Thank you to both Zin and Zannie from Jaamzin Creative for reaching out to me about being featured on their art blog. It was a pleasure talking with you both. You can see the post below:
The proceedings from last year’s Australian Cyber Warfare Conference have been published. If you missed my presentation on the definition and taxonomy of Cyber Terrorism you can check out the discussion paper on Page 1 of the 2019 Australian CWAR Proceedings.
Excited to release my latest Single, “Sunrise”. I wrote this on a very early Montréal morning while watching the sun rise. The song aims to capture the feeling and energy I had while watching the entire city wake up before my eyes.
JJ Plotnek, J Slay (La Trobe University)
This paper reviews the use of the term ‘cyber terrorism’ and proposes a new universally-applicable taxonomy and definition. The proposed new definition is derived from detailed analyses of existing definitions in the publicly available literature, which includes all of the key commonalities identified in accordance with the newly proposed taxonomy and allows for more specific subsets of cyber terrorism to be defined in future research.
If you’re attending the Australian Cyber Conference next week be sure to check out the embedded Australian Cyber Warfare Conference (CWAR), where Prof. Jill Slay will be presenting my paper on Cyber Terrorism.
I’m excited to announce that my artwork will now be available for viewing and purchase at Market Gallery in Prahran! Make sure you come down and have a look if you live in the Melbourne area!
Cybersecurity is an interesting beast. It is a relatively young discipline, which tends to get caught between its two older and more mature siblings, Security and Engineering. Cyber professionals tend to fall in one camp or the other when it comes to engineering security into the design of a system. Either they’re too preoccupied with standards, compliance, and over-engineered technical solutions. Or they fall into the other camp, where they’re too focused on external factors, such as threat intelligence or the latest known exploits.
The issue with the technical mindset is that, unlike with safety engineering, security engineering can’t assume that people behave the way they’re expected to. So, even if the system is technically engineered to perfection, the whole thing falls down as soon as you add people to the mix. Blindly implementing best-practice controls, achieving accreditation, and having all the latest gadgets will not necessarily achieve the desired risk levels.
The security intelligence mindset brings about a different issue. The modern threat landscape is in a state of perpetual disruption – we have no idea what threats are going to look like in the next year, let alone over the life of a system. Threat models and threat intelligence are great, but at the end of the day it doesn’t actually give any useful information when it comes to designing a system security architecture.
The key is to find a balance between these two mindsets and achieve both technology and threat agnostic security. This can be done by focusing on the system’s inherent vulnerabilities and, taking an impact-focused approach, building in mitigations to lower the risk exposure to the desired level. Naturally, risk exists wherever humans are involved and fail-secure solutions need to be considered. Technology should never be included in a design simply to meet compliance expectations as this will only make the final solution more complex than it needs to be, which in turn raises the risk profile. Additionally, threat assessments should not be used as a key input into the design as threats and attack methods evolve far too quickly to be reliable – these tools are much more useful for operational security.
Drawing up a system scope and taking an inward vulnerability focus is the only way to secure a system by design. This ensures the most critical security consequences of system failure are covered, regardless of what happens outside the system boundary.