Slashdot Mirror
Aussie Gov't Won't Help Fight Cyber Attacks
mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."
I am so sick of the term "cyber" being used by people to make their ideas sound sophisticated. It drives me mad to see this not having the opposite effect.
SO YOU SEE, WITH CYBER TECHNOLOGY....
aaagghh
Dealing with cyber attacks that are not a national security issue would be the job of police agencies.
Cyber Shield? Is this like SDI for the internets? Zapping the rogue packets in the boost phase before they approach the systems that they target? How about instead of creating Cyber Shields, people are just reminded to read security bulletins and keep their software up to date?
Sure if power plants are being attacked, the government would step in.
But if a lot of private businesses are being attacked, what good would the government do anyway? Such an attack would be far more skillfully handled by the IT personnel at various companies, who have shown the ability to band together as needed for serious attacks.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Aussie govt won't lift a finger...You could've stopped right there. Well unless it's to fine the populace, cut services, or boost their own salaries.
These posts express my own personal views, not those of my employer
here, here.
/. notion of "get the gubbermit out of the way" was actually useful. Corporate security is the companies responsibility, it's up to the company to ensure that nothing damaging happens to their physical property (by installing security cameras, screening staff, guards and so forth) why should network security be any different? It isn't ASIO (Australian Security and Intelligence Organisation) or the AFP's (Australian Federal Police) job to secure a corporate network. The Attorney Generals department (where this article came from) may set a security standard, but it's up to an individual company to follow it.
About time the
Good thing, we've already got enough nutbars in politics trying to erect some kind of "shield" around the intertubes.
Yes Dr Conroy, I said "erect", you insecure tosser.
Calling someone a "hater" only means you can not rationally rebut their argument.
Should the Australian government lift a finger to protect children from the evils that lurk online? No, let parents sort it out. Should it lift a finger to protect businesses? No, let the free market sort it out.
If the government is going to do anything, its focus should be on protecting the infrastructure as a whole, not individual businesses.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Lynn said the Pentagon strategy has identified "five pillars" to cyber security
Does this sound like a blatent religious ripoff to anyone else ?
Small government! The state should stay out of my business! Private industry can take care of everything!
Waah, something is happening, the state should step in! Save us oh mighty government! Regulate them! Control our every action and thought!
You can't have it both ways. Remember a while back when the US government announced that it could under emergency rules take control of networks? 99% of Slashdot was up in arms. No government spooks on your private network.
So, now the demand is that Australian soldiers walk into private business and secure the network?
So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?
Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?
And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.
We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.
It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.
Or as Douglas Adams said: People are a problem.
I say we nuke them from orbit. It is the only way to be sure.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
But what of the glorious Internet Filter that was promised to save us all from the "spams or scams that come through the portal" ?
Don't know how you figured that one out.
If you break into the network of the Westpac bank, you will still be charged under the relevant law, all this states is that it is Westpac's responsibility to prevent you from doing so.
By the same token, if you try to kill or rob me you'll have to deal with the punishments under relevant law. Also, we dont just hand out guns in this nation so you'll have to get mighty close to do it which means I can fight back. Now I wont kill you but you will learn that within 3 hours drive of my city is a barren wilderness full of poisonous snakes, spiders, 40 C heat, not much water and no one around for miles... A few reckless tourists die there each year, so y'all have a real nice day now.
Calling someone a "hater" only means you can not rationally rebut their argument.
Yes Dr Conroy, I said "erect", you insecure tosser.
As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor. No need to accord him an unnecessary honorific.
Tosser (or wanker, or variations on the same) on the other hand is a perfectly valid qualification to identifying the man.
Man who leaps off cliff jumps to conclusion.
I'm all for smaller government. We're not dealing with just business to business dealings when it comes to the internet we're dealing with nation to nation. So when hosts from one nation are crippling your business with attacks, how do you bring them to justice without dealing with government?
As long as governments want to draw these lines and claim nationalities then they need to be able to deal with problems that transcend those lines.
*DrugCheese rants*
This isn't the government saying it won't pursue prosecution if there is accusation of a crime within its jurisdiction, just that it is not the government's duty to provide protection against the specific instance of a crime possible occurring. On your twisted extension, that means they won't provide every citizen with a kevlar vest, though they do so for the military.
