Submissions
We recommend a project to comprehensively identify and amend laws and regulations to empower more robust defence of cyber threats to the Australian cyber security eco-system.
We urge immediate clarification of existing laws and targeted amendments to address three significant gaps undermining Australia’s legal legitimacy of cyber deception.
By using active cyber defence techniques, organisations can increase their chances of preventing and identifying cyber-attacks, as well as collecting evidence for legal action. However, this submission also acknowledges that there are some challenges and risks associated with the use of active cyber defence in the context of the specific reforms proposed in the Cyber Security Legislative Package 2024.
2023
2023-2030 Australian Cyber Security Strategy Discussion Paper
ACDA Response to the Australian Cyber Security Strategy Discussion Paper
There is an urgent need that the Australian Cyber Security Strategy (CSS) clarify lawful actions in the defence of digital property.
Why and how QLD Government should adopt and active cyber defensive posture.
This submission points out challenges and risks to active cyber defence from the specific reforms proposed in the Cyber Security Legislative Package 2024.
“Let me just clarify that by 'active cyber defence' we're referring to lawful countermeasures in the category of intelligence gathering, in deception tools and in active threat hunting. We picked up the language from Australia's former Head of Information Warfare, Major General Marcus Thompson, who always draws out this uncomfortable grey area between the passive defence that we all take for granted as cybersecurity and true offence, which is the sole domain of the appropriate agencies. There's a lot that we can and should do to defend ourselves.”
The ACDA believes that the adoption of Active Cyber Defence will provide Government and the private sector with a clear, effective, consistent and proportionate approach to cyber defence of critical infrastructure, systems of national significance, and critical infrastructure sector assets, by , inter alia, helping to establish new norms of behaviour through prescribed rules, which will be co-designed between industry and government.
While general, sector-level intelligence feeds is helpful, the challenge is closing the gap on threats that are specific to Australian critical systems. Active Cyber Defence measures have been demonstrated to be effective in providing targeted intelligence and response that is tailored to the Australian ecosystem and local assets, in a way that is complementary to global advice. These activities can easily be undertaken by the asset owner, and/or coordinated at a national level.
Papers
Australia is under assault from cyber-attacks and malicious cyberactivity conducted by states and ‘hybrid actors. Cyber-attacks pose a serious threat. To counter this threat, use of active cyber defence (ACD) – such as fake files and credentials can deter and detect malicious actors, often more efficiently and effectively
How far can companies and non-government organisations go to protect themselves from cyber threats? Groups like the Active Cyber Defence Alliance (a group the authors are affiliated with) have been calling for legal clarity around the notion of “active cyber defence”.
The NCSC is invitation for organisations to contribute evidence of cyber deception use cases and efficacy to support cyber research goals.
Selecting and training the right people who possess the with the soft skills needed understand intelligence and deception operations is an essential part of an overall cybersecurity strategy.
Inform procurement decisions by specifying the capabilities that an effective threat intelligence solution must deliver.
WHAT IS HOLISTIC CYBER THREAT INTELLIGENCE?Intelligence is information and advice that enables you to understand your adversary’s intentions and capabilities and intentions. Holistic cyber threat intelligence gathers data on threats that are specific, or at least relevant, to your organisation and seeks answers to the questions: What? When? Where? How? and sometimes Who? and Why? The nature of this threat intelligence changes as an attack moves through the before, during and after phase as outlined in figure 1 below. An holistic threat Intelligence capability will provide timely, relevant, reliable and actionable intelligence throughout the entire continuum of a cyber engagement. Effective, cyber threat intelligence should enable operational staff to pre-empt attacks and materially reduce the occurrence of, and damage from, successful attacks.
The ASD’s Essential 8 details top priorities in Cyber Threat mitigation. We show how cyber deception fits within the E8 framework. Deception as an Inversion of Reality
We show how Cyber Deception tools enable early detection of supply chain breaches like the SolarWinds event.
Well established procedures already exist in the Australian public sector for systematic sharing of information between organisations that can be used for Cyber Threat Intelligence sharing. The Victorian State Government Office of the Victoria Information Commissioner (OVIC) is a good model of public sector information sharing governance.
How an active incident response enables defenders to take the initiative against the adversary in a cyber crisis.
ACDA content licence
The ACDA mission is to further sovereign Active Cyber knowledge and maturity through the significant expert experience of the ACDA members and contributors.
The ACDA distributes content through the Creative Commons license to give everyone from individual creators to large institutions a standardised way to grant the public permission to use their creative work under copyright law.
All Creative Commons licences require that users of the work attribute the creator. This is also a requirement under Australian copyright law. This means you always have to acknowledge the creator of the CC work you are using, as well as provide any relevant copyright information.
The following information is a guide to help ensure you are attributing the creator of a CC licensed work in the best possible way.
What to include when attributing an ACDA work.
The same basic principles apply to providing attribution across all CC licences. When attributing a work under a CC licence you should:
Credit the creator;
Provide the title of the work;
Provide the URL where the work is hosted;
Indicate the type of licence it is available under and provide a link to the licence at https://creativecommons.org.au (so others can find out the licence terms); and
Keep intact any copyright notice associated with the work.