The University of New South Wales will partner with Commonwealth Bank of Australia to create a new cyber engineering lab it says will help reduce an alarming shortfall of in-demand cyber security graduates in Australia.
UNSW computer security, cyber crime and cyber terror associate professor Richard Buckland said Australia only has one 10th of the cyber security graduates it needs to sufficiently protect itself from the growing number of digital threats.
The severity of the growing cyber threat was again brought home over the weekend when popular websites such as Netflix, Reddit and Twitter ground to a halt after a Distributed Denial of Service (DDoS) attack hit Dyn, a US company that helps people connect to websites by translating URLs into numerical IP addresses.
“The big problem Australia faces is it’s not just a technical problem, there is a drought of people who can do this stuff,” Professor Buckland said.
“Hopefully UNSW will be graduating hundreds of new cyber graduates every year … but that isn’t enough. My dream is that we will produce resources that other universities can use and that people will use to improve cyber security education beyond just our own students.”
The weekend DDoS involved Dyn company being flooded with a huge amount of internet traffic in an attempt to take its service offline, hundreds of millions of internet-connected devices such as cameras and DVD players were infected with the malware known as Mirai and directed to overload Dyn with requests, taking down its servers.
Locally major news websites, banks such as NAB, ANZ and Westpac and retailers Coles and Woolworths also suffered significant lags on their websites, but the impact was far less pronounced than in the US.
Professor Buckland said these sorts of attacks would continue to increase.
“It’s just exposing vulnerabilities that have been known about for two decades now,” he said.
“DDOS attacks can facilitate other attacks, this could just be the first step … someone might have had a specific agenda and used this to disguise it.”
While it’s yet to be determined who perpetrated the attack, Julian Assange supporters have hinted at their involvement.
WikiLeaks tweeted on Saturday morning, urging its supporters to stop the attacks: “Mr Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point.”
Responding to the attack, Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, said the country needed to be “constantly vigilant” as online threats evolved, and said information sharing was critical to this.
“Government, business and individuals are facing the same threats, and often the same adversaries, so sharing knowledge about threats and how to combat them will help strengthen everyone’s cyber security,” he said.
“Last week the Government began working with leaders from business and the cyber security sector to design the Joint Cyber Security Centres … [They] will be centralised information sharing centres that provide up-to-date information about the nature and number of cyber threats.”
The government’s first pilot centre will be based in Brisbane. It is also implementing cyber security “health checks” for ASX 100 companies, and a range of other initiatives under the Coalition’s cyber security strategy.
Lack of graduates
Mr Buckland said Australia’s lack of cyber security graduates left the country exposed to attacks, but no more so than other nations.
“Every country is facing this, even the US,” he said, adding that he thinks Australia will be able to fill the skills gap in time.
“We have all of this awareness now, but there will be a big lag and it will be interesting to see how we weather the lag.”
The new UNSW lab, which opened to students on Monday, is part of a $1.6 million partnership with CBA that also involves overhauling its cyber security curriculum, which will be available to study via massive open online courses (MOOC.)
CBA will also sponsor PhD research for security engineering graduates and provide funding for the recruitment of world-class lecturers. Its partnership also includes up to four CBA security engineering fellowships for graduates.