Calling every incident a ‘hack' or ‘attack' is not helpful for a proportionate understanding of the range of threats and only promotes sensationalism
Calling every incident a ‘hack' or ‘attack' is not helpful for a proportionate understanding of the range of threats and only promotes sensationalism

A report by the Australian Cyber-Security Centre (ACSC) says that the misuse and over-hyping of cyber-security terms has hampered the public's ability to understand cyber-security issues.

According to the 2016 Threat Report: “The term ‘cyber-attack' is well-entrenched within the information security community, where it is used to broadly describe malicious activity against a computer network or system.”

However, Clive Lines, coordinator of the ACSC said: “In order to have a mature discussion in 2016, it is particularly important that we get the language right - calling every incident a ‘hack' or ‘attack' is not helpful for a proportionate understanding of the range of threats and only promotes sensationalism. And treating every adversary as though they are all equally sophisticated and motivated detracts from a balanced perspective of risk and vulnerability.”

To give an example of the issue, the report discusses the disruption to the Australian Bureau of Statistics (ABS) 2016 online Census. After experiencing multiple DDoS incidents, on 9th August 2016, as a precaution to ensure the security of census data already submitted, the ABS and its service provider IBM temporarily disabled access to the Census website.

The report claims that some media reported the issue as being the result of a “foreign cyber-attack” – a description that led to a heightened sense of threat and risk, increased concerns from the public about the security of their personal information, and triggered media speculation about nation state motivations, tradecraft, and the possibility of further 'attacks'.

Putting the incident into perspective, the report said: “Australia treats cyber-attacks as extremely serious and provocative events. Fortunately, Australia still has not been subjected to malicious cyber-activity that could constitute a cyber-attack.”

The Australian Government has defined a cyber-attack as a: “deliberate act through cyber-space to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.”

The report went on to recognise that: “the threat of a cyber-attack being conducted against Australian government, infrastructure, industry or other networks has grown following a series of high-profile disruptive or destructive incidents in other countries over the last five years.”