Forgot your password?
typodupeerror
Australia Government Security IT

Aussie Gov't Won't Help Fight Cyber Attacks 101

Posted by Soulskill
from the they'd-probably-screw-it-up-anyway dept.
mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."
This discussion has been archived. No new comments can be posted.

Aussie Gov't Won't Help Fight Cyber Attacks

Comments Filter:
  • CYBER TECHNOLOGY (Score:4, Insightful)

    by BitHive (578094) on Tuesday September 28, 2010 @02:12AM (#33719906) Homepage

    I am so sick of the term "cyber" being used by people to make their ideas sound sophisticated. It drives me mad to see this not having the opposite effect.

    SO YOU SEE, WITH CYBER TECHNOLOGY....

    aaagghh

    • Re: (Score:2, Informative)

      by Anonymous Coward

      It sounds to me as if you are going through cyber rage.

    • by Elbereth (58257)

      I was going to cyber-post this very cyber-message. Because you cyber-beat me to the cyber-punch, I'll instead take this cyber-opportunity to inflict great cyber-pain on you.

    • by JustOK (667959)

      pseudo-cyber-intellectuals

    • by mvojtko (1910984)
      This is the same response you get from any police force. Why would this surprise you? If you do not protect yourself, you are waiting on a reactionary force and you will suffer.
  • Dealing with cyber attacks that are not a national security issue would be the job of police agencies.
    • by mjwx (966435)
      here, here.

      About time the /. notion of "get the gubbermit out of the way" was actually useful. Corporate security is the companies responsibility, it's up to the company to ensure that nothing damaging happens to their physical property (by installing security cameras, screening staff, guards and so forth) why should network security be any different? It isn't ASIO (Australian Security and Intelligence Organisation) or the AFP's (Australian Federal Police) job to secure a corporate network. The Attorney
      • Re: (Score:3, Informative)

        by dakameleon (1126377)

        Yes Dr Conroy, I said "erect", you insecure tosser.

        As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor. No need to accord him an unnecessary honorific.

        Tosser (or wanker, or variations on the same) on the other hand is a perfectly valid qualification to identifying the man.

        • by mjwx (966435)

          As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor

          Sorry, I got him confused with another Dr Conroy... not an uncommon name.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        It's 'hear, hear', not 'here, here', you retard.

        http://en.wikipedia.org/wiki/Hear,_hear [wikipedia.org]

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        here, here.

        Hear, hear!

        FTFY

      • by ysth (1368415)
        Wow. I posted one sentence and you didn't even read it. Wow.
    • by Mashiki (184564)

      That's great except police are limited by what can be done, and you'll generally find that police services(or forces depending on where you are), have bigger fish to fry(like rape, murder, assaults, theft(physical), etc). In Canada unless the losses in relation to a computer crime, are greater than $100k the RCMP will not investigate. Local police will direct you there, and if it's under 100k, your local dept. may possibly try to divert manpower to it. But the ability to investigate is limited.

      Internet b

      • Internet based crime has got to me a massive headache for the police to try to deal with.

        juristiction problems are almost guaranteed and even identifying the criminal with enough certainty for a court of law would take a hell of a lot of effort.

        I'm told if you do most of the work for them- hand them a case on a silver platter and somehow find someone who definitly has juristiction you can get some results but otherwise forget it.

        the fact that people generally don't die or show up on newspaper front pages wi

        • by rtb61 (674572)

          Australian already does it under another department http://www.acma.gov.au/WEB/LANDING/pc=INTERNET_MAIN [acma.gov.au]. Clearly the Australian government is signalling they are not interested in playing cyber warfare and feeding the global military industrial complex with billions more of tax payer dollars.

          The threat is being hype up again and again, and yet all that bloody infrastructure not so long ago was safe from internet attacks because there was not internet and it ran fine. So cut the crap, in they connect impo

    • In principle, yes, I agree.
      In practice, ah, I think we'd need an entirely new form of police-ing/policy-ing to deal with internet crime.
  • by orin (113079) on Tuesday September 28, 2010 @02:16AM (#33719924)
    Cyber Shield? Is this like SDI for the internets? Zapping the rogue packets in the boost phase before they approach the systems that they target? How about instead of creating Cyber Shields, people are just reminded to read security bulletins and keep their software up to date?
  • by SuperKendall (25149) on Tuesday September 28, 2010 @02:39AM (#33720014)

    Sure if power plants are being attacked, the government would step in.

    But if a lot of private businesses are being attacked, what good would the government do anyway? Such an attack would be far more skillfully handled by the IT personnel at various companies, who have shown the ability to band together as needed for serious attacks.

