The word "cyberattack" is used quite regularly as an umbrella term for any kind of attempt by hackers to gain access to IT systems, infrastructure and equipment for malicious intent. You probably use it yourself when describing security breaches and malware attacks, but is that the correct term to use? We refer to the Australian Cyber Securiy Centre (ACSC) Threat Report 2015 for guidance.
Lock picture from Shutterstock
This month, ACSC released its first unclassified Threat Report which provides details on what's going on in Australia IT security landscape. There weren't many surprises. IT security incidents affecting Australian businesses and government organisations went up in 2014. New forms of attacks are surfacing and everybody needs to exercise caution when it comes to protecting their technology assets. These are things we have heard before.
What was interesting were the definitions for IT security terms that ACSC scattered throughout the report to provide clarity to readers. Here's the its definition for "cyberattack":
What is a cyber attack? A cyber attack is a deliberate act through cyber space to manipulate, destruct, deny, degrade or destroy computers or networks, or the information residing in them, with the effect, in cyber space or the physical world, of seriously compromising national security, stability or prosperity.
So the proviso for calling a hacking attempt a "cyberattack" is whether it "seriously compromises national security, stability or prosperity".
According to ACSC, "Australia has not yet been subjected to any activities that could be considered a cyber attack. A destructive cyber attack against Australian networks or critical infrastructure - that would seriously compromise national security, stability or prosperity - is unlikely outside a period of significant heightened tension or escalation to conflict with another country".
Under ACSC's definition, the 11,073 cyber security incidents reported in by Australian businesses and government agencies cannot be classified as "cyberattacks". I, myself, have been guilty of using "cyberattack" to describe incidents where businesses experience a security breach. Many individuals, organisations and other media outlets have done the same. I liken the misuse of "cyberattack" to what's has happened with the term "big data". It's a misnomer, but because it's so commonly used it has become part of the global IT lexicon.
ACSC also breaks down some key terms that are often used in the IT security space:
- Cyber adversary: An individual, organisation or nation state that conducts cyber espionage, crime or attack.
- Cybercrime: Criminal acts involving the use of computers or other ICT, or targeted against computers or other ICT.
- Cyber espionage: Offensive activity designed to covertly collect information from a user's computer network for intelligence purposes.
- Cyber security incident: Any activity that may threaten the security of a system or its information. A "compromise" is an incident where the security of a system or its information was successfully harmed.
- Cyber intrusion: Can also be called "unauthorised access" or "hacking". This happens when someone gains access to a computer or device without the owner's permission.
Do you agree with ACSC's definitions of the listed security terms? Do you have your own definitions that you think is more accurate? Let us know in the comments.