With one in three Australian adults impacted by cyber-crime in 2019, Services Australia Cyber Services general manager Tim Spackman says the demand for skilled cyber security professionals in Australia is growing exponentially.
“The threat landscape is constantly evolving so we need tomorrow’s brightest and best minds to join the fight so we can all have safe and positive experiences online,” he says.
That’s why Lake Tuggeranong College students Kyle Price and Dylan Soesman were two of five aspiring information security gurus taken under the wing of experts within the Services Australia Cyber Security Division for work experience in 2020.
Mr Spackman’s division is responsible for defending critical IT systems for services such as Centrelink and Medicare, containing the private information of 26 million Australians.
This includes protecting $190 billion in welfare payments and 280,000 authentications each day.
In order to defend, first learn how to attack
To learn how to defend systems against hackers, students must first learn how to hack, something Lake Tuggeranong teacher Graham Cassells said he starts in the classroom.
“I think we would hope that none of the things we can do in here would be possible in the real world.”
Two of his best students, Mr Soesman has been interested in IT since he was three, and Mr Price is newer to the subject and a fast learner.
Mr Cassels offers an analogy for anybody unfamiliar with what a cyber-attack involves.
“This is your house, then you’ve got a little letterbox in the front door,” he says. “These guys can reach in, and they can find whatever they want inside your house and pull it out.”
“And maybe swap it around,” Mr Price adds.
Mr Cassells agrees, “That’s how intrusive they can be with the tools that they have.”
According to Mr Soesman, all the hacking techniques they learn work on the same fundamental premise.
“Essentially, just making the server run code that it shouldn’t be running.”
Both young men learnt a lot about the inner workings of national cyber security operations during their work experience, and Mr Soesman says “it only just scratched the surface”.
In a class project on cyber warfare, Mr Cassels asks his students to put those concepts into practice.
A Lego replica of Canberra including Parliament House, Telstra Tower and ActewAGL provides the setting to explore what the catastrophic consequences would be if the security of local infrastructure were compromised during a cyber-attack.
“It’s like an adventure game but it’s got some hard technical skill to break into things – break into wireless, radio, websites, traffic lights – things that you can actuate a change,” Mr Cassels says.
“And if you take down Telstra Tower, if you take down all the comms systems, how does society work without communications?
“It just disintegrates on itself; it goes into anarchy really quickly.”
Leaving a legacy, sharing knowledge with students
Using their skills for good in their own time, the pair built a cyber security training package to help students in regional or remote areas – with little to no knowledge on the topic – teach themselves how to hack.
Mr Soesman says a lot of schools in those areas have very little technology and it is often outdated.
“So we wanted it to be able to run on that [older laptops] so that those kids who would normally have no experience will be able to do this thing, which actually not many people know about and not many people can do,” he says.
Even if their teacher is unfamiliar with the techniques taught in the training package, Mr Price says it was designed in such a way that students will be able to self-direct their learning.
“It’s kind of like a choose your own adventure,” he says. “There are end goals, kind of, but they can go about doing it any way they want – we just show them the basics of how to do it.”
Mr Soesman says there are “millions of attacks daily” on government sites, like those belonging to Services Australia, as well as private institutions like banks, and individual home computers.
“As we become more reliant on technology, it becomes a much more enticing target for people to attack, which makes it more important to know about security,” he says.
“Not everyone has to be an expert in security things but everyone needs to know the basics at least, know what the threats are, so they can protect themselves against it.”
Australians increasingly vulnerable to cyber crime
According to the Australian Cyber Security Centre (ACSC), one in three Australian adults were impacted by cyber-crime in 2019.
On average, the ACSC’s ReportCyber tool received a cyber-crime report every 10 minutes.
Services Australia’s Mr Spackman says it is hard to see those statistics improving in the short-term.
“This is why it’s so important that people understand some of the basic ways they can improve their personal cyber security,” he says.
“Sharing personal information on social media, for example, is a big problem and I strongly encourage people to consider what they post online.”
Mr Spackman says information security is an exciting and dynamic type of work that needs an influx of enthusiastic graduates.
“Strong technical controls are important but without skilled and motivated people it’s impossible to have an effective cyber operation.”
“A holistic approach is crucial – we have forensics and intelligence capabilities, we constantly test our systems, we stay on top of the latest technology and engage with our workforce to increase cyber awareness.”
Mr Soesman, who is set to continue exploring this passion at university in 2021, says the most exciting thing about cyber-security is the challenge it faces.
“There’s a lot of problem solving involved, which I find really fun.”