CERT (Computer Emergency Response Team) Australia was established by the Government in 2010. It is described as Australia’s national computer emergency response team. CERT is not a regulator and does not compete with private cyber security services. Rather, its purpose is to be the main government contact for cyber security issues affecting major Australian businesses.
CERT’s primary functions are to:
- respond to cyber security incident reports logged by major Australian business partners
- provide support and advice in the mitigation of adverse cyber incidents
- monitor cyber security incidents or attacks to develop understanding of threats in cyberspace
- provide advice and alerts to its partners thereby enhancing cyber security resilience
CERT is an important government entity that implements various initiatives under the Australian Government’s 2016 Cyber Security Strategy, for example:
- Management of the Joint Cyber Security Centre program, which brings together business, academia and government agencies to enhance collaboration on cyber security
- Delivery of the Australian Internet Security Initiative by providing information to internet providers on malware infections and service vulnerabilities, and to help them advise their customers of risks
Through information sharing, CERT is also able to support the work of other law enforcement and intelligence agencies such as the Australian Security Intelligence Organisation, the Australian Federal Police, the Australian Criminal Intelligence Commission, the Australian Signals Directorate and the Defence Intelligence Organisation.
CERT’s role in relation to national security
Threats to critical infrastructure
Many Australian businesses deliver essential services like banking and finance, energy, resources, communications, water and transport through critical infrastructure and nationally important assets.
Furthermore, information and communications technology, internet connectivity, and control systems have also become crucial in supporting critical infrastructure delivery. However, such reliance on these technologies has increased the risk of adverse cyber episodes occurring. Thus, if these systems were compromised it could significantly impact on Australia’s economy and national security.
The Australian Internet Security Initiative (AISI)
Consequently, CERT provides support and advice to Australian businesses that own and operate Australia’s critical infrastructure and other systems of national interest as part of the AISI. In essence, the AISI is a public-private partnership where Australian internet services voluntarily work with CERT on a variety of cyber security issues.
Under this initiative, daily email reports are also sent to internet providers which identify IP addresses on their networks that have been infected by malware or are potentially vulnerable to malicious activity. This means participating internet providers can use the AISI data to notify affected customers and give advice on how they can repair their compromised or vulnerable system.
From these daily reports, CERT is able to produce pertinent statistical information that illustrates the extent of malware infections and service vulnerabilities on an internet provider’s infrastructure. CERT’s statistical analysis reveals (among other results):
- That between 24 November 2017 to 23 February 2018, the total malware infections observed on IP addresses provided by participating members peaked at 27,367 on 5 January 2018 and was lowest on 13 January 2018 with only 2,558 observations logged; and
- Between that same period, the most reported type of malware was an infection called Marcher with 21,816 incidents observed on 5 January 2018.
- Marcher malware applications are unintentionally installed through software acquired through untrusted sources. These applications can substitute genuine authentication fields within banking apps on an Android device with its own fake fields. Consequently, a person’s banking credentials are stolen and sent to malicious actors
In interpreting these results, CERT advises that caution should be applied since this data contains many changing variables. For example, a decrease in reported malware observations may not necessarily signify its reduced occurrence but rather its ability to evade detection.
Other common cyber threats
CERT reports that the cyber threat to Australia’s national security is undeniable. Common threats impacting Australian businesses and government bodies include:
- Ransomware which renders a computer unusable until payment is made by the victim
- Phishing – a malicious practice where mass emails are sent to unsuspecting people to influence handing over sensitive information (identification, residential address, banking details etc.) to cyber criminals
In conclusion, given the increasing threat to Australia’s information technology infrastructure and its potentially damaging effect, it is clear that CERT Australia plays a crucial prevention function within the national security framework.
Nyman Gibson Miralis advises and represents individuals and corporations dealing with international and national security investigations and probes, interviews, administrative decisions and related court proceedings.
Contact us if you require assistance.