G20 guests will benefit from Australia's "leading edge" IT security nous: expert

Australian government agencies' world-leading adoption of formal security controls will put the country in good stead to help foreign ministers better handle cybersecurity attacks when they gather in Brisbane for November's G20 meeting, a global security expert has warned.

As centres of gravity for political power, such meetings have proved to be high-profile targets for phishing attempts, as during the so-called 'Ke3chang' attacks when Chinese hackers seeking high-value information targeted ministers of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary as they visited the G20 summit in Russia.

Such attacks are surely in the works for the Brisbane event and will test Australian authorities' ability to forge collaborative relationships with visiting ministers, FireEye vice president and global government chief technology officer Tony Cole told CSO Australia.

"When you have something as large as the G20 coming out, there is obviously a tonne of infrastructure that has to be looked at from a state, locality, and federal government level," he said. "There's infrastructure going into the hotels, and redundancy added, and people brought in to monitor what's happening."

With such a range of IT security skills present in a small space, there were bound to be conflicts and challenges in encouraging a unified front against cyber-criminals, continued Cole, who recently visited Australia to meet with a range of high-level government security managers in the leadup to the G20.

"The problem you have, primarily, across the board is ensuring that people are educated on the new types of threats that are out there and the things that can happen to them," he explained. "In the conversations I've had recently, I can tell you that with the number of different agencies involved in this, many of them are not aware of the changing threat landscape – which is problematic."

Citing education on these threats as "the number-one component that needs to be done," Cole warned that the influx of foreign IT specialists would complicate things further as the G20 neared.

"Out of all the C&C servers in the Ke3chang campaign, we only had access to one of them for a week and still pulled up a tonne of very valuable information," he said. "There's nothing in my mind, looking at the research done in this area, that would tell us that they're not going to try again."

Security specialists supporting the G20 event will be connecting and servicing IT components that have already been compromised through social-engineering and other attacks – as happened in last year's G20 as well as during similar global events such as the London Olympics.

"There's an enormous amount of work going on to stop this, but there's a great chance that many of the ministers showing up with their staff are already compromised," Cole said.

"The question is whether they are willing to have an infrastructure in place that can identify callbacks to known command-and-control servers, then stop those callbacks and even have a government agency telling another one that they have systems beaconing out to known C&C servers."

Australian departments were well ahead of the curve in implementing new cybersecurity controls, Cole noted, with the SANS Institute's Top 20 Critical Security Controls and the Australian Signals Directorate's (ASD's) 35 Strategies to Mitigate Targeted Cyber Intrusions offering helpful guidance to ensure that local information security is as effective as possible.

"In Australia there are wonderful things happening," he explained, citing the requirement that agencies comply with the top 4 ASD strategies. "They are truly at the leading edge from a government perspective."

That progress had engendered a spirit of openness and "a high level of collaboration between government agencies, at least in the federal space, about what needs to be done," he continued.

"These guidelines are really breeding collaboration across government agencies, and the G20 conversations are definitely going to continue as we help governments understand what could potentially happen and what they could do about it."