[ISN] Australia leaves the hack door open to cyber sabotage

From: InfoSec News (isnat_private)
Date: Tue Apr 08 2003 - 04:17:48 PDT

  • Next message: InfoSec News: "[ISN] Handle Corporate Security As Single Entity, Users Say"

    http://www.smh.com.au/articles/2003/04/07/1049567603965.html
    
    By Nathan Cochrane and Sue Cant
    April 8 2003
    Next
    
    Australia's critical information infrastructure is at risk because of
    the Federal Government's focus on physical infrastructure and
    terrorism, the head of Australia's Computer Emergency Response Team
    (AusCERT) says.
    
    AusCERT general manager Graham Ingram says that while Australia is
    neglecting its cyber infrastructure Asia is spending huge amounts of
    money to protect its own.
    
    "I've done significant work through Asia and I say in the nicest
    possible way that if Australia doesn't get serious about these issues
    we are going to be left behind," Ingram says.
    
    He says knowledge about the way computer systems interact, which was
    built up during Year 2000 remediation - and which could significantly
    improve the protection of Australia's information infrastructure - has
    been lost.
    
    Ingram says Malaysia, South Korea and Japan are spending enormous
    amounts of money on protecting information infrastructure - things
    such as government, banking, public utility, telecommunications and
    emergency networks. In Australia, many of these assets are in private
    hands.
    
    AusCERT, which was founded in 1992 at the University of Queensland
    after a hacking incident, has been contracted by the Federal
    Government to provide a free service to the general public and
    business about new threats to networked computer systems as part of
    the Trusted Information Sharing Network (TISN).
    
    TISN is a voluntary forum for owners of critical infrastructure to
    exchange information on security issues announced last November.
    
    But Opposition IT spokeswoman Kate Lundy says laws are needed to force
    the private sector to comply with minimum standards of protection for
    critical information infrastructure. She says Australia needs to look
    to minimum standards enshrined in United States and British law.
    
    "No one is out there enforcing standards," she says. "There is no
    effective data collection, no mandatory reporting of security
    incidences in the Government, let alone the private sector."
    
    But her call was rejected by Ingram and Mike Rothery, the senior
    national information infrastructure adviser at the information and
    security law division of the federal Attorney-General's Department.
    
    Rothery says the Federal Government will not introduce specific
    legislation to enforce compliance with a critical infrastructure
    regime because it does not know how different sectors of Australia's
    society overlap.
    
    "If I was to bring in legislation, the first thing I would have to do
    is understand all the threats and vulnerabilities and infrastructure
    mapping for each sector, and I don't believe anyone in government
    does," he says.
    
    Rothery says the information is in the private sector and would have
    to be "dragged" out of companies. Otherwise the Government would have
    to use a generic template that "would be wrong in 99 per cent of
    cases".
    
    Rothery agrees with Ingram that critical knowledge learnt through Y2K
    has disappeared. "Some of that awareness of infrastructure dependence
    has already begun to evaporate and it would be great to think that
    those lessons were still around to stay."
    
    But he says there is a "little bit of exaggeration" now about
    cyberterrorism and that decision makers are sceptical about the cyber
    threat.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Apr 08 2003 - 07:15:56 PDT