Guide to Australia’s national security capability

This paper provides a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes in a range of environments, including domestically, at the border, offshore and in cyberspace. Introduction The period since 2001 has been transformative for Australia’s national security and our national security challenges continue to evolve. To meet these challenges, we need new ways to coordinate and develop our capability and to shape the national security environment. Significant advances have been made in recent years to build greater collaboration and interoperability across the national security community. However, the increasing complexity of national security threats requires an even more consistent and connected approach to capability planning that complements existing individual agency arrangements. To that end, the Government has developed a security classified National Security Capability Plan to provide a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes. This Guide offers an overview of Australia’s national security capability planning. It identifies the functions performed by the national security community and how these achieve the objectives outlined in the National Security Strategy (2013). Capability planning is one of the tools that support Government to better consider how capabilities can be directed to meet national security objectives. This ensures that capability investment is focussed and that Government can give appropriate consideration to redirecting existing capabilities to meet new or emerging risks and opportunities. It also highlights areas where agencies’ capabilities are interdependent, identifying focus areas for collaboration and interoperability. Having a better understanding of our capabilities will help us to make more informed decisions about what we need. Australia’s national security arrangements are underpinned by a number of agencies working across areas such as diplomacy, defence, development, border protection, law enforcement and intelligence. Australia’s national security agencies include: Attorney-General’s Department (AGD) Australian Agency for International Development (AusAID) Australian Crime Commission (ACC) Australian Customs and Border Protection Service (ACBPS) Australian Federal Police (AFP) Australian Security Intelligence Organisation (ASIO) Australian Secret Intelligence Service (ASIS) Australian Geospatial-Intelligence Organisation (AGO) Australian Signals Directorate (ASD) Department of Agriculture, Fisheries and Forestry (DAFF) Department of Defence (Defence) Department of Foreign Affairs and Trade (DFAT) Department of Health and Ageing (DoHA) Department of Immigration and Citizenship (DIAC) Department of Infrastructure and Transport (DIT) Department of the Prime Minister and Cabinet (PM&C) Office of National Assessments (ONA). The Capability Plan brings together, for the first time, a single view of the capabilities maintained by these agencies with the exception of Defence capabilities. Defence has a separate established capability planning process that includes the Defence White Paper (2013) and Defence Capability Plan (2012). Defence is a key contributor to Australia’s national security arrangements including leading the coordination and delivery of national security science and technology and works in close cooperation with other national security agencies. Defence capabilities will continue to be managed through existing mechanisms, principally the Defence Capability Plan. For the first time, the Capability Plan, and the accompanying Guide to Australia’s National Security Capability, presents a unified picture of the capabilities that exist across non-Defence national security agencies. Together with other strategic planning tools, this work informs the broader national security planning cycle and supports the objectives and implementation of overarching policy documents such as the National Security Strategy and the Australia in the Asian Century White Paper. The Capability Plan complements the Defence Capability Plan and does not seek to duplicate it. It should also be noted that the Guide has not been designed to signal specific initiatives or tender opportunities. Such processes will continue to be managed by individual agencies

How can SMEs benefit from big data? Challenges and a path forward

Big data is big news, and large companies in all sectors are making significant advances in their customer relations, product selection and development and consequent profitability through using this valuable commodity. Small and medium enterprises (SMEs) have proved themselves to be slow adopters of the new technology of big data analytics and are in danger of being left behind. In Europe, SMEs are a vital part of the economy, and the challenges they encounter need to be addressed as a matter of urgency. This paper identifies barriers to SME uptake of big data analytics and recognises their complex challenge to all stakeholders, including national and international policy makers, IT, business management and data science communities. The paper proposes a big data maturity model for SMEs as a first step towards an SME roadmap to data analytics. It considers the ‘state-of-the-art’ of IT with respect to usability and usefulness for SMEs and discusses how SMEs can overcome the barriers preventing them from adopting existing solutions. The paper then considers management perspectives and the role of maturity models in enhancing and structuring the adoption of data analytics in an organisation. The history of total quality management is reviewed to inform the core aspects of implanting a new paradigm. The paper concludes with recommendations to help SMEs develop their big data capability and enable them to continue as the engines of European industrial and business success. Copyright © 2016 John Wiley & Sons, Ltd.Peer ReviewedPostprint (author's final draft

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges

Advances of emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services. The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. In this paper, we conduct a systematic review of the CC standards and its adoptions. Adoption barriers of the CC are also investigated based on the analysis of current trends in security evaluation. Specifically, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project that promotes the CC among stakeholders in ICT security products related to specification, development, evaluation, certification and approval, procurement, and deployment. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented

