ANZ and the Commonwealth Bank of Australia have used a public consultation on updating the government’s national cyber security strategy to push for better threat intelligence sharing both between major enterprises and the public and private sectors.
The government in September begun soliciting input on an updated strategy, including asking whether Canberra should play a greater role in helping protect the private sector from threats. The national cyber security strategy was originally launched in 2016 and a year later received an update. The government’s 2019 consultation paper foreshadows a much more significant refresh of the strategy in 2020.
Late last week the Department of Home Affairs released more than 200 submissions it had received as part of the consultation, with contributions from ANZ and CBA among them.
ANZ’s was attributed to Lynwen Connick, group CISO for ANZ, who helped author the original government strategy before she left the public sector in 2017 for a role at the bank. ANZ has made eight top-line recommendations for the government’s updated strategy, including calling for improved real-time sharing of threat intelligence.
ANZ argued that although there have been “some improvements” in the sharing of threat intelligence, there is an opportunity to do a lot better. The bank said that it receives far more information from the International Financial Services Information Sharing and Analysis Centre than from any Australian intelligence-sharing arrangements.
Current threat intel exchanges within the private sector are generally “ad hoc and largely based on trusted relationships,” the ANZ submission states, arguing there is an opportunity for the government to help facilitate the exchange of information on cyber security threats between and within industry sectors. That could take the form of a secure threat intelligence sharing platform, ANZ said.
Earlier this year the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) began hunting for a software platform that could help it exchange threat intelligence with its partners.
CBA indicated it also sees the need for better threat intelligence sharing. The bank called for an environment that encourages organisations to share details of both compromises and near-misses “without undue fear of criticism and scrutiny”.
CBA said it would support greater resourcing of the ACSC to help the centre distribute actionable intelligence based on those incidents where it takes action to address a security threat. The bank said there was also an appetite for “more declassified intelligence that is timely, actionable and relevant to their organisations.”
That could include both tactical and strategic intelligence, the bank said. CBA pointed to the example of the ACSC’s UK counterpart, the National Cyber Security Centre. In 2019 the NCSC launched the IOC (Indicators of Compromise) Machine.
“The processes to determine whether information can be shared was previously done through a labour-intensive, manual process between various NCSC teams,” the NCSC’s 2019 annual review explains.
“The IOC Machine, which sits in GCHQ’s headquarters in Cheltenham, performs those thousands of checks in a matter of seconds. What would have previously distracted skilled analysts for a number of hours is now done within moments.”
The ultimate decision is made by an analyst, but the process of reaching a decision has been significantly sped up, the report states. On average, more than 1000 indicators are now being shared every month by the NCSC.
The Commonwealth Bank argued that the ACSC could act as a hub for intelligence exchange across industry, citing the example of the US Information Sharing and Analysis Centers.
“We believe Australian organisations would benefit from the ACSC playing an active role as a central repository for the collection and dissemination of cyber threat intelligence sourced from trusted industry partners.”
Home Affairs has posted copies of public submissions on its website.