Attributed to Sean Duca, Regional CSO of JAPAC, Palo Alto Networks
In an ever-increasingly connected world where our work lives, personal lives, and finances have all gravitated online, cybersecurity is needed to keep us safe from cybercriminals, hackers, and others who look to disrupt our digital way of life.
According to the Australian Cyber Security Centre, Australians are reporting cybercrimes every 10 minutes, with an average cybercrime loss of $700. Likening this to the physical world, it is the equivalent to a gangster knocking on your door every 38 seconds trying to break into your home – and that is just for 2.3 million active businesses in Australia alone.
Cybersecurity protects the data and integrity of computing assets belonging or connecting to any organisation’s network or even to our own home networks. Its purpose is to defend those assets and information we value against all cybercriminals and threat actors as they launch their attacks. We protect our organisations, employees, and individuals, by raising awareness and training, implementing cybersecurity tools, and managing cyber risk like any other risk should be managed. Whilst the average Australian business and citizen can take some measures to protect themselves, the unfortunate reality is that the majority lack the resources or skills to protect themselves.
This is where the concept of ‘Clean Pipes’ comes in. Essentially, internet service providers (ISPs) could provide security services to their customers to deliver a level of default security, free of malicious software targeting our organisations and systems at home and prevent cybercriminals from sending our data out to their systems.
Having ‘Clean Pipes’ protects everyone
For some time, ‘Clean Pipes’ has been discussed by many in government and technology circles. Most recently, the 2020 Cyber Security Strategy noted the importance of businesses, particularly telecommunications providers, automatically blocking known malicious threats to protect Australians and Australian businesses from at speed and scale. It notes that the Government will, over the life of the Strategy, support businesses to implement threat-blocking technology that can automatically protect citizens and businesses from known malware and trojans. This would help prevent and minimise harm to organisations and Australian citizens who cannot protect themselves.
The Strategy also notes Telstra’s “Cleaner Pipes” initiative announced in May 2020. Telstra should be lauded for paving the way with this initiative, which involves Telstra’s Domain Name System (DNS) filtering, where millions of malware communications are being blocked as they try to cross Telstra’s networks.
DNS in short is a system used by computers connected to the internet which allows us to browse the Internet and make it a more human-friendly place.
Why blocking DNS traffic is not enough
Is blocking DNS traffic enough to block the greatest number of threats? The short answer is no – case in point, the most recent example on Telstra last week. That said, here are the top three reasons why:
Firstly, stopping just malicious DNS traffic means that you are only seeing the traffic after a system has been compromised. You are only stopping traffic after an infection has taken place.
We need to see all traffic, not just DNS, as it is only one of the many ways, cybercriminals communicate to their own servers. Not all DNS traffic is bad, but we need to see when infected systems are communicating in real-time, whether they use the DNS service provided by their ISP or someone else’s DNS service.
Secondly, in order to really stop the flow of cybercrime activity, we need to get ahead of the problem – before a system is compromised and have a consistent approach to see all the threats, such as exploits, malware, and other malicious content and prevent them in real-time across every telco and ISP in Australia. This allows us to move beyond just blocking a domain or IP address a cybercriminal uses and enables us to also prevent the techniques cybercriminals use, such as changing or switching domains at regular intervals.
Thirdly, as noted in the panel’s recommendations, this should be an industry-led solution. The intelligence that the largest organisations and government agencies in Australia have, should be fed into this system for the benefit of all. This is not a solution to prevent you from going to your favourite website, but rather to stop you and your systems from being attacked by known threats, and prevent your systems from automatically communicating to the servers used by cybercriminals.
In cybersecurity everyone has a role to play
Cybersecurity is a team sport and one where we all have a role to play.
If the Australian government adopts a policy as recommended by the industry advisory panel, the government should work with ISPs, leading Australian companies, and the cybersecurity industry on what ‘good’ looks like. Leaving ISPs to decide the standard here is like having school students mark their own homework.
The more we come together to build this system, the more we can prevent cyber attackers from jeopardising our finances, stealing our information, and disrupting the livelihoods of all Australians.
