NSW Cyber Security Network News

Letter from the Director

Dear <<First Name>>,

Hello and welcome to the first edition of NSWCSN News for 2019.

In a whirlwind start to the year, our workforce development and R&D programs are gaining momentum.

We have now connected 40 NSW high schools to teaching infrastructure to help teachers deliver digital technologies subjects. We are well on the way to reaching our target of 80 schools, and the feedback from teachers and students has been fantastic.

We recently held a successful industry roundtable at the Stone&Chalk fintech start-up hub in Sydney. Thanks to IBM, BT, Hunter Water, NIB, Fujitsu, NEC, Cisco, Ausgrid, and AustCyber for your valuable contributions. I look forward to extending our engagement with you and your industries.

Our R&D program continues to evolve, and our second round of grants will commence shortly. We are launching a cyber vouchers program for small and medium sized businesses on Friday April 5. If you would like to be there on the day, please register and come along!

Todd Williams, FAICD
Director, NSW Cyber Security Network.

NSWCSN launches grants for small business cyber R&D

The NSWCSN has commenced work on its second round of R&D grants for universities undertaking collaborative cyber security research.

Please come to a launch event on Friday 5th April to find out more.

NSWCSN hosts industry roundtable

On February 21, NSWCSN held an industry roundtable to bring together senior industry partners to discuss the best ways we can work together to build the NSW cyber talent pipeline and support innovation in the state.

It was great to see companies gathered together and sharing their thoughts and experiences in a collaborative way. The Network looks forward to working more closely with our partners to help build a flourishing cyber economy in NSW.

The Network thanks AustCyber, HPE, IBM, Fujitsu, Ausgrid, Cisco, BT Australasia, Hunter Water, NEC and NIB for their contributions.

Cyber workforce development - spotlight on schools

NSWCSN Workforce Development Manager Sarah Box has been busy responding to requests from NSW high schools for teaching infrastructure to help them deliver digital curricula. So far, 40 schools have been brought into the program!

The TAS faculty at Belmont High School received a class kit of Micro:Bit GO kits. Chester Hill High School now has LEGO Mindstorm products and Willoughby Girls' High received a Power Anchor and Fort Street High multi-chargers and sensors.

The variety of teaching supports that teachers can request is one of the things that makes the NSWCSN schools program unique.

High Schools at Chester Hill, Belmont, Swansea, Fort Street and Willoughby are among the recipients of NSWCSN-provided infrastructure to support teachers delivering STEM and cyber subjects. Read more

Blacktown Boys' High Year 11 student joins NSWCSN as a Cyber Ambassador

Ishaan Sharma, a year 11 student at Blacktown Boys' High, is the latest NSWCSN cyber ambassador. Ishaan has a longstanding interest in computer programming and is experienced in three programming languages.

He has made many computer games and built web pages. Ishaan will take part in raising awareness of the cyber security among younger students at his school and beyond. NSWCSN is proud to welcome Ishaan to its team of cyber ambassadors. Read more

International Women's Day - Cyber Ambassador Alana Maurushat encourages women and girls to consider cyber careers.

Earlier this month we celebrated International Women's Day. It was a good time to think about how far we have come and how far we have to go to encourage more women to the field of cyber security.

We need careers in cyber security to be visible, appealing and well remunerated for women, but most of all we need to publicly celebrate women's success in cyber security and actively encourage and champion the next generation of thinkers.

Cyber security is a fresh industry. It is poised to require 11 million people by 2026 to fill the jobs that are coming, globally.

We asked NSWCSN Cyber Ambassador, Professor Alana Maurushat, Chair of Cybersecurity and Behaviour at the University of Western Sydney, for her top tips for women and girls considering careers in this broadening field.

UTS brings know-how to Industrial Internet 4.0 summit

Ren Ping Liu, the Director of the Cybersecurity Lab at UTS, presented on 'cyber threats and solutions' at the Industrial Internet 4.0 Summit held at UTS on 26-28 February, 2019.

Professor Liu presented case studies of cyber attacks on industrial control systems, identifying system vulnerabilities. Cyber security management strategies and cyber defence technologies were also discussed. Read more

Ask the Expert - Anti-encryption Legislation

In our regular 'Ask the Expert' section, we ask Dali Kafaar, Scientific Director, Optus Macquarie Cyber Security Hub and Professor, Department of Computing to unpack the controversial encryption-cracking bill that was passed by the Federal Parliament in December last year.

What is the legislation?

In December, Australia's parliament passed tough anti-encryption legislation. It aims to compel tech companies, such as Facebook and Google, to provide Australian law enforcement agencies access to encrypted communications, which could potentially be used by terrorists and organised crime syndicates. The intention is to protect Australia by giving new powers to police and intelligence agencies to require companies to help them decrypt communications on online platforms using encrypted messaging, for instance WhatsApp.

What's all the fuss about?

