Security will prove key differentiator for 5G: Palo Alto Networks

guest column marker

By Sean Duca, VP and regional CIOr, Asia Pacific and Japan, Palo Alto Networks

Consumers and businesses are set to benefit enormously from the exponential network improvements promised by 5G.

More than just an incremental upgrade, 5G will create opportunities for the most exciting science fiction inventions to become science facts. It will lead to a level of connectedness and interconnectedness that hasn’t been seen before as data is shared between devices and applications at speeds even faster than the human brain.

However, consumers and businesses won’t be the only parties benefiting from these improvements. Cybercriminals will be able to take advantage of 5G to mount even more sophisticated attacks, gain better economies of scale, and target more attack vectors. Therefore, it’s essential for any person or business considering moving to 5G be aware of security upfront, according to Palo Alto Networks.

With 5G applications, a cyberattack can go beyond locking up data or compromising business operations. For example, cybercriminals could cause car accidents as autonomous vehicles become ubiquitous, or loss of life by hacking surgical robots or connected lifesaving devices; and these are just two of literally millions of examples of society’s potential reliance on 5G-enabled devices and applications.

Security will absolutely be the key differentiator for 5G; without security baked in as part of the fabric, 5G applications will be risky. It’s also imperative to take stock of where security is at today because threats aren’t waiting for 5G.

Palo Alto Networks recommends a three-pronged approach to improve security in preparation for 5G:

1. Government: address systemic issues present in today’s mobile networks

There are currently security issues in mobile networks that create risks for all users. Therefore, the government needs to step up to do more to regulate telecommunications providers to ensure they’re doing everything they can to keep the network secure.

If there are challenges that remain unaddressed in today’s networks, they are only going to get worse when 5G arrives. To successfully deliver on the promise of 5G, security is absolutely fundamental and must underpin everything. Government-mandated security can help.

2. Telecommunication providers: provide value-added security services to customers

Currently, telcos provide data and carriage with no responsibility for security. This means they’re missing an obvious opportunity to differentiate their offering with a value-added security service.

When passengers go to the airport, they know every single bag will be inspected before it gets on the plane. The same should be true of network traffic. Telcos should be inspecting all of the traffic that passes through their networks and blocking traffic where appropriate. This should be a point of differentiation for telcos moving to offer 5G services.

3. Customers: demand secure offerings to enable innovative applications

When businesses are looking to provide next-generation services like autonomous cars or robotic surgery, they need to demand that their telco provides a secure network for these applications. Customer demand is a powerful way to compel providers to improve security.

Telcos can dedicate a piece of their network to specific customers who demand it, such as those who want to provide a service like autonomous cars, and ensure strong security across that slice of the network. With the potential for innovation that 5G offers, now is the time for telcos to prove that they can play a key role in providing the essential underpinning security required for these applications to work.

Security will be a fundamental enabler for 5G, with 90 per cent of mobile service providers identifying security as a key differentiator according to an Ericsson survey. (1)

Therefore, before embracing 5G, organisations should look to service providers to provide a resilient network with robust security mechanisms in place. They should take a preventative approach, and establish application-layer visibility and consistent security across all 5G applications and devices.

On a macro level, it’s critical for government and industry to work together to identify ways to build security into 5G networks from the outset, and continue to identify and drive progress towards best practices.

References:
(1) “Exploring IoT Strategies,” Ericsson, April 2018, https://www.ericsson.com/en/internet-of-things/trending/exploring-iot-strategies

AustCyber unveils Canberra Cyber Security Innovation Node

AustCyber has cut the ribbon on its Canberra Cyber Security Innovation Node, with the Federal Minister for Industry, Science and Technology, the Hon Karen Andrews MP, and ACT Minister for Advanced Technology and Space Industries, Mick Gentleman MLA, jointly launching the centre.

The Canberra Node is a part of AustCyber’s National Network of Nodes, which fosters and accelerates cyber capability development, innovation and commercialisation across Australia.

According to AustCyber, global spending on cyber security products and services is expected to rise by 88 per cent over the next eight years, from about US$131 billion today, to almost US$250 billion in 2026. “The Canberra Node – a partnership between the ACT Government and AustCyber – is accelerating the growth of the ACT’s cyber security sector, aligned with AustCyber’s national mission,” said Michelle Price, CEO of AustCyber.

