2015 SRI Security Congress
IoT - Internet of Threats
The tipping point from reliance to catastrophic dependency
30 November - 2 December 2015
Perth, Western Australia
Mr David Irvine
Former Director-General of Security - Australian Secret Intelligence Organisation (ASIO)
Former Director-General - Australian Secret Intelligence Service (ASIS)
Chair, Australian Cyber Security Research Institute (ACSRI)
Burning under a cyber sun – it is everyone's responsibility to cover up
The explosion of the digital world, most particularly in the short history of the 21st century, has brought huge benefits to humankind; not just in the way we communicate and exchange ideas but in the very way we now manage our lives and achieve real human progress. Digital technology and its rambunctious offspring, the Internet, have penetrated almost every fibre of our existence. We apply digital technology to render our governance and social service systems more efficient, our economies more productive and our research and development speedier, better focused and more innovative in solving problems. Digital technology gives us life and it prolongs lives. It also gives us the ability to defend ourselves differently in military terms.
It is not just western developed countries that have benefited. The digital world has enabled smart under-developed countries to leap-frog decades of development into brand new industries and rapid social progress. It has accelerated the "democratisation of Information", bringing knowledge and ideas to the half of the world's population that is now connected to the Internet, and through them to most of the rest of the world.We are, however, rapidly discovering the Dark Side of the Cyber Moon – even as we continue to be dazzled by the brilliance of the Cyber Sun. The answer to these new vulnerabilities is not to turn off the Internet or restrict its operation – things have gone too far in too many beneficial directions even to contemplate such action – even if we could achieve it. Rather, the answer lies in recognising our vulnerabilities and employing the same creativity used to build the Internet to address and mitigate its malicious by-products.
Mr Irvine has 33 years of experience (since 1970) as a diplomat in the Australian Department of Foreign Affairs, with experience in the promotion of Australia's bilateral and regional political, economic and trade relationships with the countries of the Asia-Pacific region. His career includes high level diplomatic postings as High Commissioner to Papua New Guinea (1996-1999), Australian Ambassador to the People's Republic of China, Mongolia and the Democratic People's Republic of Korea (2000-2003). Mr Irvine's appointments also include being Director-General of the Australian Secret Intelligence Service (2003-2009) and more than 5 years as Director-General of Security, in charge of the Australian Security Intelligence Organisation (ASIO).
During the five years Prior to his appointment in Papua New Guinea, Mr Irvine held several senior management and policy positions in the Department of Foreign Affairs and Trade in Canberra, including management of Australia's relations with the major markets of South, North and East Asia, as well as Indochina.
In 2005, Mr Irvine was awarded an Officer of the General Division of the Order of Australia for services furthering Australian international interests.
Mr Irvine has also published two books entitled, Bisma, Warrior Priest of the Mahabharata (1990) and Leather Gods and Wooden Heroes (1996).
Professor Joseph Cannataci
Head, Department of Information & Policy, Faculty of Media & Knowledge Sciences, University of Malta
Chair of European Information Policy & Technology Law, Faculty Law, University of Groningen
Building bridges: Recent lessons learned in evidence based research involving law enforcement
For more than eight years the LexConverge network has steadily pursued a strategy of designing and submitting collaborative research projects largely in the fields of surveillance and with a special focus on the intersection of privacy and security. This has resulted in over forty million Euro of funding being attracted to some ten different projects covering a range of themes ranging from consent in on-line social networks (CONSENT), through surveillance (RESPECT), smart surveillance (SMART), speaker identification (SiiP), subcutaneous biometrics (INGRESS) to the use of smart apps in community policing (CITY CoP) and disaster recovery (CARISMAND). Each of these projects sought to contribute to the evidence base required for major new policy decisions including the development of a major new pan-European Law on surveillance.
This presentation will examines some key lessons learned in the major projects tackled between 2008-2015 including the iter to developing national and regional legal instruments covering the use of personal data by law enforcement agencies (LEAs). It also suggests that, in the post-Snowden era, the bridges to be built are no longer exclusively between law enforcement and academia but are now tripartite with the regular inclusions of Security & Intelligence Services (SIS).