The legislation has bi-partisan political support, but the tech industry has fiercely opposed it. This new law has, according to some observers, gone further than similar legislation in the UK by potentially allowing the government to compel a company to build 'backdoors' into their systems and devices to help authorities with investigations.

What are the key problems for industry?

Originally, the intention of these controls extended only to the telecommunciations industry, but now it involves the wider technology industry. Part of the resistance (from industry and privacy advocates) is it is not just the telecommunciations industry impacted, it is global technology providers. The potential to be compelled to enable access to data if you hold encryption keys, is a problem for some. They may not have the technical ability to do this. This may also create some serious security holes.

What is particularly problematic about backdoors?

A compulsory order requiring a tech company to explicitly build a capability to do something about the access to the data - build a backdoor - has created the most debate and controversy. The idea is that the tech company, service provider, has to do something in the network about the way it stores data, or in the way it builds apps.

Technically, this is not as easy as it sounds. Sometimes it is even not possible to build backdoors. For instance, in messaging services, the two end points of the communication channel have the encryption keys and establish a channel to communicate securely. No one, in theory, can decrypt the message. That is a property of end to end encryption.

Building a backdoor in most of the cases here would mean implementing a form of attack that would break the encryption channel, if companies want to retain the level of security of the apps installed at the user level.

Again we should really understand that this law has been proposed under the big hat of national security and counter terrorism. But it is not an easy thing to enforce companies to do something they may not understand, technically.

There is perhaps a mismatch between demand and capability. In addition, sometimes the demand would represent a violation of some of the security requirements that tech companies have been trying to design and implement over the years to preserve their customers data. Creating a backdoor, from a security perspective, is creating a hole that can be exploited in many different ways. Creating a backdoor is creating a potential vulnerability that can be exploited by cyber criminals globally.

Trust

First, we need to understand all the good things this legislation can do. There are benefits - security, privacy - and they have to be carefully balanced in the way we would enforce a law like this.

Everything relates back to the notion of trust. If we are happy with something like guaranteeing national security, we need a discussion on who in the future will use it and implement the law. Who will be trusted to build backdoors? Are we going to trust technical departments of tech companies to build their own, are we going for something to be developed by government? IT is complex. The law is to some extent overlooking that complexity.

Book a fireside chat with an AustCyber Allstar

AustCyber has announced the AustCyber AllStars program, which features experts from a range of disciplines in Australia and the rest of the world sharing their knowledge and providing advice to help expand Australia's cyber security sector. To kick off the AustCyber AllStars program, AustCyber hosted a Fireside chat in Sydney and will now move onto events in Canberra and Perth. The chats feature AustCyber CEO Michelle Price and Managing Partner at Amadeus Capital Partners, Alex van Someren. Read more

NSW Chief Scientist Engineer launches $5M physical sciences fund

The NSW Chief Scientist Engineer has announced the launch of a NSW Physical Sciences Fund (PSF).

The PSF aims to capture potential commercial applications of NSW research across all branches of physical science such as sensor or materials technologies, with the aim to attract a broad spectrum of disciplines and provide support through the product life-cycle.

The PSF is for individuals, companies, research institutes and universities developing physical science devices and systems, and will support bringing these technologies to market. In the 2019-20 financial year the Physical Sciences Fund has $5 million available. Read more

India Exchange opportunity for cyber start-ups

In collaboration with the NSW Department of Industry, the Optus Macquarie Cyber Security Hub is launching the NSW-India Cyber Security exchange, taking ten cyber security start-ups from New South Wales to key destinations across India in September 2019.

The program aims to identify 10 start-ups from NSW which offer products or services that have applications in cyber security.

They will be invited to participate in a mentoring and networking program in India during September 2019, where they will meet with local entrepreneurs, potential clients and investors. Read more

ACA launches Cyber Security Challenges

The Australian Computing Academy (ACA) has launched the Schools Cyber Security Challenges, a $1.35 million national program which will see cyber security taught to Years 7-10 students for the first time in Australia.

The program was officially launched by the Hon Karen Andrew MP, Minister for Industry, Science and Technology on February 20, 2019. The program is a collaborative effort involving the ACA, AustCyber (Australian Cyber Security Growth Network), ANZ, Commonwealth Bank (CBA), National Australia Bank (NAB), Westpac and BT (British Telecom).

Read more

In the News

Here is a selection of cyber security news stories from recent weeks. Included below is a link to AustCyber's collation of key news and events in the sector - a fabulous resource for anyone in the Australian cyber security industry.

• AustCyber news
• Huawei confirms it will sue US Government - AFR
• NSA makes Ghidra open source - Wired
• Expert views on cyber attack on Parliament - ABC
• AEC in contact with security agencies to protect Federal election - SMH
• Seven ways the Government can make Australians safer without compromising online privacy - The Conversation

Member Universities

• Macquarie University
• University of New South Wales
• University of Newcastle
• University of Sydney
• University of Technology Sydney
• University of Wollongong
• Western Sydney University