NIST cybersecurity framework compliance: A generic model for dynamic assessment and predictive requirements

Organizations have become increasingly dependent on information systems to perform their business as usual activities. Moreover, organizations have registered an increase in the number of cyber-attacks, namely: industrial espionage, confidential information leakage, digital theft or pure damage to corporate image and reputation. In order to try to mitigate these issues, organizations like the National Institute of Standards and Technology (NIST) have made an effort to establish a cybersecurity protection guide. This paper presents a baseline for developing a generic and flexible model for manipulating key factors inside organizations: Processes, Human Resources and Technology, and extrapolate the percentage of compliance with the NIST cybersecurity framework, measure the current cybersecurity risk and allocate financial investments towards specific compliance objectives and reduce the overlapping of existing resources.info:eu-repo/semantics/submittedVersio

INTEGRATION OF INTELLIGENCE TECHNIQUES ON THE EXECUTION OF PENETRATION TESTS (iPENTEST)

Penetration Tests (Pentests) identify potential vulnerabilities in the security of computer systems via security assessment. However, it should also benefit from widely recognized methodologies and recommendations within this field, as the Penetration Testing Execution Standard (PTES). The objective of this research is to explore PTES, particularly the three initial phases: 1. Pre-Engagement Interactions; 2. Intelligence Gathering; 3. Threat Modeling; and ultimately to apply Intelligence techniques to the Threat Modeling phase. To achieve this, we will use open-source and/or commercial tools to structure a process to clarify how the results were reached using the research inductive methodology. The following steps were implemented: i) critical review of the “Penetration Testing Execution Standard (PTES)”; ii) critical review of Intelligence Production Process; iii) specification and classification of contexts in which Intelligence could be applied; iv) definition of a methodology to apply Intelligence Techniques to the specified contexts; v) application and evaluation of the proposed methodology to real case study as proof of concept. This research has the ambition to develop a model grounded on Intelligence techniques to be applied on PTES Threat Modeling phase

Automating Cyber Analytics

Model based security metrics are a growing area of cyber security research concerned with measuring the risk exposure of an information system. These metrics are typically studied in isolation, with the formulation of the test itself being the primary finding in publications. As a result, there is a flood of metric specifications available in the literature but a corresponding dearth of analyses verifying results for a given metric calculation under different conditions or comparing the efficacy of one measurement technique over another. The motivation of this thesis is to create a systematic methodology for model based security metric development, analysis, integration, and validation. In doing so we hope to fill a critical gap in the way we view and improve a system’s security. In order to understand the security posture of a system before it is rolled out and as it evolves, we present in this dissertation an end to end solution for the automated measurement of security metrics needed to identify risk early and accurately. To our knowledge this is a novel capability in design time security analysis which provides the foundation for ongoing research into predictive cyber security analytics. Modern development environments contain a wealth of information in infrastructure-as-code repositories, continuous build systems, and container descriptions that could inform security models, but risk evaluation based on these sources is ad-hoc at best, and often simply left until deployment. Our goal in this work is to lay the groundwork for security measurement to be a practical part of the system design, development, and integration lifecycle. In this thesis we provide a framework for the systematic validation of the existing security metrics body of knowledge. In doing so we endeavour not only to survey the current state of the art, but to create a common platform for future research in the area to be conducted. We then demonstrate the utility of our framework through the evaluation of leading security metrics against a reference set of system models we have created. We investigate how to calibrate security metrics for different use cases and establish a new methodology for security metric benchmarking. We further explore the research avenues unlocked by automation through our concept of an API driven S-MaaS (Security Metrics-as-a-Service) offering. We review our design considerations in packaging security metrics for programmatic access, and discuss how various client access-patterns are anticipated in our implementation strategy. Using existing metric processing pipelines as reference, we show how the simple, modular interfaces in S-MaaS support dynamic composition and orchestration. Next we review aspects of our framework which can benefit from optimization and further automation through machine learning. First we create a dataset of network models labeled with the corresponding security metrics. By training classifiers to predict security values based only on network inputs, we can avoid the computationally expensive attack graph generation steps. We use our findings from this simple experiment to motivate our current lines of research into supervised and unsupervised techniques such as network embeddings, interaction rule synthesis, and reinforcement learning environments. Finally, we examine the results of our case studies. We summarize our security analysis of a large scale network migration, and list the friction points along the way which are remediated by this work. We relate how our research for a large-scale performance benchmarking project has influenced our vision for the future of security metrics collection and analysis through dev-ops automation. We then describe how we applied our framework to measure the incremental security impact of running a distributed stream processing system inside a hardware trusted execution environment