Australia has a new ACTION PLAN about ransomware, so I think it's time to fire up the #tljr engines (and also I am on a break and have a coffee) and dive into what will no doubt be exciting* and illuminating*.
The PDF of the ACTION PLAN is here if you want to follow along with me:… #tljr
The plan is only 10 pages (plus 6 pages of graphic designer shenanigans), so it's not really Too Long Justin Read and more Justin Read Because I Don't Wanna #tljr
The ransomware plan begins with an unlocked padlock made of 1s and 0s metaphor which says several things about Australia's approach to computering. #tljr
There is an opening statement from the Minister that begins "We are continuing to observe cybercriminals successfully use ransomware to disrupt services and steal from
Australians." and ends with "Australia takes a zero tolerance approach
to ransomware." #tljr
This follows the success* of every other "zero tolerance approach" everywhere. #tljr
"the Australian Government does not condone ransom payments being made to cybercriminals. Any ransom
payment, small or large, fuels the ransomware business model, putting other Australians at risk."
I look forward to finding out this means in practice. #tljr
"Recognising that there are several cyber and ransomware initiatives already in place, the ever changing nature of this threat means Australia needs to remain agile
and prepared to quickly stand up differing approaches over time."
So this is a decisive stance that may change.
"This approach will ensure that Australia can maintain a consistent and mature security posture to meet security objectives well into the future."
Ah yes. Consistency through change. Very Newspeak, Minister. #tljr
Anyhow, let's read the actual report proper. #tljr
The first section is called "The threat of ransomware" and notes that ransomware is a thing. Quite a big thing. Who knew? #tljr
All the references are to things from the past 24 months-ish. People who have been paying attention will note that Cryptolocker was in 2013 and ransomware has a much longer history:… #tljr
You will be glad to know that ransomware attacks typically involve three groups: criminals who do the attack, Victims who are the… well victims. And facilitators who… facilitate the ransom payments.
These are their stories. *dundun*
You will be glad to know that ransomware attacks typically involve three groups: criminals who do the attack, Victims who are the… well victims. And facilitators who… facilitate the ransom payments.
These are their stories. *dundun* #tljr
We note the Colonial Pipeline thing from last year, and a "case study" of 5 lines about a Melbourne hospital that got hit in 2019. #tljr
"Assistance is available" apparently, and if the stories in this plan cause you distress please call 1300 CYBER1 or visit #tljr
Page 5 lists a bunch of thing the government is already apparently doing, thus re-announcing previously announced announcements like the Cyber Security 'Strategy' 2020 document that I have previously mocked as being barely a notion let alone a strategy. #tljr
Actually, no, a bunch of these things are things the government is planning to do, like "Developing the next National Plan to Combat Cybercrime' which is apparently different from the Cyber Security Strategy. #tljr
Okay! Page 6 (of 10) is where we get to the actual plan. Strap yourself in! #tljr
There are 3 objectives:
- Prepare and Prevent
- Response and Recover
- Disrupt and Deter
so it appears we will be solving ransomware using two major government strengths: three word slogans and alliteration. #tljr
The Prepare and Prevent objective is:
"Building Australia’s resilience to
ransomware attacks."
That's it. That's the objective. Keen observers may have spotted that it is not a SMART objective. #tljr
Never fear! We shall Respond and Recover by "Strengthening responses to ransomware
attacks by ensuring support is available to victims."
Uh, okay. I guess there'll be some detail later on? #tljr
"Disrupting cybercriminals through deterrence and offensive action by strengthening Australia’s criminal law regime and increasing the risk of ransomware gangs being caught."
Ah, more cops. Of course. #tljr
*so weird* how that's the one with more detail, huh? #tljr
There will be an Operation Orcus led by the AFP as "Australia's strongest response".
Not our smartest. No. Strong.