“AustCyber helps showcase local capability development and increases the benefits and reduces the costs of collaboration. We create new economic and innovation growth pathways, enabling growth in the cyber security industry across Australia.”

Linda Cavanagh, Canberra Cyber Security Innovation Node Manager, billed ACT Government’s partnership with AustCyber as a key step in progressing the cyber security industry in the ACT. “The Node is growing and creating jobs while strengthening Canberra’s knowledge economy – particularly around cyber security in the space, defence and education sectors,” she said.

“The establishment of the Canberra Node is also an acknowledgement by ACT Government that to support cyber security innovation and growth, it needs to do business differently. The Canberra Node can test and challenge more readily, has more flexibility in developing capability, but more importantly, it can harness opportunities and partner with stakeholders to deliver results quickly. It leverages AustCyber’s brand and expertise from across AustCyber’s National Network of Nodes to help ACT-based cyber companies grow nationally and internationally.

“The Canberra narrative is changing on many levels and the cyber security sector has had an impact on this. The work of the Canberra Node has supported the growth, education and export of the Canberra region cyber security industry.”

AustsCyber said the Canberra Node had already undertaken activities with companies including archTIS, Cogito Group, Penten and Quintessence Labs. It also has helped bring together the Australian National University and the Canberra Institute of Technology (CIT) to collaborate with industry and promote research and deliver the requisite education and training services, it added.

Zscaler,CrowdStrike to offer joint customers seamless cloud and endpoint protection

San Jose based cloud security firm Zscaler has teamed with cloud-delivered endpoint protection specialist CrowdStrike to provide customers with real-time threat detection and automated policy enforcement that improves security across their networks and endpoints.

As part of the collaboration, CrowdStrike’s artificial intelligence powered Threat Graph will integrate with Zscaler’s cloud security platform. “In a cloud and mobile-first world, companies must contend with a growing number of devices within the organisation, as well as employees’ desire for fast and simple access to internal and external applications, all of which puts pressure on IT departments to provide secure employee access,“ said Punit Minocha, SVP of Business Development, Zscaler.

“Zscaler’s robust platform with artificial intelligence and machine learning capability, combined with CrowdStrike’s endpoint telemetry, will provide our customers a significantly improved security posture and automated remediation across their organizations,” Minocha added.

Zscaler said the partnership will enable joint customers to secure their organisations through rich conditional access, which prevents infected or non-compliant devices from obtaining corporate resources until appropriate remediation has taken place.

“The integration will also provide customers with automated one-click access to CrowdStrike’s endpoint telemetry, SSL inspection on the endpoint, always-on threat protection with real-time intelligence, and visibility into endpoints with zero-day indicators of compromise (IOCs) identified by Zscaler,” it said.

“We are excited to partner with Zscaler, another recognised market leader, to provide our joint customers a cloud-native integration that seamlessly secures workloads and utilises the power of CrowdStrike’s scalable telemetry,” said

“In today’s threat environment, visibility and speed are the difference between whether you or the adversary win,” said Matthew Polly, vice president of Worldwide Business Development, Channels at CrowdStrike.

According to Zscaler, the integration will offer mutual customers:

SSL inspection, data processing, and decision-making on the endpoint
Always-on zero-day and ransomware protection with real-time, actionable threat intelligence and automated remediation on- and off-network
Seamless protection with automated one-click usage of CrowdStrike’s endpoint telemetry
Complete visibility into endpoints exposed to files identified by Zscaler as malicious
Intelligent posture check between Zscaler App and the CrowdStrike agent that provides application access aligned with business policy

Australian tech, telco players hail Gov’t 2020 Cyber Security Strategy

The Australian Federal Government’s new 2020 Cyber Security Strategy has been broadly welcomed by key technology and telecoms companies, with Macquarie Telecom saying the discussion paper released by Minister Peter Dutton and the Department of Home Affairs highlighted both the ever-changing cyber threats faced by individuals and businesses, and the growing impact of technology and cybersecurity on the drivers of the national economy.

Macquarie Government MD Aidan Tudehope listen as specific critical areas to address Australian sovereign capabilities and skills in cybersecurity and IT generally, saying “these can help us hold our ground and ultimately win the war on cybercrime.”

