4 minute read
HOW ITALIAN FOOTBALL CAN INFLUENCE AUSTRALIAN CYBERSECURITY STRATEGY
by Simon Carabetta , Project Coordinator at ES2
Catenaccio, which means ‘door-bolt’ in Italian, is also the name for a highly coordinated defensive style of Association Football (soccer to some of you) made famous by the successful Italian national team from the 1950s onwards. For those unfamiliar with the game and this style of play, Catenaccio focuses on denying opponents any opportunities for goalscoring and any clear chances to even take a kick at goal. Catenaccio is lambasted by many for its lack of entertainment appeal and seemingly boring style of play. However, played right and against the right team, it is extremely effective, particularly if the team employing these tactics exploits counterattack opportunities. Catenaccio is also what you want for your organisation’s cybersecurity strategy.
A National Approach
Comforting news for many in Western Australia is that there are current mandates from our Office of Digital Government stipulating that all departments must have a minimum of Level One maturity across the Australian Cyber Security Centre’s Essential Eight controls to mitigate cyber attacks. This is comforting for those of us in desperate need of a coordinated approach across our state agencies, but not so comforting for those having to quickly identify their security gaps and then implement a wide range of controls that will impact hundreds, and in some cases thousands, of staff.
There is another way Association Football, and many other sports played at an international level, can inform how we as a country can strategize better when it comes to cybersecurity: by establishing a unified national approach.
For football, netball, rugby and many other sports played around the world, there is a national body which usually establishes a uniform approach to how the sport is managed at a grassroots level: the standards and regulations for play and, of course, the style in which national teams are coached and how they play. Take Rugby Union for example. Most European and Northern Hemisphere squads play a style that allows for more kicking and drop goals, whereas the Southern Hemisphere national teams place emphasis on hard running and carrying the ball for a try.
Of course, this is an oversimplification. However, it is useful to explain how a national approach to cybersecurity is the one way we can unify the way in which all commonwealth, state and territory, and even local, governments build their cybersecurity strategies. The Essential Eight is a good start, but we do need to go further. Take information security for instance. There is crossover with cybersecurity in some areas, but not in others. We should aim for a national approach that will, to some extent, unify information security practices across all government tiers in Australia. This is also why Australia’s new Cyber Security Coordinator needs to have the authority to advise on information security standards, not just cybersecurity.
While many people are still talking about the devastating data breaches at Optus, Medibank, and now Latitude, the cynics in the room suddenly become World Championship Wrestling wrestler, Bill Goldberg and boldly ask, “Who’s next?” Australia needs a coordinated and unified national approach to both cyber and information security, and it needs that approach to be Catenaccio.
The Nitty Gritty
Let’s now look at the various players on the football field and assign each of them a place in cybersecurity control. What makes Catenaccio so effective is the extra layer of defence it creates, even though it keeps more players in their half of the pitch during attack. This means a team playing Catenaccio style has more players in its half of the pitch when the other team is attacking, providing an extra layer of defence –multifactor authentication, if you will. Then there are the wing backs: versatile, fast, excellent ball-handlers. These are players who can be deployed at various spots on the pitch, changing the player configuration. They are the user application hardeners – changing configurations to block malicious executables on devices.
Anyway, I think you get the picture here. I could go on and list all 11 players in a team, but then this article would become football coaching 101, and although I had two seasons (un)successfully coaching the Belmont Under 16s (one win in 20 games) I feel I would be underqualified. Also, this is not Women in
Soccer Magazine (although I know we are all getting fairly hyped up for the Matildas and the upcoming World Cup!
Full Time
Unfortunately, we in the industry will never hear the full-time whistle on cyber attacks. In fact, we are not even approaching half-time. The pitch is muddy, it is raining and we are down 4-0. However, the good news is that Australia is heading in the right direction. We are on the way to achieving some kind of national, unified approach and cybersecurity strategy. I hope the following can be included: www.linkedin.com/in/simoncarabetta
• Funding to implement the full 37 controls of the Essential Eight across all tiers of government.
• A uniform approach to how cyber incidents are communicated.
• Standards and regulations around reporting cyber incidents, particularly in industries providing critical infrastructure.
• Standards and regulations specifying how cybersecurity awareness training is deployed.
• Nation-wide curriculum integration of cyber and information security skills across learning areas (not stand-alone cybersecurity education: our teachers are already exhausted).
This is the wish list. While I do hope all organisations, government and non-government, can employ the style of Catenaccio I also believe it will not be sufficient without the above wish list. I could discuss each item in detail, but I will leave that for another article at another time. Until then, think of your own organisation’s cybersecurity strategy and where Catenaccio and the great (well, in this writer’s eyes, anyway) Italian Football team can inform you of where that strategy should be headed. Until then, ciao.
MEGAN KOUFOS
