By Linton Burling, GM, Vault Cloud
It’s no longer possible to predict how cyber-attacks will evolve or who they are likely to target. In fact, it was only just over a year ago that Prime Minister Scott Morrison warned of an influx of attacks from a sophisticated “state-based cyber-actor” targeting a range of political and private-sector organisations across Australia and we have seen a number of them target key critical organisations from healthcare providers to food distribution suppliers.
This concern is no more pertinent than within the operations of Australian defence suppliers. While these organisations are already subject to a set of security parameters through the Defence Industry Security Program (DISP), managing cyber risk is not just a ‘box ticking’ exercise. Suppliers need to use the highest standards of cyber security – as any kind of incident could have catastrophic consequences.
A pivotal aspect of cyber security strategies within defence is the use of a robust secure internet gateway (SIG). However, these can often be incredibly costly and complex to set up, delivering many features that simply aren’t necessary for the protection of critical data.
Defence suppliers need a high-level of cyber resilience in all aspects of their infrastructure, although these rigorous standards can be met and exceeded without having to spend huge amounts on SIG deployments.
What are the most important aspects of SIG for defence suppliers?
A secure internet gateway is a package of solutions and services that secures the networks and data of important organisations. At its core, it involves placing your network inside a highly-secure physical and virtual perimeter, offering protection from any manner of cyber-attacks – from ransomware to phishing to DDoS – at an infrastructure level.
While there is a range of SIGs available to defence organisations, deployments must be at a higher standard than most other firms as these departments are bound by the strictest security protocols and regulations.
As a best practice, defence organisations need to ensure their SIGs meet the Australian Signals Directorate’s (ASD) rigorous requirements and are assessed by the Information Security Registered Assessors Program (IRAP). This will ensure they are up to defence-level standards and meet all required compliance and regulatory obligations.
SIGs should also be supported by a 24/7 Security Operations Centre, which can take some of the anxiety away from managing network environments and maintaining security. These solutions should be highly scalable and designed to grow as the needs of the organisations change.
Getting the most out of SIG
Many of the solutions in the market provide additional services that aren’t necessary to keep networks secure, and may not be needed by SME defence supply chain organisations, creating unnecessary additional costs to the organisation.
When looking for a SIG solution, organisations should look for packages that can be molded to fit their unique needs — whether they are just looking for SIG as a stand alone product or part of a cloud subscription, whether it be deployed across a multi-cloud or hybrid cloud environment.
Taking the time to assess the deployment options available provides defence suppliers with the flexibility to choose the path that fits their current network and bandwidth requirements, whilst still meeting the most rigorous security standards possible.
As networks become more distributed, regulations rapidly change and security threats become more varied and sophisticated, defence supply organisations can no longer rest on their cybersecurity laurels. They need to ensure they are protecting their network with a best-of-breed solution that prioritises the needs of their organisation, as well as its important information.
