CybersecurityFuture cyberattacks to cause more trouble than Heartbleed

Many of these future attacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest.

A new report released by CSIRO at CeBIT’s Cyber Security Conference, held earlier this month in Sydney, Australia, said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

“Despite recently being ranked second in the Asia-Pacific region when it comes to cyber-security capabilities, we need to recognize that our increasing reliance on digital services leaves us potentially vulnerable at unprecedented scales,” said James Deverell, director, CSIRO Futures.

“The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed, and severity of breaches — far beyond what any single organization can tackle on its own.”

A CSIRO release reports that the report, called Enabling Australia’s Digital Future: Cyber Security Trends and Implications, looks at how a far greater number of future online attackers — anyone from a disgruntled employee to organized cybercriminals — could cause widespread disruption and financial losses by hacking into Australia’s digital services and infrastructure, including public services like patient health records and taxation data.

The report suggests that the damage from these cyber threats could be immense, including using Heartbleed-like vulnerabilities to defraud the healthcare system of up to A$16 billion by 2023; disabling energy grids at critical times, such as during heatwaves; and hacking public-sector databases to leak or sell confidential data — anything from individuals’ tax file numbers or patient records to sensitive national security and defense information.

“The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be,” said Deverell.

“As we begin to develop and embrace these services, it’s in our national interest to ensure they’re designed with simplicity and transparency in mind from the very start.”

The report calls on businesses, public-sector organizations, and everyday Australians to:

• Embrace more open disclosure and work together when a breach occurs
• Focus on simplifying digital systems, including designing “invisible” security measures that don’t hassle or slow down users
• Invest in new systems to verify and protect an individual’s digital identities from theft or fraud. For example CSIRO is currently researching and developing digital identity frameworks for use throughout Australia and the European Union.

“As shown recently in the international response to the Heartbleed exploit, collaboration and open disclosure are essential when tackling threats that cross networks, industries, and national borders,” said Professor Jay Guo, Research Leader — Smart, Secure Infrastructure, CSIRO’s Digital Productivity Flagship.

“We need to dispel the fear of the consequences of disclosure — including those to brand reputation and shareholder value — that currently discourages Australian organizations from full openness about breaches, and share our resources and knowledge to devise more effective, timely cyber-security solutions.”

“Instead of being caught up in a digital arms race against increasingly intelligent threats, we need to design our cyber-security approaches to focus on people — anticipating their behaviors and taking advantage of their unique traits,” said Professor Guo.

“No system will ever be perfect, but we can prevent and minimize the impact of even extremely complex threats by approaching cyber security as a community.”