Palo Alto Networks has advised Australian government agencies to evolve their IT networks in the wake of the Islamic State hijacking The US Central Command Twitter site.
The hackers put a black-and-white banner with the image of a hooded fighter and the words "CyberCaliphate" and "I love you ISIS" in place of the usual Central Command Twitter banner.
The warning follows the Australian Communications and Media Authority's (ACMA) online alert advising Australians to be cautious about opening any emails received that refer to an ISIS threat.
"New emails referring to ISIS terrorism activities carry a malicious attachment that can be used to infect your computer," the alert said.
"ACMA is experiencing a surge in reports of emails with the subject ‘ISIS attacks in sydney?’ (sic).
"These emails encourage people to open an attached word or RAR file by claiming the attachment includes an article naming the Sydney locations ISIS plans to attack in 2015."
Clicking on the attachment could result in malicious code being installed that allows an attacker to take control of your computer.
Palo Alto Networks A/NZ manager of systems engineering, Gavin Coulthard, said many government organisations were shifting their cyber security approach by moving away from a collection of point solutions, ad-hoc entities, and processes towards a more deliberate structure.
"This structure is known as a dedicated Security Operations Centre (SOC) to manage and monitor a unified security architecture.”
Palo Alto Networks advises a four-step framework to form the foundation of a new or revitalised SOC:
- Creating a SOC should be approached the same way the organisation approaches every new project, according to Palo Alto.
- This should include whom the SOC manager will report to and where it will be located organisationally.
- Agencies should also identify the services offered.
- Fewer services delivered well is better than many services offered poorly.
Basic core SOC services include: outreach and education of cyber security, cyber security incident management and IT vulnerabilities management.
Once the SOC baseline mission and services are established, it is important to document the future growth and objectives.
Two documents can assist with this: the blueprint, an operational document which describes the SOC architecture and the roadmap, which maps the SOC’s future growth and goals.
It it also important to acquire the necessary people, processes, technology and intelligence.
Once the foundation steps are completed, the organisations can acquire and develop the appropriate people, process, technology, and intelligence to align with the mission and the services.
Coulthard said the sheer magnitude of government IT systems that most SOCs protect drives the need for an intelligence-centric approach.
"The most basic aspect of this approach is a comprehensive understanding of the specific government IT environment used to deliver services to the government agency or agencies," he said.
"Likewise, an understanding of the government’s enterprise network topology, including all connections (internet, mission partners, cloud providers and vendor specifics) is needed for an understanding of attack vectors."
He said the SOC would most likely be reactive in its infancy.
"Ultimately, though, the SOC must engage in threat identification and understanding to develop a proactive cyber security approach," he said.
“Building a SOC may seem onerous but the payoff, with improved visibility, intelligence, and protection for the government in challenging times, will be well worth it.”