Australia leaves the hack door open to cyber sabotage
Australia's critical information infrastructure is at risk because of the Federal Government's focus on physical infrastructure and terrorism, the head of Australia's Computer Emergency Response Team (AusCERT) says.
AusCERT general manager Graham Ingram says that while Australia is neglecting its cyber infrastructure Asia is spending huge amounts of money to protect its own.
"I've done significant work through Asia and I say in the nicest possible way that if Australia doesn't get serious about these issues we are going to be left behind," Ingram says.
He says knowledge about the way computer systems interact, which was built up during Year 2000 remediation - and which could significantly improve the protection of Australia's information infrastructure - has been lost.
Ingram says Malaysia, South Korea and Japan are spending enormous amounts of money on protecting information infrastructure - things such as government, banking, public utility, telecommunications and emergency networks. In Australia, many of these assets are in private hands.
AusCERT, which was founded in 1992 at the University of Queensland after a hacking incident, has been contracted by the Federal Government to provide a free service to the general public and business about new threats to networked computer systems as part of the Trusted Information Sharing Network (TISN).
TISN is a voluntary forum for owners of critical infrastructure to exchange information on security issues announced last November.
But Opposition IT spokeswoman Kate Lundy says laws are needed to force the private sector to comply with minimum standards of protection for critical information infrastructure. She says Australia needs to look to minimum standards enshrined in United States and British law.
"No one is out there enforcing standards," she says. "There is no effective data collection, no mandatory reporting of security incidences in the Government, let alone the private sector."
But her call was rejected by Ingram and Mike Rothery, the senior national information infrastructure adviser at the information and security law division of the federal Attorney-General's Department.
Rothery says the Federal Government will not introduce specific legislation to enforce compliance with a critical infrastructure regime because it does not know how different sectors of Australia's society overlap.
"If I was to bring in legislation, the first thing I would have to do is understand all the threats and vulnerabilities and infrastructure mapping for each sector, and I don't believe anyone in government does," he says.
Rothery says the information is in the private sector and would have to be "dragged" out of companies. Otherwise the Government would have to use a generic template that "would be wrong in 99 per cent of cases".
Rothery agrees with Ingram that critical knowledge learnt through Y2K has disappeared. "Some of that awareness of infrastructure dependence has already begun to evaporate and it would be great to think that those lessons were still around to stay."
But he says there is a "little bit of exaggeration" now about cyberterrorism and that decision makers are sceptical about the cyber threat
Cybercrime News Archive