    • by JimboG (1467977)
      Correct. I'd also like to point out that having previously worked in govt. for a number of years, the IT departments are over-staffed and under-budgeted. There might be enough people to do something about an attack, but no equipment/software/tools to know if was happening to them. I can't speak for DSD or perhaps ASIO, maybe they do.
    • Re: (Score:3, Insightful)

      by dakameleon (1126377)

      In some states, the power infrastructure is still a government-owned asset, so they'll be the ones being attacked in the first instance.

      I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.

      • I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.

        Correct. Also, Power Plants, distribution grid etc are designated as "critical infrastructure", and they typically are given the benefit of government threat analysis and advice (on a "cost recovery" basis, so the government makes or loses no money in performing them). The scope of this advice extends to cyber threats (which are usually along the lines of "although you may not have heard of them, there are things called Industry Standards for IT Security. We suggest you begin looking at them")

    • by couchslug (175151) on Tuesday September 28, 2010 @05:46AM (#33720672)

      "Sure if power plants are being attacked, the government would step in."

      If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.

      There is NO excuse for vital infrastructure to be controlled via the internet. At all. Ever. People who expose it to the internet are worse than negligent and merit firing, public exposure, and blacklisting so they never work again in a position of responsibility.

      • by AHuxley (892839)
        "excuse for vital infrastructure to be controlled via the internet."
        Australians like MS at the front end?
        eg http://www.smh.com.au/technology/security/sinister-integral-energy-virus-outbreak-a-threat-to-power-grid-20091001-gdrx.html [smh.com.au]
        http://www.zdnet.com.au/virus-hits-integral-energy-desktops-339298861.htm [zdnet.com.au]
        • SCADA should be air-gapped from public networks, and in this instance public means "anything not involved with SCADA duties directly". It doesn't have to be a big air gap; Use the same cabs, use the same rooms. Just don't plug one into the other.
          • Re: (Score:3, Informative)

            by mlts (1038732) *

            The only way I have seen that implemented report gathering for SCADA systems, where security was decent, was a setup akin to the following:

            1: The systems were on their own private network, airgapped from everything else.
            2: A machine polled them, and wrote the logs to hard disk accessible by a second machine in XML format with a header for files.
            3: The second machine would copy the logs through a serial port with the rx wires cut on one side. It was configured not to care about ACKs, just send data, don'

          • But, as I keep saying on this damn site, the air-gap is long gone. You can't wish it back, you can't say "it mustn't be gone! it mustn't!". It's gone. Now attempts at network isolation through various other means are in place, but these can be compromised in a way that the physical air gap cannot. Add to this the fact that SCADA is being seen more and more as an "IT" kind of thing (and thus manageable by IT and not control system guys), the control system engineers are losing the fight for the air-gap. It s
      • by dbIII (701233)
        I think there's only one power plant in the country of any size with remote controls, but it's relatively tiny (4x60MW or 80MW units?), within line of sight from where it is controlled from and would have to have a dedicated cable. There are of course remote distribution controls but that is a different thing to trying to run a generator remotely.
      • Re: (Score:3, Informative)

        by darkfire5252 (760516)

        If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.

        I feel like I repeat this at least once per 'cyberwar' thread, but it bears repeating until people start to understand. "Power plants can be attacked via the internet" is not equivalent to "Power plant controls are exposed to the internet". There's plenty of risk to the power infrastructure that comes from systems that can affect power usage being exposed to the internet, even if the power plant isn't exposed to the internet...

        The reason that some people give 'cyberwar' more thought than that is that it's

        • by Macgrrl (762836)

          Modern power networks are being implemented to manage load control at the sub-sector and even unique address level. This will minimise the effect the type of attack you are proposing could have, as increasing the load at a domestic level will simply result in your meter switching off supply. It will switch back on after a delay, and if the load is still over a given threshold, will switch off again. Lather, rinse, repeat.

          • A late response to a dead thread, but it's worth pointing out that the problem we examined in detail was not too much load, it was a rapid reduction of load. The precise problem was that, if the smart meter is ever compromised (or some other home automation system was compromised in very large numbers), one could switch enough meters off supply such that the load at the generator is very drastically reduced to the point that it is mechanically damaged.

      • If powerplant controls are exposed to the internet

        They don't have to be exposed to the internet.

        The recent Stuxnet worm targeted industrial controllers with a transmission vector of USB fobs entering said facilities... and it worked.

        I agree that powerplant controls should not be exposed to the internet but it does not mean they cannot face a virtual attack.

