ASD ran two “cyber threat hunts” on Australian gov networks – Security


The Australian Signals Directorate ran two “cyber threat hunts” on government networks in the 12 months to June 30.



The figure is contained in the latest Commonwealth cyber security posture report, released with little fanfare late last week, and broadly overshadowed by the imminent release of the cyber security strategy.

The report contains its usual assessment of how well federal entities report cyber incidents to authorities, and their strengths and weaknesses in implementing security controls aligned to the Essential Eight.

But a key additional feature of this year’s report is some of the first public reporting of cyber security activity by the Australian Signals Directorate (ASD) under the $9.9 billion REDSPICE program, as well as the previous cyber enhanced situational awareness and response (CESAR) Plus program.

The reporting reveals two occasions where the ASD engaged in a “proactive” threat hunting operation on a government network.

“ASD proactively conducts cyber threat hunt operations on critical Australian networks to detect intrusions by sophisticated cyber actors,” the report states.

“This service is offered to high priority entities, including in support of events of national significance. 

“In the 2022–23 financial year, ASD conducted two hunt activities on priority government networks.”

The report also shows that the ASD has the capability to run long-term “active vulnerability assessments” on government networks, where it “simulates the presence of a sophisticated cyber adversary while remaining undetected.” 

“The outcome of the AVA activity allows customers to understand their vulnerabilities, and test their response to detecting unusual activity,” the report states.

It does not, however, put a number on any AVA activities that may have occurred during the 2022-23 financial year.

The reporting also covers ASD’s use of cyber hygiene improvement programs (CHIPs), which are meant to “bring an adversary’s perspective, at scale, to help organisations understand and minimise their attack surface.”

“CHIPs measures the cyber posture and hygiene of government internet-facing systems and assets, by scanning external indicators of cyber security vulnerabilities, [and] provides quarterly reports to government entities detailing their vulnerabilities,” the posture report states.

A variation of CHIPs is HOT CHIPs – high-priority operational tasking cyber hygiene improvement programs.

“HOT CHIPs conducts targeted scans in response to particular cyber security-related events. 

These scans build ASD’s visibility of particular cyber security vulnerabilities across the Australian economy and offer network owners highly targeted, timely and actionable threat intelligence,” the posture report states.

“In the 2022–23 financial year, ASD performed 103 HOT CHIPs scans.”

In the main part of the report, more government entities reached ‘Overall Maturity Level 2’ across the Essential Eight mitigation strategies, growing from 19 percent to 25 percent year-on-year.

The posture report notes this is a positive result, particularly as maturity was harder to achieve, since some requirements around patching were beefed up.

It also found 78 percent of entities are training their workforces in cyber skills annually, compared to 68 percent a year ago.

One potential cause for concern was a reduction in the number of entities reporting “at least half of the cyber security incidents observed on their networks to ASD”.

While this is “potentially diminishing ASD’s visibility of the cyber security threat environment”, the posture report adds that many incidents may be “low-impact” and do not meet reporting thresholds, though it could not determine this with any certainty.



Source link