Aussie Gov't Won't Help Fight Cyber Attacks 101
mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."
Re:CYBER TECHNOLOGY (Score:2, Informative)
It sounds to me as if you are going through cyber rage.
Re:But that's all that is the security agencies' j (Score:3, Informative)
Yes Dr Conroy, I said "erect", you insecure tosser.
As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor. No need to accord him an unnecessary honorific.
Tosser (or wanker, or variations on the same) on the other hand is a perfectly valid qualification to identifying the man.
Re:But that's all that is the security agencies' j (Score:2, Informative)
It's 'hear, hear', not 'here, here', you retard.
http://en.wikipedia.org/wiki/Hear,_hear [wikipedia.org]
Re:So what's it gonna be? (Score:2, Informative)
What about if you come home while the thiefs are still their taking your stuff? Should the cops come and stop them, or wait until it's all done and take your statement?
I mean seriously, no defense shield is going to be able to autonomously say "they are attacking here, lets guard the doors". What they will likely do is be ready when company X says, I'm getting attacked at these ports by these IP's, then respond similar to a cop being called while the thieves are still cleaning out your house. But what it would do in addition to this, is create a centralized office in every government so that when thieves are tracked down, they can be pursued legally and don't escape the current conundrum where varying laws and unspecified places to report internet crimes typically get looked at funny and ignored once they cross international boundaries. In worse case scenarios, the government could probably access the router code and start dropping packets for the confirmed IP's making the attack much more difficult. It's not like the zombied PCs are normally visiting those sites.
Re:What good would the government do anyway? (Score:5, Informative)
"Sure if power plants are being attacked, the government would step in."
If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.
There is NO excuse for vital infrastructure to be controlled via the internet. At all. Ever. People who expose it to the internet are worse than negligent and merit firing, public exposure, and blacklisting so they never work again in a position of responsibility.
Re:What good would the government do anyway? (Score:3, Informative)
The only way I have seen that implemented report gathering for SCADA systems, where security was decent, was a setup akin to the following:
1: The systems were on their own private network, airgapped from everything else.
2: A machine polled them, and wrote the logs to hard disk accessible by a second machine in XML format with a header for files.
3: The second machine would copy the logs through a serial port with the rx wires cut on one side. It was configured not to care about ACKs, just send data, don't expect anything back.
4: The machine on the other end of the serial cable was configured to listen to what came through and write the data to files specified by the XML contents.
5: These files were picked up and made available on an external Web server.
If the machine that received the logs got compromised, the worst that could happen was that the input from the serial cable would be ignored and bogus logs written on that machine. It would be almost impossible to touch any machine in the internal network with the SCADA stuff without having physical access with this type of setup.
Of course, the bottleneck was the serial port, but with the relative low amount of data being polled and written, it was not that big an issue, compared to getting the reports out on time.
Re:What good would the government do anyway? (Score:3, Informative)
If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.
I feel like I repeat this at least once per 'cyberwar' thread, but it bears repeating until people start to understand. "Power plants can be attacked via the internet" is not equivalent to "Power plant controls are exposed to the internet". There's plenty of risk to the power infrastructure that comes from systems that can affect power usage being exposed to the internet, even if the power plant isn't exposed to the internet...
The reason that some people give 'cyberwar' more thought than that is that it's not as simple as you make it out to be. I'm a coauthor on a DOE sponsored paper (under security review, so no citation for now) that covers some more subtle aspects of the problem. The electrical grid can be attacked by compromising the control system if that system is internet connected, true. However, if a significant proportion of the electrical load for any one generator can be controlled via the internet, then that generator can be attacked via the internet without requiring any direct internet contact. Case in point, X10, Google, Microsoft, and many other companies are currently looking into home automation and controlling the home's electrical system via the computer. So, what happens the next time there's a runaway MS worm, but instead of just sending spam it gives control of the home automation system to the attacker? Simply by turning the power off in enough houses in an area, an attacker could actually cause physical damage to the power plant.
That's why we can't just dismiss the problem as "unhook the power plants from the internet." In a world that's increasingly hooked to the internet, we can't afford to overlook how the internet-connected components can possibly have an effect on the non-connected components.