Navigating the Future of Cybersecurity – Insights From AISA Canberra 2024

0

By Eoin O’Carroll, Solutions Engineering Manager for APJ at OPSWAT

As a Solutions Engineer at OPSWAT, staying on top of emerging trends and technologies in cybersecurity becomes a professional responsibility and a personal passion. At the AISA Canberra 2024 event, many industry experts convened to discuss the latest developments and challenges shaping the cybersecurity landscape.

One of the most enjoyable parts of attending large events like AISA Canberra is meeting people from different backgrounds and experience levels. At Canberra, many attendees were from government or defence organisations. Still, you also get students, vendors, resellers, service integrators, enterprise professionals, and this year, many risk and compliance professionals.

Unsurprisingly, there was a lot of buzz, questions, and discussions around AI, and any speaking topic with AI in the title also had a large audience, with people queueing outside before the session began.

OPSWAT Chief Product Officer Yiyi Miao delivered a key session, sharing insights on building a holistic perimeter defense strategy for IT and OT networks. The session emphasised integrating OT security into broader defence strategies, recognising the interconnected nature of IT and OT environments.

Miao’s key principles for holistic perimeter defence strategy include:

  • Minimise Attack Surface: Focus on reducing vulnerabilities and potential entry points for cyber threats to enhance overall security posture and resilience;
  • Address Weak Links: Prioritise addressing vulnerabilities within organisations, focusing on the weakest links rather than solely relying on perimeter defences;
  • Secure Data Transfer: Implement robust encryption protocols and data transfer mechanisms to safeguard critical assets’ integrity and confidentiality;
  • Proactive Defense: Adopt a proactive approach to identify and mitigate threats before they escalate rather than reacting after incidents occur; and
  • Tailored Threat Prevention: Leverage advanced threat prevention technologies tailored to specific organisational needs and threat landscapes.

These steps made the OPSWAT Australian team think about how it can align information in its presentation with the Australian Signals Directorate’s Information Security Manual (ISM). The plans will hopefully guide how OPSWAT can help prevent the exploitation of known attack vectors while also being within the recommended guidelines from the ASD.

Mapping ASD Guidelines to Perimeter Defense Strategies:
Guidelines for Data Transfers: Describes controls for both manual data transfers and data transfers using Gateways or Cross Domain Solutions.
  • Manual import of data – ISM-0657; Revision 6, Ensure the data is scanned for malicious and active content.
  • Manual import of data – ISM-1778; Revision 0, All data that fails security checks is quarantined until reviewed and subsequently approved or not approved for release.
  • Manual export of data – ISM-1187; Revision 3, Data is checked for unsuitable protective markings.
  • Manual export of data – ISM-0669; Revision 6, Keyword checks are performed within all textual data.
Guidelines for Media: Describes controls to enforce management of media, including removable media usage.
  • ISM-1600; Revision 1, Media is sanitised before it is used for the first time.
  • ISM-1642; Revision 0, Media is sanitised before it is reused in a different security domain.
Guidelines for Gateways: Zero-trust architecture is gaining traction as organisations recognise the necessity of fortifying their security postures in a perimeter-less environment, enhancing access controls and reducing the attack surface.
  • ISM-0626; Revision 6, Cross Domain Solutions are implemented between Secret or Top-Secret networks and any other networks belonging to different security domains.
  • ISM-0635; Revision 7, Cross Domain Solutions implement isolated upward and downward network paths.
  • ISM-1522; Revision 3, Cross Domain Solutions implement independent security-enforcing functions for upward and downward network paths.
  • ISM-1521; Revision 3, Cross Domain Solutions implement protocol breaks at each network layer.
  • ISM-0643; Revision 7, Evaluated diodes are used for controlling the data flow of unidirectional gateways between an organisation’s networks and public network infrastructure.
  • ISM-0645; Revision 7, Evaluated diodes used for controlling the data flow of unidirectional gateways between SECRET or TOP SECRET networks and public network infrastructure complete a high assurance evaluation.
  • ISM-1157; Revision 5, Evaluated diodes are used for controlling the data flow of unidirectional gateways between networks.
  • ISM-1158; Revision 6, Evaluated diodes used for controlling the data flow of unidirectional gateways between SECRET or TOP SECRET networks and any other networks complete a high assurance evaluation.
  • ISM-0659; Revision 6, Files imported or exported via gateways or Cross Domain Solutions undergo content filtering checks.
  • ISM-0651; Revision 5, Files identified by content filtering checks as malicious, or that cannot be inspected, are blocked.
  • ISM-1288; Revision 2, Files imported or exported via gateways or Cross Domain Solutions undergo antivirus scanning using multiple different scanning engines.
  • ISM-0649; Revision 8, Files imported or exported via gateways or Cross Domain Solutions are filtered for allowed file types.
  • ISM-1287; Revision 2, Files imported or exported via gateways or Cross Domain Solutions undergo content sanitisation.
Guidelines for Software Development: Recent supply chain attacks underscore the urgency of securing the entire supply chain ecosystem. Enhanced vetting processes, continuous monitoring, and threat intelligence sharing are imperative for mitigating supply chain risks.
  • ISM-1730; Revision 0, A software bill of materials is produced and made available to consumers of software.
Guidelines for Email: Proactive risk management and the cultivation of cyber resilience are paramount as cyber threats grow in sophistication and unpredictability. Comprehensive risk assessment frameworks, incident response plans, and cyber insurance are essential components of resilience strategies.
  • ISM-1234; Revision 5, Email content filtering is implemented to filter potentially harmful content in email bodies and attachments.
  • ISM-0270; Revision 6, Protective markings are applied to emails and reflect the highest sensitivity or classification of the subject, body and attachments.
  • ISM-0271; Revision 3, Protective marking tools do not automatically insert protective markings into emails.
  • ISM-0272; Revision 4, Protective marking tools do not allow users to select protective markings that a system has not been authorised to process, store or communicate.

By aligning cybersecurity strategies with ASD guidelines, organisations can enhance their defence mechanisms, mitigate risks, and ensure compliance with industry standards. The discussions and insights from AISA Canberra 2024 reinforce the importance of a comprehensive approach to cybersecurity, integrating advanced technologies and proactive measures to safeguard critical assets.

Share.