Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Patch-crazy Aust Govt fought off EVERY hacker since 2013

Breached, but nothing exfiltrated, chuffs spy chief

Australian Signals Directorate deputy director Steve Day says hackers have failed to extract any sensitive information from Federal Government agencies for the last two years despite successfully breaching several networks.

Day chalks it up to agencies following the lauded "Top 4 security controls" developed by ASD bod Steve McLeod and colleagues.

The "Top 4" are application whitelisting, patching applications regularly, patching operating systems regularly, and minimising admin privileges.

Speaking in Sydney today Day says federal agencies have the security controls to thank for preventing the data theft.

"[Every breach] would have been prevented had the top four strategies been implemented," Day says.

"There were no compromises of Australia Government agencies between mid-2013 to mid-2015."

Day says hackers failed to steal data thanks to the education regime behind the top four control push coupled with regular audits of Federal Government agencies forced to implement the controls.

The contributing factors include unspecified "actions against our adversaries" Day says, probably hinting at the efforts of the ASD offensive red teams who are tasked with hacking networks for Australia's national interest.

"It's something we could speak about at another time or place", he says.

Day points to a chart illustrating the number of network intrusions into Federal Government agencies since 2009. Prior to that date the agency lacked insight into government agency breaches. "We had some pretty bad years", Day says.

Attacks against government agencies decline thanks to the top four controls.

The Major General says the breach data could change if new intelligence is received, but adds he is confident of the results.

He says the time it took ASD to discover breaches has fallen from about nine months "a few years ago" to a matter of weeks.

Day also announced that the Federal Government's Cyber Security Center set up in the agency's new facility will house representatives from seven telecommunications organisations to develop information sharing mechanisms, although he acknowledges the wheels in Canberra turn slowly and did not put a deadline on the effort.

He says he would envision for the future that the cyber centre have 'footprints' each capital city to build face-to-face industry relationships. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like