Category: News

Acurus Pty Ltd News

Australia’s bold plan for cybersecurity growth

ZDNET, 20 April, 2017 – The Australian Cyber Security Growth Network (ACSGN) aims to triple the size of the nation’s cybersecurity industry sector, from just over AU$2 billion in revenues today, to AU$6 billion.

The goal was announced in Sydney on Thursday at the launch of the ACSGN’s Cyber Security Sector Competitiveness Plan (SCP), their roadmap for reaching that goal.

The SCP is intended to “identify the challenges Australian organisations face when competing in local and international cyber security markets”.

“The SCP provides a roadmap to strengthen Australia’s cyber security industry and pave the way for a vibrant and innovative ecosystem. It articulates the steps and actions required to help Australia become a global leader in cyber security solutions, with the aim of generating increased investment and jobs for the Australian economy,” it says.

The SCP was launched by Senator Arthur Sinodinos, Minister for Minister for Industry, Innovation and Science.

“The aspiration, and it’s set out here in this plan so clearly, is to be a global leader in this space,” Sinodinos said.

“It’s fantastic, the talent we have in Australia, the skills that we have in Australia, the systems we have in Australia, to be a world leader in so many aspects of cybersecurity… Now I know that can be a big call, but we have the capability to do it.”

Australia’s attempt to build the cybersecurity sector will have three country-specific challenges, according to the ACSGN:

Firstly, while Australia demonstrates excellent and world-leading cyber security research capability, there are signs the current system of research and commercialisation is inefficient. Scattered public funding for cyber security research and development weakens the country’s ability to lead on innovation. Limited collaboration between the research community and the private sector further undermines the commercialisation of basic research ideas into marketable solutions.

Secondly, insights gained from expert interviews undertaken to develop this Plan and public tender data signal that the current market environment constrains the growth prospects of smaller Australian cyber security businesses and startups. While these companies may have the capability to develop innovative and novel product and service offerings, they often lack the business acumen, established credibility and scale to win key contracts with large industry or government customers in Australia and abroad. Barriers to export are particularly noticeable for providers of cyber security services.

Thirdly, a serious skills shortage is limiting the growth of the Australian cyber security industry. Several industry surveys confirm the drought in job-ready cyber security professionals is among the worst in the world. While universities have recently begun to introduce several new study courses, they will unlikely produce enough graduates to meet industry demand in the near future. It is also questionable whether the industry will be able to draw workers with related skills from areas outside of cyber, as pathways for professional and transitional training are not currently sufficient. It is estimated that the domestic cyber security industry will need to employ at least 11,000 additional workers over the next decade.
The CSP runs for 98 pages, with the front cover as the only non-content graphics. It’s intended to provide a thorough economic narrative to back up the strategy.

The ACSGN also announced two members to its board, bringing total to five, and the creation of a second cyber security innovation node in Canberra, joining the first node established in Melbourne.

The new names on the board are Heather Ridout AO, a former long-term chief executive of the Australian Industry Group, and chair of numerous business and community organisations; and Mike Burgess, most recently chief information securing officer of Telstra, and previously holding senior roles with the Australian Signals Directorate (ASD).

They join co-chairs Adrian Turner, chief executive officer of Data61; Doug Elix, who retired from IBM in July 2008 as senior vice president and group executive for IBM’s worldwide sales and distribution operations; and ACSGN’s chief executive officer Craig Davies.

Davies continues to be bullish about the potential for Australia’s cybersecurity sector, but once again he emphasised the need for speed.

“This is the time we need to do this,” he said. “Deloitte are forecasting 60,000 jobs over the next 13 years [if Australia takes a ‘cyber smart’ growth strategy]. Is that all? Surely we can do better than that.”

Davies’ team took 20 Australian cybersecurity startups to the RSA information security conference in February this year. His goal is to take 50 companies in 2018.

Davies said he’s been told that the ACSGN is looking for the next Atlassian, referring to the company most often cited as an Australian startup success, and also to his previous role as Atlassian’s head of security. “No,” Davies said. “We’re looking for the next 50 Atlassians.”

Also announced were two cybersecurity hardware products, both developed in Australia.

From Penten comes the AltoCrypt Stik, a “highly portable, easy to use, secure mobility solution which provides a government user wireless access to sensitive networks both inside and outside the office,” according to the promotional material.

The Stik bundles routers, security appliances, and cryptographic tools confirming to the UK PRIME standard for High Grade, into a single USB stick. It has the potential to replace the suitcase-sized devices currently in use.

The other device is the Cog Systems D4 secure smartphone, which aims to produce a secure Android device at consumer price points, rather than the usual hardened phone price that can often exceed $10,000.

Cog’s reference design is based on an HTC One A9 smartphone, with a heavily modified version of Android. Its features include a virtualised key store, which means the key store doesn’t touch the operating system; nested VPNs, enabling two separate and distinct VPN clients on the device; and a D4 Secure layer running on a separation kernel to provide added OS protection from common exploits and malware.”

The ACSGN was established at the beginning of 2017 as part of Australia’s National Innovation and Science Agenda in December 2015, and is a key part of the Australian Cyber Security Strategy released in April 2016..

(2017), Australia’s bold plan for cybersecurity growth, ZDNet, viewed 20 April 2017, <https://www.zdnet.com/article/australias-bold-plan-for-cybersecurity-growth/>.

NBN data usage continues to soar

COMPUTERWORLD, 29 March, 2017 – The average household connected to the National Broadband Network is churning through 148 gigabytes of data every month, according to NBN.

The figure represents a 32 per cent increase compared to 2016, the company said. A key driver for increasing data consumption has been the growth in the popularity of over the top (OTT) video streaming services, Sarah Palmer, NBN’s executive general manager, product and pricing, yesterday told the OTT Summit in Sydney.