Man who leaps off cliff jumps to conclusion.
I'm not sure what all the upset in the summary is about (Other than pulling eyeballs). This guy sounds like he actually knows what he is doing. He hasn't jumped on the panic bandwagon. In fact he's said a number of very logical things:
- Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
- Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.
That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
- Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
- Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.
P.s. Sorry for the first and second halve of the post being only somewhat related.
Sorry, I got him confused with another Dr Conroy... not an uncommon name.
Calling someone a "hater" only means you can not rationally rebut their argument.
Another global problem in a nation-based world.
Stop the brainwash
It's 'hear, hear', not 'here, here', you retard.
http://en.wikipedia.org/wiki/Hear,_hear
Aussie gov won't help with cyber attacks? What is the Aussie gov's stance on Wikileaks?
Who needs a gun handed to them. It doesn't take much to turn the theory of operation into practice. Sure, it may not work as well as a $1000 pistol but it will work. Especially if the goal is to get close enough for you to see it coming but far enough away that you can't fight back.
BTW, I agree with your comment. This stance doesn't make existing laws go away. At best, it simply says that they won't invest time and money preventing it from happening.
You're clearly not familiar with Australian banks.
If you broke into the network of the Westpac bank, they'd be more likely to steal from you than the other way around. They've had a lot more practice, and have far lower scruples than the average cracker.
"I've got more toys than Teruhisa Kitahara."
it is up to individuals - you, me, businesses, corporations - to secure their digital "assets". It is the governments role to secure the country. If my lack of preparedness affects national security then yes the government should take over, otherwise they should not have to. So, imo the Aussie government is doing the right thing.
That's great except police are limited by what can be done, and you'll generally find that police services(or forces depending on where you are), have bigger fish to fry(like rape, murder, assaults, theft(physical), etc). In Canada unless the losses in relation to a computer crime, are greater than $100k the RCMP will not investigate. Local police will direct you there, and if it's under 100k, your local dept. may possibly try to divert manpower to it. But the ability to investigate is limited.
Internet based crime is a low priority, half because of manpower issues, half because police worldwide are in a transitional state in the way they do policing.
Om, nomnomnom...
here, here.
Hear, hear!
FTFY
If your machines are stupid enough to read information my* machine sends it and then interpret that to do something that you do not want them to do, then tough luck. Not my problem.
*I would never do such a thing, however.
What's so God damned interesting about Australia's internets? We're half the size of California for Christ's sake. Who really gives a toss what we do?
I think you'll find that's any Australian bank.
Actually, any bank at all. Um. ...is there a trend we're missing here?
Using the holy grail of OSes...
Where, where?
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Internet based crime has got to me a massive headache for the police to try to deal with.
juristiction problems are almost guaranteed and even identifying the criminal with enough certainty for a court of law would take a hell of a lot of effort.
I'm told if you do most of the work for them- hand them a case on a silver platter and somehow find someone who definitly has juristiction you can get some results but otherwise forget it.
the fact that people generally don't die or show up on newspaper front pages with cut up faces also lowers it priority.
1) USA is presently hiring all the good *CERT, paying serious money so attractive there is about a 100% brain drain. AUSCERT relies on good people stuck with domestic ties. What is left are 'B' graders or people who probably would fail a conventional security assessment at TS or above.
Failure Example: Globally, some Europe extortion mob started blackmailing online betting / Casino sites, not just Australia but UK too. They even did a 'sample' . Well those dummies (Police) and smart ISP's did a few things, but guess what: Attack mark 2 left them bleeding and in the gutter. See 4 Corners report.
If they can't defend against Eurotrash, what hope have they got against determined Chinese launches that got past at least a few levels.
The best part is yet to come. By making hacking 'illegal' in Australia, the community of experts to draw upon is minuscule, while China has schools of them.
So it is quite right to say 'you are on your own'. The difficult choice is whether to call the police or not - or pay extortion money.
I know at least two guys on their security team. I would have to agree with you there. One particular guy I remember was tossed out of my university for hacking and snapped right up by their HR. I would suggest attacking pretty much any other bank.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
Also, we dont just hand out guns in this nation so you'll have to get mighty close ...
