It would be easy to sit back and think that all the threat actors out there, trying to break into our systems to steal data or cause mayhem, are working in isolation. But the days of the lone wolf sitting in a darkened room, with a hoodie pulled low over their face, are well behind us.
The bad guys are well resourced and operate in a collaborative environment where zero-day exploits are traded, toolkits for creating malware are sold and botnets for executing attacks can be rented for carrying out anything from a phishing campaign to a large scale DDoS attack.
Dr Maria Milosavljevic is Chief Information Officer of AUSTRAC, the Australian Transaction Reports and Analysis Centre. AUSTRAC is Australia's financial intelligence agency and has regulatory responsibility for anti-money laundering and counter-terrorism financing. They identify threats and criminal abuse of the financial system, and act to protect Australia's economy.
Their vision is to work closely with law enforcement, national security, regulatory and private sector partners in order to better detect, prevent and disrupt financial crime through collaboration, innovation and information and actionable advice sharing on a global scale.
Milosavljevic began her presentation at the recent Technology in Government conference held in Canberra by painting a picture of the world AUSTRAC sees.
There has 300% increase in terrorism reporting over recent years with organised crime costing the Australian economy around $36B. Cybercrime topped Australia’s list of economic crimes. There are over 115,000 bitcoin transactions each day and $12B are being invested in fintech startups, signalling a significant change in how financial markets work.
Global collaboration is a challenge she says. Financial systems are founded upon standards but this needs to be challenged she says.
“If you’re talking about a small country that doesn’t have the same level of innovation as a large country, how does the larger country assist them? It’s not just about giving them money. It’s about being on-site and understanding their context and truly helping them improve their capability”.
So, what does excellence look like? Milosavljevic says one of the key things is to share with intent.
“Rather than overloading everyone with everything, it’s about truly understanding what you’re truly trying to achieve and then understanding what we have to offer and vice-versa. Rather than just dumping information, it’s about actually being more responsible, taking responsibility for what you share rather than just needing to share”.
Milosavljevic reiterated a model that was used by several other speakers at the conference – the idea of a “data lake”. This is a large body of raw data from which machine learning systems, data marts and network discovery tools can be used to extract useful insights and actionable advice.
This is different to the traditional data warehouse or data mart model. The data lake is a large unfiltered mass of data which is not created with the intent to answer specific questions. Data warehouses and data marts were usually designed to answer specific business questions. With a data lake, it’s possible to ask almost any question from the data.
What will success look like?
The most important success factor, says Milosavljevic, is ensuring alignment of the intelligence network with the needs of the businesses that are involved. The user experience has to come first.
“What are we trying to achieve? Who are the real people, doing real work, under what scenarios and how do we make a difference?”.
There’s also a need to be experimental and to prepared to fail fast and move forward. This extends to realising the system may never be “done” and development and refinement will be ongoing, rather than being like a traditional project with a beginning, middle and end.
Milosavljevic’s final point was the need to break down silos.
“We see silos everywhere. Between organisations, between teams and, of course, country borders. Australia will only share within Australia. It’s not a domestic problem”.