Prior to the March 2015 launch of Netflix in Australia, the average household connected to the network was downloading 73 gigabytes per month. The launch of Netflix saw average downloads grow by 15GB in the space of a month — the biggest spike in traffic that the network has seen so far.

“It was kind of astounding and it was stark,” Palmer said. “We had usage rise 22 per cent in a single month.”

The rollout of the NBN is providing a “relatively small nation” with an “enormous addressable market” for content providers, Palmer told the summit.

NBN used the summit to release figures from the Ovum OTT Video Forecast. Ovum is predicting that by 2022, 7 million Australian households will have subscription video on demand services (SVOD) — up from the current figure of 2.6 million.

SVOD revenue in Australia will grow from $460 million in 2016 to $1 billion by 2022, the analyst firm is forecasting.

“In March 2015 when Netflix appeared… the conversation about speed went away and the conversation about data downloads got elevated quite dramatically,” Palmer said.

However, the combination of the growth in popularity of SVOD, the emergence of 4K video services, and the use of multiple devices in a single household to stream video could help drive increased uptake of higher speed NBN plans, Palmer said.

Although some part of the NBN access network are theoretically capable of reaching 1 gigabit per second speeds, no retail service providers currently offer gigabit NBN plans. At the end of 2015, more than half of the NBN end users had 25/5 megabits per second plans — only 13 per cent had the top 100/40Mbps speed tier currently offered by RSPs.

NBN CEO Bill Morrow last week told a Senate Estimates hearing that the company has “found many cases where end users were not aware that they actually had a speed choice” when signing up for a National Broadband Network connection through an RSP. “They just thought it was superfast broadband,” the CEO said.

Pearce, R (2017), NBN data usage continues to soar, Computerworld, viewed 29 March 2017, <http://www.computerworld.com.au/article/616733/nbn-data-usage-continues-soar/>.

Australia finally has mandatory data breach notification

ITNEWS, 13 February, 2017 – Australia will have a mandatory data breach notification scheme in place within the year after several aborted attempts, following the passage of legislation through the senate today.

The Labor and Liberal parties today united to pass the government’s Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law. Learn what the rules mean for your organisation.

The passage came despite a last-ditch attempt by the Greens to make changes to the bill that would shorten the period in which an organisation must notify of a breach down from 30 days to three.

The party also attempted in vain to capture political parties and businesses with less than $3m turnover under the legislation.

The scheme applies only to government agencies and organisations governed by the Privacy Act, meaning state government organisations and local councils, plus organisations with a turnover less than $3 million a year, fall outside the legislation.

The bill now needs only royal assent – a formality – before it becomes law.

The Liberal government had pledged to have a mandatory data breach notification scheme up and running before the end of 2015, but missed its own deadline to get the bill into parliament.

It debuted the Privacy Amendment (Notifiable Data Breaches) Bill 2016 last October.

The bill edited the language of a draft published the year prior slightly to bend to industry calls to remove the requirement for notification if an organisation “ought to have been aware” a breach had occurred.

The newly-passed law means organisations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.

The notification must include a description of the data breach, the kind of information involved, and how customers should respond to the security incident.

Those that fail to notify face penalties including fines of $360,000 for individuals and $1.8 million for organisations.

The legislation considers a serious breach to have occured when there is unauthorised access to, disclosure or loss of customer information held by an entity, which generates a real risk of serious harm to individuals involved.

Such information includes personal details, credit reporting information, credit eligibility information, and tax file number information.

Organisations can take certain actions that mean a suspected data breach will not be considered one under the law.

The bill gives the example of when an entity becomes aware that it has “mistakenly emailed the information of one individual to another individual, asks the second individual to delete the information without using or disclosing it, and is confident that the second individual has complied with that request”.

It also uses the examples of when a lost or stolen device has been remotely wiped before its content can be accessed, or when a device is left in a taxi and the individual can be certain the driver did not access the device.

The scheme will come into operation at an as-yet unannounced date within the next 12 months.

Years of effort

The passage of the bill marks the end to three years of effort by both sides of parliament to get a data breach notification scheme in operation.

The government’s newly-passed bill is almost identical to the Privacy Alerts bill introduced by Labor in 2013 and again in 2015.

The Coalition government refused to support the Labor bill at the time because of concerns about a lack of definition around terms like “serious breach” and “serious harm”.

The Liberals’ own data breach legislation came as a result of recommendations made last year by the parliamentary joint committee tasked with reviewing the government’s data retention bill.

Coyne, A (2017), Australia finally has mandatory data breach notification, iTnews, viewed 13 February 2017, <https://www.itnews.com.au/news/australia-finally-has-mandatory-data-breach-notification-450923>.

Acurus launches white label ISP platform

Melbourne-based technology services provider, Acurus, has created a new white label ISP platform allowing companies to provide tailored internet services to their customers.

The service can be tailored specifically to an organisation’s needs by Acurus, who will build the platform and equip the network as well as manage billing, customer support and integration services.

Acurus managing director, Jason Matser, said the launch of its ‘ISP as a Service’ comes at a time where brand loyalty was waning among Australian consumers.

“Internet savvy consumers are less ’sticky’ than ever before and are willing to switch their insurance provider, supermarket or energy company in an instant… even just to save a few dollars a week,” Matser said.

“Organisations who can provide customers with multiple service contracts (insurance, energy and internet for example) will realise greater opportunities for growing their average revenue per customer and retention rates.”

Acurus recently created a platform for newly launched broadband company, Tomi, which provides customers with pay-as-you-go broadband services.

Founder Andy Summerton worked with Acurus to help develop Tomi.

“If you use it, you pay for it. It’s that simple. With traditional internet offerings you are sometimes paying for what you don’t use. Especially if you have a holiday house or live in a share house,” Summerton said.