It's really cute that you think that :) It's like you've never heard of criminals. Naiveté can be so adorable!
Remember, every time the government jumps in to save businesses under a cyber attack, valuable resources are being diverted that could be used to stop people from copying CDs and DVDs. I can only hope that I'm being facetious there.
Yet a web filter to be run with little accountablity is to be implemented ASAP? There is a scale of attack that would require government intervention (eg: the Estonia DOS). For a country where people have such a commendable no bullshit attitude, the politicians sure are complete fuck-wits!
I can not believe that a government would sit there and declare that this is not enough of a problem for them ,aside their own network and not push for the ISPs to get involved. We all know hacking is an INTERNATIONAL past time, so why not monitor incoming international traffic, to filter through, say the chinese, and put blocks on those channels, that if you must , you would have to use a special proxy that is maintained by the ISPs themselves. This could not only limit torrent abuse, but also limit or control information
flow to a certain extent. We have info overload right now, what would be so bad, to limit all the traffic to be local only to that continent.
I know what I am suggesting raises a few eyebrows, but think about it this way, if I never need to go to a chinese server to get a webpage, why give me access at all, and the reverse is true, if I have no outgoing traffic for china, why allow any incoming traffic, unless i fill a form to my ISP, asking that the vpn residing in china for my company is something i would like to have access to...this would soooooooo limit the amount of wasted bandwidth, and also hacking to a big percent, and also just good old fashioned traffic...no extra ping and echo packet requests to find out where to go, hopping here and there....
In principle, yes, I agree.
In practice, ah, I think we'd need an entirely new form of police-ing/policy-ing to deal with internet crime.
Australian already does it under another department http://www.acma.gov.au/WEB/LANDING/pc=INTERNET_MAIN. Clearly the Australian government is signalling they are not interested in playing cyber warfare and feeding the global military industrial complex with billions more of tax payer dollars.
The threat is being hype up again and again, and yet all that bloody infrastructure not so long ago was safe from internet attacks because there was not internet and it ran fine. So cut the crap, in they connect important infrastructure to the internet in order to take stupid cheap shortcuts and skimp on a few dollars and their system gets hacked and costs hundreds of millions, then they're the bloody idiots and they should be the ones going to jail for criminal negligence.
Easy answer if governments want secure infrastructure then they can simply threaten executives responsible for keeping the infrastructure secure and safe with fines and prison time. Watch all the silly short cuts disappear overnight and a totally secure system take it's place.
As long as corporations are safe to take short cuts to inflate executive bonuses, then infrastructure collapse is ensured, whether mines blow up, oil rigs burn and sink, pipes burst, bridges collapse, workers die, internet failures etc. etc. as long those who make bad decisions are not individually prosecuted than expect them to continue.
Chaos - everything, everywhere, everywhen
Wow. I posted one sentence and you didn't even read it. Wow.
If powerplant controls are exposed to the internet
They don't have to be exposed to the internet.
The recent Stuxnet worm targeted industrial controllers with a transmission vector of USB fobs entering said facilities... and it worked.
I agree that powerplant controls should not be exposed to the internet but it does not mean they cannot face a virtual attack.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Well I do live somewhere where I feel perfectly safe without weapons (and in a land with the 10 most dangerous animals on earth, petty criminals dont scare you much after that).
Calling someone a "hater" only means you can not rationally rebut their argument.
Either party. Cyber security = zilch.
I was in the bridal party of the head of ANZ online security program, don't try them either. He's an ex-sniper and has the requisite morals.
Sara
Designer, Gamer, Macgrrl in an XP World
Mbts, as anti-shoes, are pro-body, to improve our gait and posture and help us to lead a more healthier and happier life. Mbt Reebook sale promotion has been launched on Shoesmbtsale, Discount Purchase Mbt Shoes, Top quality and Best service. From MBT reviews, Order Mbt Shoesand Mbt Shoes For are on hot sale. As specials, vibram five fingers on sale too. To all shoes on our web, Free shipping, Fast delivery and No tax.
http://www.mbt-shoes.com