Turning the cybersecurity spotlight on the Pacific

| October 21, 2018

A digital tsunami is engulfing the Pacific. Undersea cables are gradually bringing high-speed internet connections, with all its thrills and risks, to remote island nations.

Although the internet is not new to the Pacific, higher connection speeds are changing what’s possible. “People leapfrog from having no computers at home to having mobile phones and being connected to everything,” says Carsten Rudolph, from Monash University’s Faculty of Information Technology. They “suddenly switch from being a cash-based society to electronic money transfer, transfer from mobile to mobile and all those kinds of developments in a very short time”, he says.

Dr Rudolph is also director of the Oceania Cyber Security Centre (OCSC), a collaboration of eight Victorian universities that was founded last year. The Docklands-based OCSC works with Oxford University’s Global Cyber Security Capacity Centre to assess the cybersecurity of the islands at a national level – an exercise that involves travelling to the islands and discussing security issues face to face.

Tonga and Samoa have already been assessed, with 13 more countries due for a cybersecurity health check over the next two years. The OCSC is also collaborating with the UN’s International Telecommunication Union in the Pacific, where computer incidence response teams are set up to educate populations, support companies or government departments and help establish cybersecurity controls.

Australia’s efforts aren’t purely altruistic. “There are no boundaries on the internet, so these countries can be used by attackers as an entry point to attack Australia,” Dr Rudolph says. “If they find, for example, a server in some country which has a good connection with undersea cables but is not well-protected, they could mount attacks from that server to Australia.” Identifying the perpetrator is difficult in these circumstances, as Australia has already found.

The Pacific islands also hold strategic interest for China and the US. Cybersecurity is only one part of the digital development of the Pacific, where Australia is promoting “an open idea of the internet, so that all countries can communicate”, Dr Rudolph says. Chinese technology can achieve the same ends, Dr Rudolph points out; internet restrictions within China aren’t imposed on other countries.

In Melbourne, the OCSC is facilitating research collaboration between the eight Victorian universities it represents. “Of course there is competition between universities as well, but we’ve found that our skills and knowledge and research are actually quite complementary,” he says. “Also, cybersecurity is a topic where competition is probably not the right way to go. It affects everyone, and we need to develop solutions that work for everyone.”

Eight ‘proof of concept’ projects are being funded by the OCSC – these take university research from the past three to 10 years and push them towards “demonstration, implementation”. All involve collaboration between two or more universities. Research topics at OCSC include security management for smart grids, applying advanced cryptography to secure databases (“so that if they’re stolen in a big breach, you can’t really do anything with it; it stays encrypted all the time”), cryptocurrencies and blockchain-based applications.

The OCSC also hopes to facilitate collaboration between the universities and industry. As a rule, industry moves faster than academic research, Dr Rudolph says. Sometimes this means money is invested in commercial applications that “are not based on a very rigorous foundation”.

“Sometimes it takes five or 10 years for research to be developed that is really practical. We’re working on cryptographic algorithms now that might be relevant in 10 years, maybe.”

“Sometimes it takes five or 10 years for research to be developed that is really practical. We’re working on cryptographic algorithms now that might be relevant in 10 years, maybe.”

At the same time, he believes that “the expertise that we have at the universities is actually necessary to create more secure solutions” in the real world. These solutions need to be incorporated “at the drawing board” stage, he says, predicting that collaboration with industry “will become more important in the future”.

Inevitably, cybersecurity also affects each individual with a mobile phone or computer. Dr Rudolph hopes the OCSC will contribute to the important conversations we need to have on data and privacy. “Every few days we read of huge breaches – another 21 million, another 15 million of data records have been accessed and stolen,” he says.

What can the individual do to protect their privacy? It’s difficult, at this stage, for most people to stop using Google, or GPS, or email. We’re too embedded in the digital world to turn back. Dr Rudolph recently attended the World Law Forum Conference on Privacy, Technology and Cyber Security in Melbourne that asked: “Do we need a different idea of what our society needs to look like?” In future, should we assume that the multitude of private data about our lives that is stored on servers “is not private any more”?

“How can our society deal with this?” he asks. “Do we need to change the way we think about this kind of data? Or is it not too late, and can we bring it back and keep it private?”

“There are no boundaries on the internet, so these countries can be used by attackers as an entry point to attack Australia.”

Pop-up windows, or emails that ask us to sign a privacy waiver, don’t tackle the core issue: that companies profit from the data they collect from us.

“Do we actually have any way of finding out who owns our data?” he asks. “Or what is actually done with that data? At the moment we work, and companies pay us for our work. Maybe in the future we could get paid for our data.”

He’d like the Oceania Cyber Security Centre to play a role in “bringing people together to discuss these things. It might in the future help to actually build policy or create some understanding of what society should look like.”

Some academics are examining these issues now, but the discussion needs to be more broadly based across the faculties, Dr Rudolph argues, and across society as well. In the IT departments, researchers need to grapple more with the philosophical questions, while lawyers and philosophers would benefit from a more technical understanding of data and security.

This article was first published on Monash Lens. Read the original article