Professor Cannataci will also discuss how this process within LexConverge was influenced by the development and principles of idMAPPING: an inter-disciplinary Methodology for the Analysis of Privacy, Personality, Identity, Networks & Governance. This is built around the science and possibly the art of bringing together a number of disciplines in order to better map out and dissect the privacy conundrum. These disciplines include but are not limited to: social anthropology, cultural anthropology, sociology, social psychology, cognitive science, history, information communication technologies science, legal theory, technology law and especially data protection law. idMAPPING borrows tools from each of these disciplines and more in its quest to map out what Privacy really is, where and when. The latter dimensions of place and time are fundamental to the way that the methodology is structured. Equally fundamental to the idMAPPING approach is the fact that, by design, Privacy is never investigated in isolation but as much as possible together with other characteristics such as personality and identity irrespective of whether the individual or the collective are interacting in physical networks or on-line networks.
Finally, the presentation will also briefly discuss what are the implications of these findings for placing police science in the wider context of security science.
Joe Cannataci studied law at the University of Malta and the University of Oslo. He later qualified in the UK as a Chartered Information Technology Professional and also holds Chartered Fellowship of the British Computer Society. He received a Doctor of Laws degree (LLD) from the University of Malta in 1986 with a thesis on privacy and data protection law published by the Norwegian University Press in 1987. Joe was T54 Project Director at the Norwegian Research Center for Computers and Law during 1986-1987 before he joined the Department of Public Law at the Faculty of Law of the University of Malta, where in 1988 he established the Law & IT Research Unit (LITRU). In 2006 he was appointed Professor of Law at the University of Central Lancashire (UCLAN) in the United Kingdom. Between 2006 and 2007 he was Head of Lancashire Law School and from 2007-to 2011 he was Director of the Centre for Law, Information & Converging Technologies at UCLAN. In 2011 he was appointed Head of the Department of Information Policy & Governance at the Faculty of Media & Knowledge Sciences of the University of Malta and also Chair of European Information Policy & Technology Law within the Faculty of Law at the University of Groningen. He is addiitonally Adjunct Professor at the ECU Security Research Institute at Edith Cowan University Australia. On 03 July 2015 Joe was appointed the UN's first Special Rapporteur on Privacy.
In 2010 Joe was External Consultant for the Impact Assessment of policy options for data protection law in Europe contracted by the European Commission to GHK International. During 2010, he was also Expert Consultant engaged by Council of Europe's Consultative Committee (T-PD) and Directorate for Legal Affairs and Human Rights to review provisions of the European Data Protection Convention and Recommendation (R(87)15 on police use of personal data.
He has written books and articles on data protection law, liability for expert systems, legal aspects of medical informatics, copyright in computer software and co-authored various papers and textbook chapters on self-regulation and the Internet, the EU Constitution and data protection, on-line dispute resolution, data retention and police data. His latest book, The Individual and Privacy was published by Ashgate in the UK in March 2015.
Joe is a member of the International Advisory Board of the International Review of Law, Computers & Technology, the Editorial Board of the Masaryk University Journal of Law and Technology and the Comitato Scientifico della "Rivista di Diritto, Economia e Gestione delle Nuove Tecnologie".
In 2005 he was decorated by the Republic of France and elevated to Officier dans l'ordre des palmes académiques. His pioneering role in the development of technology law and especially privacy law was cited as one of the main reasons for his being made the recipient of such an honour as was his contribution to the development of European information policy. In 1993 Joe was Rapporteur on the use of personal data for Police Purposes to the Project Group on Data Protection of the Council of Europe.
Joe is as passionate about history, education and cultural heritage as he is about law and information sciences. A committee member and later Treasurer of the Malta Historical Society (1978-1985), he was appointed by the Council of the University of Malta as (founding) Chairman of the Malta Centre for Restoration for two terms between 1999 and 2005 where he established the Institute for Conservation and Restoration Studies. His publications during this period include papers on the Philosophy of Conservation Education, Thealasermetry and the use of hybrid technologies to survey heritage sites and e-heritage. He was a Trustee of the Foundation for Cultural Heritage Memory established by Maltacom to use technological means to preserve and facilitate access to parts of our heritage such a music, images and oral tradition. He maintains his sanity and a sense of humour by forming part of cultural heritage conservation teams together with colleagues from Czech Republic, Italy, Romania and the UK engaged in field-work around the world.
Dr Mike Davies
Research Leader, Cyber Assurance and Operations
Defence Science and Technology Organisation (DSTO)
Nuggets, niches and networks: How does DSTO contribute to global cyber security R&D?