Big Tough Strong response. Grr. #tljr
"Actively calling out those who support, facilitate or provide safe havens to cybercriminals"
I'll leave the diplomats to advise on how successful shirtfronting will be. #tljr
"Introducing a specific mandatory ransomware incident reporting to the Australian Government"
The detail is important there, so grab your popcorn for watching businesses respond to this idea. #tljr
"Introducing a stand-alone offence for all forms of cyber extortion"
Because making it more illegal will fix things. ffs. #tljr
"Introducing a stand-alone
aggravated offence for cybercriminals seeking to target critical infrastructure"
"seeking to target" and "critical infrastructure" will keep lawyers busy for some time. #tljr
"Modernising legislation to ensure that cybercriminals are held to account for their actions, and law enforcement is able to track and seize or freeze their ill-gotten gains"
Moar power. Again. #tljr
It'd be refreshing to hear which specific legal gaps are preventing police from prosecuting what is essentiall "extortion, but with a computer". As distinct from "we don't enjoy working hard and want it to be super easy to use power how we want" #tljr
The 'detail' page on Prepare and Prevent talks about all the things the government is apparently already doing that isn't working, hence the need for this Plan that isn't a plan. #tljr
They will be "supporting initiatives to actively prevent known malicious cyber threats from reaching Australian consumers and businesses" none of which are listed in this document which you might think is where they should perhaps be? #tljr
Anyhow, p8 Respond and Recover. Again, stuff that has already happened like the Notifiable Data Breaches scheme. "promoting information sharing and advice" which always gets an outing. Yawn. #tljr
It seems the extent of the "zero tolerance" stance is "clearly stating that the Australian Government does not condone the payment of a ransom to
Woo. Perhaps they could 'urge' or even 'strongly urge' people not to pay ransoms. #tljr
The bit they apparently plan to do is "legislative reforms to ensure law enforcement can investigate and seize ransomware payments" which implies they can't investigate them now, and "mandatory ransomware incident reporting" legislation. #tljr
Disrupt and Deter is the bit where there's something approaching concrete detail. Basically letting the cops and spooks go hunting which has no* risk of going awry whatsoever. #tljr
The policy theory here seem to boil down to making Australia less attractive a target by making our cops scarier. And that's basically it. Not a nuanced and multi-faceted approach using an array of tools, no, just more force. Woo. #tljr
That's it. That's the plan. Mostly waffle and bullshit and bluster. They're late to the party but have turned up itching for a fight, like some coked-up 'roid-junkie.
What a pathetic joke. #tljr
Here endeth the #tljr for today.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Justin Warren ⬡

Justin Warren ⬡ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jpwarren

12 Oct
Catching up on announcements from VMworld and apparently Tanzu will give me a back rub and buy me a pony while saving me money.
I can use it to have everything I want and never make a difficult choice or tradeoff! This sounds amazing. I wonder why no one has done this before?
I note how careful VMware is to say AWS is their 'preferred' public cloud even while simultaneously talking up multi-cloud and being friends with everyone.
Read 4 tweets
11 Oct
Hey so remember this bonkers reverse proxy thing I did with @nginx @traefik and @docker… ? Looks like you can do what I was trying to do with Traefik Enterprise v2.5
The folk at Traefik got in touch after I wrote that up, and we had a good chat. Partly it was my misunderstanding of how Traefik is designed to work…
Traefik is designed to be super-dynamic internally, and to do what I wanted to do means sharing the internal dynamic routing state between Traefik instances. That's only just been released in Traefik Enterprise v2.5:…
Read 5 tweets
10 Oct
Adding a covid cert to the ServiceVic app is really easy! All you have to do is:
1. Get the ServiceVIC app, and make sure it's the latest version.
2. Get the Medicare app
3. Sign up for myGov or get a myGovID digital identity and use that to sign into myGov
I hate computers.
One really awful legacy of this time is the further entrenchment of mediocre systems like myGov and TDIF. They'll get plugged into everything and then be really hard to replace with something better.
Read 5 tweets
13 Sep
“For the pilot, QPS removed raw data that had the direct attributes of ethnicity and geographic location before training the model.”
Ahahahahaa yeah that's not going to fix it.
"It has also yielded “previously unrealised” insights into predictors of domestic and family violence, such as offences related to risk-taking behaviour and a disregard for the safety of others."
Read 5 tweets
13 Sep
Our Minister for Home Affairs thinks all government comms should be done in the clear, apparently.
I look forward to completely unredacted documents from all my FOI requests from now on.
Parliament already has quite a bit of experience at unprotected comms, of course:…
Read 4 tweets
9 Aug
Fine. Let's #tljr the Basic Online Safety Expectations (BOSE) the government wants to pass. Docs are here if you want to read along:…
First of all, this is a Determination, which is something the Minister just gets to do whenever they feel like it. There's no voting on this. It's "delegated legislation". #tljr
The power to do this comes from s45 of the Online Safety Act which was rushed through earlier this year over the top of lots of objections. #tljr
Read 47 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!