security Advice for Australian Businesses by Karl Hanmore What are the major lessons that ACSC has learned over its journey to building the Australian Government's public facing cyber centre of excellence? What challenges are you anticipating to occur in the next 5 years? What areas should Australian businesses be investing into cyber security to protect themselves (technology, people, MSSPs)? About the speaker Mr Karl Hanmore was appointed to the role of First Assistant Director-General Cyber Security Services (CSS) at the Australian Cyber Security Centre (ACSC) at the Australian Signals Directorate in January 2019. His role is responsible for leading the CSS Division of the ACSC providing advice, assistance and guidance to Australian Government, Australian industry and the general public. In this role he has responsibility for a wide range of capabilities ranging from incident response and threat intelligence through to international relationships and public messaging. Key takeaways Raise awareness of current cyber threats Promote information sharing on cyber threats (security and transparency) Ensuring ASD support for Engineer's Australia Cyber Engineering Community of Practice and alignment of delivery of cyber security outcomes Promotion of ASD as an employer of choice for cyber security roles
  12. until
    The Internet of Things Alliance Australia is proud to invite you to the launch of Australia's first IoT Security Awareness Guides. Admission is free. https://www.eventbrite.com.au/e/internet-of-things-security-awareness-guides-launch-tickets-141506225931
  13. until
    Cyber-physical System Assurance via Systems Engineering Based Regulation Presented by Mark van Zomeren Description: Using three hypothetical cases, which bear similarities to recent real-world cases, issues relating to the downside of cyber-physical systems are examined. Systems engineering principles and potential regulatory mechanisms are then considered, to determine if their application may have the potential to reduce or eliminate these issues. While these hypothetical cases do resemble real world events from over the past decade, there will be no in-depth analysis of any of them. Rather, aspects of each of these events that have been publicised are cherry-picked and considered from the perspective of systems engineering principles and potential regulatory mechanisms so that useful insights may be gained. The first hypothetical case is about industrial control systems being overrun by malicious code. Having gained access into the system in the unlikeliest of ways, this code has the ability to not only drive the industrial process into ruin, but can do so while displaying false information on the real-time operation of the industrial systems back to the operators. The second hypothetical case involves modification to a model of a stable and trusted high precision transport system produced by a highly trusted manufacturer. These modifications result in the need for code to be used to stabilise a now inherently unstable system. The third hypothetical case relates to the ability of original equipment manufacturers to reach through cyberspace to enable or disable features, without the consent of the system owner or end user, of electromechanical systems they have produced and delivered. Without delving into the motives of the actors involved in these three hypothetical cases, this webinar will consider design decisions that may be applied in each case to mitigate many of the adverse outcomes that would otherwise be likely to arise during the operation of these systems. Consideration is then given to how these design decisions could be more generally applied elsewhere as system design principles, then integrated into organisational policy, and finally as part of a regulatory regime. Key takeaways: For cyber-physical system development, consider: - Integration of multiple and diverse methods of measurement for critical system performance - Designing for pervasive through-life operational test & evaluation, trending to constant monitoring - Multiple, and graduated, degraded states of operation across various levels of operation - For all cyber-interfaces between the system and other systems, endeavour to agree on, and communicate in, the same language for cyber risk and cyber test & evaluation About the speaker: Mark has over 15 years of experience working on sustainable energy systems, critical infrastructure, and airfield infrastructure and is a trained systems engineer with a focus on test & evaluation and design of experiments. Through extensive public sector policy development experience, Mark has had the opportunity to integrate classic and contemporary systems engineering principles into infrastructure development and sustainment activities. Mark is conducting research into technical assurance models and frameworks for through-life resilience of cyber-capable physical systems.
  14. Often cyber security involves a lot more than a technical solution. It requires taking into account people, cultures an economics at macro and micro levels. Non technical factors can create blind spots that attackers can exploit that can surprise designers. Such as the belief in compliance by users even the malicious one or that a user of a system would inconvenience many for a small perceived benefit. Have a look at the case study of prepaid electricity meters in Ross Andersen's security engineering book that shows how you need to account for cultural, social and economic issues to make a solution work. Legal solutions can drive organisational and market behaviours to improve security; data privacy, cloud and CNI/CI are great examples. \ Cyber problems are fascinating because they are so complex. There is no right answer, just less bad ones.
  15. I started my working journey as a Naval Artificer Apprentice many many many decades ago specialising at the time in RF, EW, Navigation Aids, Secure Comms, Crypto machines, Teletypes, and related technologies. The journey from that point onwards included many different experiences in the Navy, Defence and eventually the commercial world developing systems, executive management, consulting and also CIO/ COO roles. The world is your oyster.
  16. One of the WW2 security awareness slogans and posters was “Loose lips sink ships”, so maybe for our modern times it could be “Fickle fingers destroy enterprises”.
  17. Cyber has blurred the traditional, very clear, boundaries between peace and war. The area between is often referred to as the ‘grey zone’. While the tactics used in the cyber domain have been used for centuries (think military deception, psychological operations, and information operations), the scale and speed of the conduct of these activities in cyberspace is unparalleled. We are in a constant state of competition, and cyber threats are increasing in frequency and sophistication.
  18. Sometimes it’s obvious – such as through ransomware messages, fake anti-virus messages, or phishing malware. But often, it’s not so clear, difficult to detect and goes unnoticed for a long time. The Australian Cyber Security Centre has published some handy information about hacking which you can find here: https://www.cyber.gov.au/acsc/view-all-content/threats/hacking. My suggestion would be to make sure you’re doing the basics well, and focus on increasing security to reduce the likelihood of a cyber breach.
  19. Information Warfare Division has a diverse workforce which includes ADF, APS and contractors. Like any government department, we advertise externally for positions we have available, so keep an eye out in the Public Service gazette. Alternatively, if you’re interested in a career in the ADF, visit defencejobs.gov.au.
  20. As I’ve said before, I’m open to all good ideas! Last year, we took part in a capture-the-flag competition with a cyber incident response team from National Australia Bank. I’d be very keen to see similar activities in the future.
  21. I’m referring to the humanities professions, such as Analysts, Lawyers, Anthropologists, and Psychologists etc. These professionals all have a role to play as the ‘Arts’ in Science, Technology, Engineering, Arts and Maths. We need to integrate the technical and humanities elements to solve complex problems in the cyber domain.
  22. Covert activity is not an ADF mission. However, all engineering disciplines must be engaged in this cross-disciplinary challenge.
  23. Absolutely. The Government has been crystal clear with Defence that we must engage closely with Australian industry. We will achieve national resilience in cyber space only if Government, industry, academia and individuals work together to develop collective resilience.
  24. I’m open to any and all good ideas here! If there are options for re-deploying the skills of experienced retiring engineers, we should consider it.
  1. Load more activity
  • Create New...