Aussie Gov't Won't Help Fight Cyber Attacks

mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."

Cyber shield sounds like a bit of a wank

[orin]

Cyber Shield? Is this like SDI for the internets? Zapping the rogue packets in the boost phase before they approach the systems that they target? How about instead of creating Cyber Shields, people are just reminded to read security bulletins and keep their software up to date?

Re:Cyber shield sounds like a bit of a wank

[Thanshin]

Have they upgraded to ELF binaries yet?

They did but the result was... a bit gay.

They're now planning an upgrade to DWARF binaries.

Sounds fairly realistic to me

[Jeeeb]

I'm not sure what all the upset in the summary is about (Other than pulling eyeballs). This guy sounds like he actually knows what he is doing. He hasn't jumped on the panic bandwagon. In fact he's said a number of very logical things:

- Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
- Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.

That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
- Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
- Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.

P.s. Sorry for the first and second halve of the post being only somewhat related.

Re:Sweet!

[ozmanjusri]

If you break into the network of the Westpac bank,

You're clearly not familiar with Australian banks.

If you broke into the network of the Westpac bank, they'd be more likely to steal from you than the other way around. They've had a lot more practice, and have far lower scruples than the average cracker.

Re:What good would the government do anyway?

[couchslug]

"Sure if power plants are being attacked, the government would step in."

If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.

There is NO excuse for vital infrastructure to be controlled via the internet. At all. Ever. People who expose it to the internet are worse than negligent and merit firing, public exposure, and blacklisting so they never work again in a position of responsibility.