      • And yet it is. Perhaps not directly, but the air-gap is long long gone. Not only that, many such plants are losing control of their networks to the IT side of the fence, and being forced to to provide the (potentially exploitable) bridge due to business constraints. So what are you going to do about it? Hold your hands over your ears and pretend it's not happening?
      • by Oxyde (1171033)

        There is NO excuse for vital infrastructure to be controlled via the internet.

        How else do you outsource to Mumbai?

  • Aussie govt won't lift a finger...You could've stopped right there. Well unless it's to fine the populace, cut services, or boost their own salaries.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?

      Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 1

      • Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?

        Well, that's blatantly wrong [autoguide.com]. Considering the pointless Holden vs Ford patriotism that goes on here there's no government intervention required to keep bogans buying locally produced cars (except for those produced by Asian owned manufacturers). I'm all for repeat or blatant idiots having their cars impounded. I had some moron drive into me to cut in front of me at a set of traffic lights, and then he raged and reversed into me before speeding off. That's the only collision I've ever been involved in.

        Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 10 starving disabled orphans instantly and advancing the impending doom of civilisation.

        +1 tro

        • by syousef (465911)

          +1 troll there. I've been done for speeding a minor amount over the limit a couple of times. There's usually leeway in the form of not fining someone until they are a certain amount over the speed limit. It's adequate motivation to make me check my speed whenever I pass fixed speed cameras or see brand new cars suspiciously parked in unusual places.

          They've actually removed that leeway, in both VIC and most recently in NSW. The speedometers are allowed to be up to 10% out. (Fortunately car companies take the opportunity to make them read 10% higher not lower). But now the leeway allowed is much less than that - 1-2km. I don't even know if that's within the tolerance of the equipment.

          It most certainly is not a troll that forcing someone to regulate their speed so vigorously makes people concentrate on their speedo when they should be assessing the road.

      • by inflex (123318)

        The hoon-car laws are actually one thing that's pretty damned good, it's not targeting custom cars, it's targeting gits who see it fit to light up rubber, forget their exhaust or think they're exempt from engineering standards.

        If you want to really let the lead-foot fly then go join up to CAMS or other similar racing clubs - oooh but of course, you're probably too cool for that (but really your car is just shit and those Type-R stickers will peel off when the CAMS boys fly by your sad piece of bling).

        Oh yea

  • Should the Australian government lift a finger to protect children from the evils that lurk online? No, let parents sort it out. Should it lift a finger to protect businesses? No, let the free market sort it out.

    If the government is going to do anything, its focus should be on protecting the infrastructure as a whole, not individual businesses.

    • by .tekrox (858002)

      They SHOULDN'T be doing anything here; let me give you an example,

      You go out for a couple of hours, leaving the front door to your house wide open, when you return you find all your possessions missing - was it the Government's responsibility to ensure that your house was locked?
      To Stand a cop out the front of your house exclaiming 'move along'?, to lock the door for you? No.
      These are your responsibilities, The police will come and investigate the crime - and you know there will be nothing they can do about

      • Re: (Score:2, Informative)

        by sumdumass (711423)

        What about if you come home while the thiefs are still their taking your stuff? Should the cops come and stop them, or wait until it's all done and take your statement?

        I mean seriously, no defense shield is going to be able to autonomously say "they are attacking here, lets guard the doors". What they will likely do is be ready when company X says, I'm getting attacked at these ports by these IP's, then respond similar to a cop being called while the thieves are still cleaning out your house. But what it wo

    • by Samah (729132)

      Should the Australian government lift a finger to protect children from the evils that lurk online?

      Stephen Conroy seems to think they should... :(
      Ah but wait, the filter only actually blocks spams and scams [youtube.com].

  • Lynn said the Pentagon strategy has identified "five pillars" to cyber security

    Does this sound like a blatent religious ripoff to anyone else ?
  • by SmallFurryCreature (593017) on Tuesday September 28, 2010 @02:50AM (#33720056) Journal

    Small government! The state should stay out of my business! Private industry can take care of everything!

    Waah, something is happening, the state should step in! Save us oh mighty government! Regulate them! Control our every action and thought!

    You can't have it both ways. Remember a while back when the US government announced that it could under emergency rules take control of networks? 99% of Slashdot was up in arms. No government spooks on your private network.

    So, now the demand is that Australian soldiers walk into private business and secure the network?

    So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?

    Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?

    And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.

    We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.

    It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.

    Or as Douglas Adams said: People are a problem.

    I say we nuke them from orbit. It is the only way to be sure.

    • by FriendlyLurker (50431) on Tuesday September 28, 2010 @03:54AM (#33720312)

      So, now the demand is that Australian soldiers walk into private business and secure the network?

      So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?

      Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?

      And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.

      We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.

      It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.

      Or as Douglas Adams said: People are a problem.

      I say we nuke them from orbit. It is the only way to be sure.

      I think a lot of this cognitive dissidence is coming top down as troll stories trying to drum up support for minority lobby pressure, rather than from the population (or Slashdot readers minds) as you suggest. Take this news article that Slashdot has posted for instance: Complete crap, an obvious troll piece to try and pressure the Aussie government to toe the US line [salon.com] when it comes to it's invented "cyber warfare" rhetoric. Little more than a thin veil of fear to give itself permission to Secure, Clamp, Contain the internet against we the people. To SCC effectively of course you need to coordinate other countries at the same time, or it won't really work - so now the lobby pressure begins to reach us via these puff pieces - this article is asking if your on side with it? Read [slashdot.org] Most uprated [slashdot.org] comments [slashdot.org] on the topic from Slashdot and people are calling it what it is - a farce. So how the Fsk did slashdot editors pick this drudge piece to get posted - Is Geeknet's policy to reeducate geeks... or perhaps the firehose full of lobbyist brigades [slashdot.org]?

      Either way, where your seeing cognitive dissidence of individuals - I am seeing the divide widening between what lobbyists behind Gov policies want you to think, and what increasing number of people are actually thinking.

    • Re: (Score:2, Insightful)

      by sumdumass (711423)

      You are mistaking the actions of the government for the reactions of the people. They are not one in the same and often bear no resemblance to each other.

    • You are missing the point, its not about having one philosophy to make decisions, its about making the right decision for the right problem, philosophy be damned. Using a political philosophy to justify a decision is a cop-out to critical thinking. Is it wrong to regulate an industry's reporting requirements when they are using numbers that don't correlate with the truth? No. Is it wrong to remove regulation from an industry requiring 5-10 years of permit pursuit just to get started? No. I'll let you

  • But what of the glorious Internet Filter that was promised to save us all from the "spams or scams that come through the portal [apcmag.com]" ?

  • I'm all for smaller government. We're not dealing with just business to business dealings when it comes to the internet we're dealing with nation to nation. So when hosts from one nation are crippling your business with attacks, how do you bring them to justice without dealing with government?

    As long as governments want to draw these lines and claim nationalities then they need to be able to deal with problems that transcend those lines.

  • by Jeeeb (1141117) on Tuesday September 28, 2010 @03:09AM (#33720136)
    I'm not sure what all the upset in the summary is about (Other than pulling eyeballs). This guy sounds like he actually knows what he is doing. He hasn't jumped on the panic bandwagon. In fact he's said a number of very logical things:

    - Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
    - Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.

    That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
    - Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
    - Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.

    P.s. Sorry for the first and second halve of the post being only somewhat related.
  • Another global problem in a nation-based world.

  • Aussie gov won't help with cyber attacks? What is the Aussie gov's stance on Wikileaks?

  • it is up to individuals - you, me, businesses, corporations - to secure their digital "assets". It is the governments role to secure the country. If my lack of preparedness affects national security then yes the government should take over, otherwise they should not have to. So, imo the Aussie government is doing the right thing.
  • Oz? (Score:2, Insightful)

    What's so God damned interesting about Australia's internets? We're half the size of California for Christ's sake. Who really gives a toss what we do?
    • We may be half the size of California, but as a country we're one of only a very small handful European English-speaking countries (and I find Canada and the US hard to differentiate, and to be honest, NZ is extremely similar to us in all practical respects). This means that we are similar enough that our differences are cherished instead of feared as they are when they are TOO different in most other cases.
    • by AHuxley (892839)
      Who really gives a toss what we do?
      Historically we had a dream location for the NSA. We are tapped into a fun part of the world and have generational links with the NSA. Australia only ever thought of doing intel alone after ww2 and was quickly reconnected with the US/UK.
      The net is near anonymous with changing IP's and logs right?
      Best to keep that myth alive and well in Australia so our well funded clandestine services can keep an eye on all.
      Any hardening via new laws and buying in new tech is no f
  • Remember, every time the government jumps in to save businesses under a cyber attack, valuable resources are being diverted that could be used to stop people from copying CDs and DVDs. I can only hope that I'm being facetious there.
  • I can not believe that a government would sit there and declare that this is not enough of a problem for them ,aside their own network and not push for the ISPs to get involved. We all know hacking is an INTERNATIONAL past time, so why not monitor incoming international traffic, to filter through, say the chinese, and put blocks on those channels, that if you must , you would have to use a special proxy that is maintained by the ISPs themselves. This could not only limit torrent abuse, but also limit or con

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...