ABSTRACT
The importance of developing a sovereign capability in cyber security testing and evaluation was recognised in the 2018 Defence Industrial Capability Plan and further elaborated upon in the 2020 Test, Evaluation, Certification and Systems Assurance Plan.
In this presentation we will firstly investigate requirements for a High Assurance (HA) cyber security testing, evaluation, and certification framework suitable for an Australian defence industry context.
We will then look at existing commercial cyber security testing and evaluation frameworks and technologies and assess their potential for high assurance defence applications. The presentation will cover both national and international practices and will highlight occurrences of commercial certifications being used to satisfy government HA needs such as the NSA’s Commercial Solutions for Classified program).
We will follow with a survey of existing commercial cyber security testing capabilities in Australia and discuss barriers and opportunities for leverage in the establishment of a sovereign HA cyber security capability.
As a conclusion, we will posit that existing Australian commercial cyber security capabilities provide an ideal platform for the creation a sustainable HA cyber security ecosystem that meets Australian Defence needs.
BIOGRAPHY
Dr Juan Gonzalez is the lab director and co-founder of Teron Labs. Juan brings to Teron Labs over twenty years of experience in ICT security, including security testing, research, consulting and lab management. He has managed cyber security evaluation laboratories in Australia and overseas. Juan has a PhD in information security and an extensive track record on applied cryptography and computer security research, having published over 90 research papers in these areas.