“These skills can’t be offshored, particularly when state actors play an ever-increasing role in cybercrime,” he added. “Global GDP is already heavily dependent on the digital economy and this will only increase; we need the right sovereign capabilities to futureproof Australia’s global position, particularly in today’s uncertain economic times. The Government should call out the importance of building these skills in the 2020 Cyber Security Strategy.”

“It is crucial that Government, at all levels, are exemplars in how they bake in cyber security to everything they do,” Tudehope said. “Innovation without the strongest cyber security underpinnings are a train crash waiting to happen. Government needs to know where citizen data resides and whether 24×7 global support models mean unknown individuals have privileged access to government systems.”

Minister for Home Affairs Peter Dutton said the new strategy will be developed in close collaboration with industry, research partners and community groups. “Strong collaboration and partnerships are vital to ensure this strategy is well positioned to tackle the cyber security challenges we face as a nation,” he said. “In the coming weeks I will also appoint a panel of cyber security experts to guide development and implementation of the strategy.”

The new strategy will build on the foundations of the 2016 Cyber Security Strategy. “The Government’s 2016 Cyber Security Strategy has strengthened Australia’s national cyber security footing, deepened our engagement with industry, and positioned Australia as a prominent regional leader in cyber security,” Dutton said.

Kevin Vanhaelen, Asia-Pacific regional director at cybersecurity specialist Vectra, for his part, tipped the release of the consultation paper as an important step in protecting Australia from foreign threats.

Noting that the discussion paper, which flags the increasing threats from foreign states, pinpointed Australia’s energy, telecommunications and transport sectors as particularly uleralbe to cyber attacks, Vanhaelen said state-sponsored attackers were naturally drawn to critical infrastructure and services.

“At one time, manufacturing, transportation, utilities, energy and other critical infrastructure were thought to be impervious to cyberattacks because the computers used to operate them did not access the internet and were separate from the corporate network,” he said.

“This is no longer true,” Vanhaelen said, emphasising the increasing risk of nation-state threats, espionage and internal exposure due to an all-pervasive interconnectivity.

“Nation states are well resourced, innovative and highly motivated, and organisations have limited time, finite human and technical resources and capabilities with which to protect their rapidly expanding attack surface. Nation states, or their sponsored proxies, have broad motivations, and expecting the unexpected is a difficult task,” he added.

“All organisations therefore need to realise that breaches are a case of ‘when not if’ and so equip themselves to identify and respond to attacks to remediate them in their early stages before catastrophic damage is done,” Vanhaelen said.

Huawei Australia CTO: Australia to sleepwalk into world of 5G, 6G cyber-security pain

Huawei Australia Chief Technology and Cyber Security Officer David Soldani has warned that Australia risks facing serious issues with the rollout of 5G and future 6G technology unless new policies are brought in to tackle concerns around cyber-security.

“The current approach being taken towards cyber-security on 5G mobile networks solves absolutely nothing – and that will be exposed further in 6G,” he told the Emerging Innovation Summit in Melbourne

“Blocking companies from certain countries does nothing to make Australia any safer from cyber-security issues – in fact it just makes things worse because they are not addressing the real issues on cyber-security,” Soldani added, noting that although future 6G networks could deliver huge potential for new applications and services, this would also involve extra risks.

“The way that future 6G networks are designed means that the attack surface is larger for potential attacks as the traditional network boundaries and security control zone become ever wider,” he continued. ““In addition, with the converge of management and control plane, AI will poses a significant impact on network security, as it might be exploited to launch more effective attacks, and in some scenarios, the security of AI systems is a matter of life and death.”

Soldani said that unlike security vulnerabilities in traditional systems, the root cause of security weaknesses in machine learning systems centers on the lack of “explicability, which leaves openings that can be exploited by adversarial machine learning methods such as evasion, poisoning, and backdoor attacks.”

“Attackers may also implant backdoors in models and launch targeted attacks or extract model parameters or training data from query results,” he said.

Soldani called on policymakers to take note of a recent statement by the ‘Five Eyes’ countries of the US, UK, Canada, New Zealand and Australia, calling for a new way to deal with cyber-security.

“The communique from the Five Eyes was absolutely clear that countries need to ensure entire supply chains are trusted and reliable to protect our networks from unauthorized access or interference,” he said. “This means there is absolutely no point in simply banning companies from certain countries.

Soldani said this, in fact, made Australia less secure “because it means we have to then increase our reliance on just one or two other vendors – neither of whom are having their equipment tested.”

