Canterbury cyber protection system first of its kind in NZ
Canterbury cyber protection system first of its kind in New Zealand
May 15, 2014
A University of Canterbury cyber security research group is working on a novel model and method to protect computer systems, which will be the first of its kind in New Zealand.
The Canterbury computer science and software engineering research group has developed a scalable and adaptable security model and method, named HARM (Hierarchical Attack Representation Models), which evaluates the security of large networked systems and cloud computing systems.
Canterbury research Dr Dong-Seong Kim outlined the model to cyber security experts at Sorrento, Italy, earlier this year.
"We are presenting our model to the premier international conference on dependable systems and networks at Atlanta, the United States, next month. Our HARM model with moving target defence techniques can confuse attackers and improve security for networked systems. Cyber threats and actual cyber-attacks have already happened in New Zealand.
"Many software vulnerabilities, from personal computers to servers in large enterprise networks can be exploited by attackers. There are emerging cyber attacks such as SMS (text) phishing attacks to personal mobile smart phones, insider threats, cloud computing security and cyber-attacks to critical infrastructures and smart grids.
"One specific potential threat in New Zealand context is cyber and physical attacks to agriculture ICT systems, such as systems and sensor networks that are being deployed to monitor livestock and crops.
"There is no perfectly secure system. Therefore, it is necessary to use preventive, reactive and proactive methods, mechanisms and solutions to protect computer systems. For instance, ICT system users have to apply regular updates for patching vulnerabilities for their PCs such as Windows and its software updates, software security updates for Apps in Smart phones, and updates for anti-virus engines to detect and remove computer virus and worms.
"For system administrators, there are multiple ways to protect their systems and networks. Best practices on security need to be applied. Security solutions such as vulnerability scanners, firewall, and intrusion detection systems can be used to discover, prevent, and detect attacks respectively, and countermeasures can be used to improve security.
"It is also very important for organisations to establish well-defined security processes and plans. Security assessment can help to check and improve of systems and networks and reduce the impact of any security incident."
Dr Kim says the biggest worldwide security attack this year was the Target breach where information on 40 million credit and debit cards was stolen and 70 million records of customers’ personal information was leaked, resulting in head staff resigning.
"It is good news the Government is interested in setting up an advice group on cyber security and I hope our academic staff can get involved in some research and development work.
"Last year, our Government signed an agreement with the United Kingdom government to collaborate on cyber security. New Zealand has number of organisations dedicated to cyber security research.
"Our daily lives are heavily depending on ICT infrastructures. New threats to our PCs, servers and ICT infrastructures appear every day as organisations are paying more attention to secure their systems and networks. More funding should be investigated to provide secure and resilient ICT systems to be protected from any cyber security attacks."
In 2012 New Zealand’s National Cyber Security Centre incident summary reported an increase of about 50 per cent in serious cyber intrusions compared to 2011.