Cyber security research and development is a vast global field with national and international contributors across government, industry and academia. It is important that DSTO's R&D can be clearly differentiated from that of industry and academia and makes effective use of its unique position within government and the Department of Defence, aided by partnerships. The presentation will cover DSTO's R&D in cyber assurance and operations. It will focus particularly on the pursuit of autonomous cyber defence capabilities that will help tackle the growing critical vulnerabilities that accompany the emerging ubiquity of cyber physical systems.
Dr Mike Davies is the Defence Science and Technology Organisation's (DSTO) Research Leader for Cyber Assurance and Operations (RLCAO). In this capacity he is responsible for DSTO's primary cyber security R&D and its support of the Defence department and broader national security. Mike's role includes being DSTO's lead for national cyber security research partnerships with academia and industry, representation on the PM&C national cyber security review, relationships with the US Department of Homeland Security in cyber security S&T, and the PREDICT approval coordinator.Mike's current interests include realising technological solutions to ICT supply chain security, autonomous cyber security, defeating the cyber threat before it arrives through vulnerability discovery and mitigation, and how Australia might establish an accredited national conference in cyber security science and technology.
Former Director, Australian Signals Directorate (ASD)
The challenge of getting business up to speed on cyber - language, risk and practical action
Hyper connectivity and big data are increasing the potential for severe to catastrophic harm in our networks. The threat drumbeat has been effective - business leaders understand that they face potentially significant risk. The big challenge for business leaders and the security industry is to achieve consistent understanding of the risk and then what can be done about it. The big barrier to understanding is language. Without a clear common understanding, misplaced confidence can result in strategic surprise. The security industry needs to provide practical solutions that are good enough, and can be demonstrated to be good enough, and industry leaders should then seek independent assurance that security provision is fit for their business purpose.
Ian McKenzie's Australian Public Service career spanned some 30 years in the Department of Defence, primarily in intelligence and security.
Since retiring from government service he provides advice to industry on risk and cyber security.
For the decade until end 2013, he was the head of two different intelligence agencies – The Defence Imagery and Geospatial-Intelligence Organisation (2003 to 2007), and then the Defence Signals Directorate (DSD) (2007 to 2013).
Most of his career was spent in DSD, where he began as an analyst in 1984. DSD is the foreign signals intelligence agency and information security authority for the Australian government. As such it is both an intelligence agency and security agency, and performs a unique role for the Australian government.
During his tenure as Director of DSD, cyber security became a major issue for the Australian government, and DSD provided vital security advice and assistance to government agencies during the past seven years. DSD established and hosted the Commonwealth Cyber Security Operations Centre in 2010.
His other career highlights have included:
- Posted to Washington D.C. (1990-1992)
- Chief Executive Assistant to Secretary of Defence (1995-1996)
- Responsible for rationalization and market testing of all Defence corporate functions in Canberra (1997-1999).
Ian is from Adelaide and has a BA (Honours) from the University of Adelaide, majoring in History and Chinese.
In the early 1980's prior to joining Defence he worked as a schoolteacher in Melbourne and also studied in China for a year under a Commonwealth Government scholarship.
Ian was awarded a Public Service Medal in the 2014 Australia Day Honours List for his significant contribution to enhancing Australia's defence and national intelligence capabilities.He enjoys AFL football, films and good live music.
Maarten Van Horenbeeck
Director of Security
A living history of Incident Response
Maarten's keynote address will take a look back at our mutual history of major incidents, starting with the Morris Worm, Stuxnet, the DigiNotar compromise, and the major Distributed Denial of Service attacks of 2014-2015, and explore how each of those thoroughly changed the way we approach security. Seeing so many breaches in the news on what appears to be a daily basis, protecting one company seems like a challenge. In this talk, we'll look at what it takes to protect "the internet", and how a league of defenders across the world is stepping up to give all it takes to win.
Maarten Van Horenbeeck is Director of Security at Fastly, a Content Distribution Network that speeds up web properties around the world. He is also a Board member, and former Chairman, of the Forum of Incident Response and Security Teams (FIRST), the largest association of security teams, counting 300 members in over 70 countries. Prior to his work at Fastly, Maarten managed the Threat Intelligence team at Amazon, and worked on the security teams at Google and Microsoft. Maarten has a master's degree in Information Security from Edith Cowan University, and is currently pursuing a Masters degree in International Relations. When not working, he enjoys backpacking, sailing and collecting first edition travel literature.