Australia’s Cyber Security Centre (ACSC) tries to ensure that Australian networks are among the world’s most secure. Australia’s program combines threat data from multiple entities to strengthen collective intelligence between private sector, state and territory governments, academia and international partners. The results of intrusion attempts are uploaded to the cloud, giving analysts from multiple agencies a larger pool of attack data to scan for patterns.
This collective intelligence revealed its value during the 2001 fight against the Lion worm, which exploited a vulnerability in computer connections. A few analysts noticed a spike in probes to port 53, which supports the Domain Name Service, the system for naming computers and network servers organized around domains. They warned international colleagues, who collaborated on a response. Soon, a system administrator in the Netherlands collected a sample of the worm, which allowed other experts to examine it in a “sandbox”, a protected testing environment. A global community of security practitioners then identified the worm’s underlying structure and built a program to detect it. In just 14 hours, they publicized their findings widely enough to defend computers worldwide.