Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Gov't Won't Help Fight Cyber Attacks

Posted by Soulskill on from the they'd-probably-screw-it-up-anyway dept.

mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."

2 of 101 comments (clear)

  1. Cyber shield sounds like a bit of a wank by orin · · Score: 4, Insightful

    Cyber Shield? Is this like SDI for the internets? Zapping the rogue packets in the boost phase before they approach the systems that they target? How about instead of creating Cyber Shields, people are just reminded to read security bulletins and keep their software up to date?

  2. Sounds fairly realistic to me by Jeeeb · · Score: 4, Insightful

    I'm not sure what all the upset in the summary is about (Other than pulling eyeballs). This guy sounds like he actually knows what he is doing. He hasn't jumped on the panic bandwagon. In fact he's said a number of very logical things:

    - Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
    - Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.

    That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
    - Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
    - Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.

    P.s. Sorry for the first and second halve of the post being only somewhat related.