“Perth is 32 Milliseconds from Anywhere”

Article from the AICC(WA) 2017 special Cybersecurity FutureNOW Series event featuring Mr Hans

Haverhals, Head of Cyber Security Australasia, BT Global Services, Mr Gary Hale, Managing Director,

SC8 Limited and Professor Craig Valli, Director of ECU Security Research Institute, Edith Cowan

University speaking on "Wannacry – what you need to know to protect your customers and your

business in the futureNOW.

From L to R - Professor John Finlay-Jones, Deputy Vice-Chancellor (Research), Edith Cowan University, Mr Larry Lopez,

Vice-president, AICC(WA) and Partner, Australian Venture Consultants, Professor Craig Valli, Director of ECU Security

Institute, Edith Cowan University, Mr Gary Hale, Managing Director, SC8 Limited, Mr Carl Purwien, Executive Manager,

Commonwealth Bank, Mr Hans Haverhals, Head of Cyber Security Australasia, BT Global Services and Mr John Cluer,

Chief Executive, Australia-Israel Chamber of Commerce (WA)

Host Sponsor: CBA Principal Sponsor: ECU

In the words of one attendee “by the end of the presentation I had mixed emotions. I couldn’t

decide to wannalaugh or wannacry”. So was the reaction to an eye-opening presentation about how

rapidly the cybersecurity issue is impacting business locally, and around the world.

Mr Gary Hale, a graduate of three AICC(WA) Israel delegations, reflected on his recent trip to Israel

by discussing the sense of urgency which pervades business development in Israel. Culturally

reflective of a society that needs security and has to execute decisions quickly, Mr Hale particularly

took note of the productivity and experimentation associated with Israel’s cyber industry, and the

strategy that drove business development. Whist sometimes competing, and other times partnering

and sourcing from Israeli companies, he drew a distinction between Australian business which was

predominantly focused on sales and service, and Israeli business which looked across a broader

business lifecycle which commenced with the identification of a problem and developed through to

the point of commercial exit and beyond.

Mr Gary Hale, Managing Director, SC8 Limited

SC8 is a relatively recent Perth based company that recognises local capability and relationships. In

the global market, Mr Hale asserted that the Perth cyber industry holds its own with highly regarded

people and product development. In the context of noting that the tyranny of distance associated

with traditional economic markets for Western Australia do not apply to ICT he mentioned that

“Perth is 32 milliseconds from anywhere”.

Sharing an example of SC8 activity Mr Hale described the evolution of Operational Technology (OT),

being hardware and software that detects or causes a change through the direct monitoring and/or

control of physical devices, processes and events. Through interacting with digital leaders in large

industry SC8 is an example of new cyber industry development that Mr Hale noted “pushes

boundaries on how to be productive whilst mitigating cyber risk”. The broad aims of the cyber

industry are focussed on protecting business value, enhancing operational resilience, and driving

digital agility.

Mr Hans Haverhals, Head of Cyber Security Australasia, BT Global Services

Hans Haverhals, Head of Cyber Security Practice of BT Australasia further reinforced the rising

consciousness of cybersecurity, and described the changing nature of cyber threats and the cyber

security journey that we are all on. Recent cyber attacks involving ransomware, denial of service,

and data theft, have been prolific in the media. “We risk battle fatigue before the battle has begun”,

Mr Haverhals remarked, “but the journey traverses stages”. He described denial, worry, false

confidence, hard lessons and leadership as the responsive evolution and particularly focussed on the

essential need for a cross-organisational approach towards risk quantification.

“The problem does not belong to IT. Everybody carries responsibility. Similarly, it must be

recognised that good cyber security is not about technology alone, but also about people and

process. Businesses tend to spend on technology (sunk investment into cyber software), but

also need to heavily invest in people and process to ensure that cyber is embedded into

organisational culture.”

