In the last 18 months we have seen the emergence of well funded coordinated cross-border cyber attacks.
The discovery of Stuxnet last year proved beyond question that the issue of securing national and international computer systems has moved into a new era.
Unlike previous worms, Stuxnet was designed exclusively to target industrial software. Its was specialised and complex, and had badly compromise the Iranian nuclear program.
But attribution for the Stuxnet attack remains unknown.
A job for 007?
It sounds like the basis for a Hollywood film but more than 100 countries are thought to be working on ways to use the internet as a weapon.
Late last year, US Secretary of Defence, William J. Lynn III, wrote: “Every day, US military and civilian networks are probed thousands of times and scanned millions of times... Adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data.
In Australia, the situation is likely to be similar. The Government's Cyber Security Strategy states: “The risk to the Australian economy from computer intrusion and the spread of malicious code by organised crime has been assessed as high. This is particularly the case for financial transactions and sensitive commercial or personal identity information.”
The Australian Government has initiated what it calls “cyber collaboration” agreements with the UK and the USA. This is to promote “a secure, trusted cyberspace”. In addition, in June it announced plans to develop the country's first Cyber White Paper with a key focus on national cyber security.
Follow the money
Identifying who is responsible for so-called advanced persistent threats such as Stuxnet isn't easy.
Right now the USA and China are the top two countries hosting crime-ware and receiving stolen data. But just because the servers may be located in these countries, it doesn't mean the attackers are also going to be found there.
The bad guys go where the money is. Certain parts of the world become targets because they house companies with rich intellectual property.
Other countries become targets because they have a high percentage of online consumers.
China, the US, India and Japan have the highest percentage of internet users. China has more Internet users than the US has citizens, so it’s a natural target for cyber criminals.
This doesn't mean that Australian users or organisations can sit back and relax: If you have intellectual property, you are going to be a target.
The techniques used in state-sponsored attacks one or two years ago are now all but outdated.
The bad guys are moving on, down the malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack is quickly sold on as today’s $25 exploit kit.
This means that extremely complex malicious technology is easily available on the black market and armies of low-level hackers can use it to target organisations.
Last year 52 percent of data-stealing attacks were conducted over the web and 2011 doesn’t look any safer.
More advanced hacking technology had reached the global black market faster than before, and faster than security can address.
To stop targeted attacks and cross-border advanced threats organisations need new security strategies. Their content security needs to examine — in real time — the substance of each website and email.
Traditional endpoint and network security products, while a good start, are no longer sufficient.
The kind of cooperation being explored by Australia, the UK and USA is going to become increasingly essential if we are to combat the global nature of cyber attacks.
Nearly 10 years ago, Australia proved it could do this when we went down a similar path to reduce the problem of spam.
The issues associated with cyber security are of course far more complex and political realities will influence when and how international cooperation takes shape.
But, for our own protection, Australia must continue to push for greater international sharing of information, embrace real time monitoring of threats and establish cooperative cross-border investigation procedures.