Speakers
Synopsis
In an era where digital advancements have become the backbone of society, the presentation delves into the intricate web of cybersecurity threats facing Australia. Utilizing the 80s TV show ‘The A Team’ as a metaphor, the presentation unravels three interwoven topics that highlight the precarious state of cybersecurity in Australia – a nation where the future has already arrived.
The first segment exposes an often overlooked yet alarming attack vector; local councils and municipalities. These entities are generally lower in security maturity yet serve as a third-party gateway which, when compromised, provide threat actors with access to council operated SCADA, and a possible pivot point into other joined networks of critical infrastructure providers. This vulnerability poses a significant risk to society. As state-backed adversaries could exploit it to orchestrate substantial disruptions in areas such as water supply, waste, CCTV, and energy management systems. Drawing upon experience working with multiple clients in this vertical, the presenter will ‘game-out’ this attack vector throughout the presentation.
The discussion then progresses to the dynamic and ever-evolving threat landscape, highlighting the deployment of disinformation campaigns designed to instigate panic and societal confusion in the aftermath of cyber-attacks. The presenter will draw upon previous examples of cyber disinformation campaigns to expand on this scenario; outlining how a disinformation campaign would likely take place following a successful widespread cyber-attack against multiple local councils and municipalities, and the subsequent disruption critical services.
The presenter will look to underscore the evolving nature of threat actors, likening them to the historically popular tv show ‘The A Teams’ antagonists. In which different criminals perpetrate a new scheme each episode yet are played by the same actors – in other words, different faces with the same underlying identity. This comparison extends to the strategic objectives of cyber threat actors, constantly developing and evolving malicious campaigns aimed at undermining societal trust in systems and government services.
The final segment reviews the current state of cybersecurity responses. Describing where existing gaps between federal, state, and local government can be exacerbated in a widespread, major cyber event; and highlighting how a disconnected and siloed response is ineffective against the sophisticated and coordinated nature of modern cyber threats. This section also briefly examines recent attacks on Australian organisations and outlines struggles in responding to these campaigns. The ‘A Team’ metaphor recurs, depicting our cybersecurity heroes in a perpetual game of whack-a-mole, moving from one crisis to the next, highlighting the fragmented nature of national cybersecurity efforts. The topics and ideas raised will be used to impart upon the audience a critical weakness; the inadequate response capabilities to a widespread cyber-attack targeting local councils, especially those near strategic assets. Outlining the extensive attack surface and potential consequences of such attacks, including the failure of public services.
The final message is clear: if we fail to ‘hear the music’ – to stay vigilant and adapt to the rhythm of the cyber threat landscape – we risk losing our seat at the table of secure and resilient nations.