Soldani also pointed out that the Five Eyes communique had stressed the need for the introduction of an evidence-based risk assessment to underpin the implementation of agreed-upon principles for setting international standards for securing cyber networks.

“Unless Australia changes it approach and adopts a standards and certification led approach to security then it will simply sleepwalk into a world of cyber-security problems in both 5G and 6G for which it is totally unprepared,” he said.

Ping Identity names Ashley Diffey as ANZ, Japan country manager

Denver-based identity-defined security specialist Ping Identity has appointed Ashley Diffey as Country Manager for Australia, New Zealand and Japan, with a brief to continue driving increasing demand for the firm’s offerings in the region.

Based in Melbourne, Diffey will be responsible for sales, customer support and services.

Diffey joined Ping in late 2018 as APAC Channel and Alliances Manager, and over the past nine months has managed the channel partner ecosystem within the region. His focus is on supporting the organisation’s go-to-market strategies and sales.

With two decades of sales and channel leadership experience, Diffey’s previous roles included a stint at Venn Solutions as general manager for Victoria, F5 Networks, where he managed the company’s partner relationship with Telstra and oversaw the organisation’s southern regional channel.

In addition, he served as director for channel sales Australia and New Zealand, and southern region channel sales manager at Commvault.

Ping Identity works with a range of partners across ANZ and Japan, such as Versent, NTT, Baidam Solutions, Fronde, Unify Solutions and Dimension Data. Local customers include public and private sector organisations across vertical markets, such as the Bank of New Zealand, Mortgage Choice and Griffith University.

AustCyber flags weakness in Australian economy as lack of holistic cyber-resilience stance sees ‘train smash of a legislative landscape’

AustCyber, an independent not-for-profit cyber security growth network, has laid bare urgent vulnerabilities within the Australian economy due to politicians, bureaucrats, as well as industry and academia not taking a whole-of-economy approach to cyber-security and cyber resilience.

Speaking at a media round table on cyber security in Sydney, AustCyber CEO Michelle Price highlighted serious weaknesses around how to ensure the Australian economy is cyber-resilient, and “also then making sure that we can be globally competitive in what is a shrinking world.”

“[We] are not taking a holistic picture – in my view – of what all the inter-dependencies and intersections [in] all of this landscape.” Price warned, raising the question of significant impacts to the economic competitiveness.

“How much are we losing from the innovation side of things, and commercialisation opportunities, by having unknown and untold, unintended consequences, that are coming from what is a train smash of a legislative landscape?” she asked.

“We need to take a pause and understand the legislative, regulatory, standards and guidance environment that we have created for cyber-security, but also for the rest of the economy, knowing that cyber-security is the true horizontal; and recognise that, yes, we have made a few mistakes,” Price added, while acknowledging there had also been some notable wins.

“But let’s evolve it because we actually can’t continue the way it is now,” she urged, however. “Right now what we are facing is a whole series of legislation, regulation, standards, and guidance, that is causing extreme confusion across the economy. “

“It does touch every single part of the economy and we’re not conceiving of legislation, regulation, standards and guidance with that in mind,” she added, emphasising that the way in which cyber-security actually plays out across the economy varies “from one moment to the next, from one incident to the next, [and] from one sub-sector and sector to the next, [from] one organisation at the low end of the scale to the high end.”

Price argued the pressing need to a strategic approach along with an understanding the job of the economy is to provide benefit to Australians. “Not to other countries, not to service free trade agreements. not to service alliances; but to actually service the Australian community,” she said.

“I’m not sure that we have that front of mind any more when we look at the confluence of all of this landscape, notwithstanding the fact that it doesn’t take account of whether or not we have a business that is a sole trader, right through to the largest employer of the country, which happens to be the Department of Defence, and everyone in between.”

“So we have an environment here that is highly complex, but we’ve created it,” Price said. “It’s all of us.”

Ultimately, the AustCyber chief executive said ‘”we’re in the game now, more than anything else, [of] one that does not have a perimeter. We’re also in a game where we have complex and dynamic supply and value chains in play. And this is all in the environment where we have people who don’t know how to trust each other anymore.”

Price said underpinning this shifting economic narrative was the ability, or otherwise, of stakeholders to choose to trust, adding “but do we actually know what the definition of trust is anymore?”