Mr Haverhals provided an insight into both board and executive leadership trends relating to cyber

awareness. Often a false sense of security can be instantly shattered by a specific event or trigger.

His advice was to embed cyber into all elements of management decision making and not isolate the

topic as a periodic agenda item.

For those organisations that are true leaders in how they manage cyber security risks, Mr Havehals

explained:

“It can feel lonely at the top, but I encourage true leaders to collaborate with their peers -

those within their own market as well as across different industries. Security leadership can

be found across all industries and each have learned hard lessons along the way - we stand

to learn a lot from each other. Build and invest in these trusted relationships early, as it's

hard to build trust in the middle of a crisis.”

In conclusion, Mr Haverhals stated "Ultimately it needs to be recognised that cyber is a journey, not

a destination.”

Professor Craig Valli, Director of ECU Security Institute, Edith Cowan University, Mr Gary Hale, Managing Director, SC8

Limited and Mr Hans Haverhals, Head of Cyber Security Australasia, BT Global Services

With forthrightness and no inhibition, Professor Craig Valli provided a wake up call by describing the

rate at which cyber attacks are increasing, and the severe consequences of networks being

breached. The reliance that is now placed on back end IT systems to deliver industry, government,

utilities and infrastructure, and all elements of daily living means cyber security is inescapable.

“Cyber is an advanced persistent threat that is not going anywhere.”

Professor Valli criticised businesses and agencies that fall behind basic software upgrades and

maintaining currency on software security. He also referred to often lax public attitudes towards

public security noting that intelligence and defence agencies charged with the oversight of security

of infrastructure need to be supported and respected. Criminal activity is not tolerated when

physical, however often cyber crime is not viewed with the same due regard. We risk the inability to

cope with an escalation of cyber attacks without a stronger level of public awareness. Professor Valli

cautioned that the “Internet of Things” is an “Internet of Threats” when the basic protocols of

protection are disregarded.

Mr Carl Purwien, Executive Manager, Commonwealth Bank

Professor Craig Valli, Director of ECU Security Institute, Edith Cowan University

The ECU undertake leading penetration and vulnerability assessment, involving a diverse range of

students, industry and government stakeholders. Sharing examples of testing the reinstallation of

backup data, and specific organisations that have had password and encryption weaknesses

identified, have been aided by the ECU to strengthen their network protection.

Mr Gary Hale, Managing Director, SC8 Limited and Mr Hans Haverhals, Head of Cyber Security Australasia, BT Global

Services and Mr John Cluer, Chief Executive, Australia-Israel Chamber of Commerce (WA)

Through dialogue and questions the panel of presenters addressed issues including the impact of

cyber on Small and Medium Enterprise, where the threat remains the same but the resource base to

address the problem is not as expansive. As a basic protection, the knowledge of what data and

information exists, where it is, and control over its confidentiality can be managed with diligent

control of devices and standard security protocols. Other discussion relating to password strength

and control, and the legacy systems underpinning utility infrastructure were addressed by the

presenters.

Professor John Finlay-Jones, Deputy Vice-Chancellor (Research), Edith Cowan University

A vote of thanks was proposed by Professor John Finlay-Jones, Deputy Vice Chancellor (Research) of

ECU. The ECU are one of two Australian Centres of Excellence in Cybersecurity and proud of the

Universities longstanding commitment to delivering specialist education, skills and research

capability in this sector.

A link to the BT paper “Five stages you have to navigate to protect your organisation from attack” is

available from the BT Website.

From Top L clockwise - Mr Hans Haverhals, Head of Cyber Security Australasia, BT Global Services, Mr Scott Henderson,

Vice President (Corporate Services), Edith Cowan University, Professor Margaret Jones, Director, Office of Research and

Innovation, Edith Cowan University, Adrian Huber, Special Counsel, Wrays, Professor Peter Davies, Pro Vice Chancellor

(Research), The University of Western Australia and Andy Buchanan-Hughes, Regional Manager, Priority Management

WA