Aussie Gov't Won't Help Fight Cyber Attacks 101
mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."
CYBER TECHNOLOGY (Score:4, Insightful)
I am so sick of the term "cyber" being used by people to make their ideas sound sophisticated. It drives me mad to see this not having the opposite effect.
SO YOU SEE, WITH CYBER TECHNOLOGY....
aaagghh
Re: (Score:2, Informative)
It sounds to me as if you are going through cyber rage.
Re: (Score:2)
I was going to cyber-post this very cyber-message. Because you cyber-beat me to the cyber-punch, I'll instead take this cyber-opportunity to inflict great cyber-pain on you.
Re: (Score:2)
mod parent +1 cyber-funny
Re: (Score:1)
> Speaking as a post-cyberist
Pssah. As a true post-cyberist, you would have broken the cyber-wall and commented on your comment.
cyber-monkey
Re: (Score:2)
pseudo-cyber-intellectuals
Re: (Score:1)
Re: (Score:2)
protecting yourself is reactionary, real men never leave their basements
But that's all that is the security agencies' job! (Score:1)
Re: (Score:2)
About time the
Re: (Score:3, Informative)
Yes Dr Conroy, I said "erect", you insecure tosser.
As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor. No need to accord him an unnecessary honorific.
Tosser (or wanker, or variations on the same) on the other hand is a perfectly valid qualification to identifying the man.
Re: (Score:2)
Sorry, I got him confused with another Dr Conroy... not an uncommon name.
Re: (Score:2, Informative)
It's 'hear, hear', not 'here, here', you retard.
http://en.wikipedia.org/wiki/Hear,_hear [wikipedia.org]
Re: (Score:1, Insightful)
here, here.
Hear, hear!
FTFY
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
That's great except police are limited by what can be done, and you'll generally find that police services(or forces depending on where you are), have bigger fish to fry(like rape, murder, assaults, theft(physical), etc). In Canada unless the losses in relation to a computer crime, are greater than $100k the RCMP will not investigate. Local police will direct you there, and if it's under 100k, your local dept. may possibly try to divert manpower to it. But the ability to investigate is limited.
Internet b
Re: (Score:2)
Internet based crime has got to me a massive headache for the police to try to deal with.
juristiction problems are almost guaranteed and even identifying the criminal with enough certainty for a court of law would take a hell of a lot of effort.
I'm told if you do most of the work for them- hand them a case on a silver platter and somehow find someone who definitly has juristiction you can get some results but otherwise forget it.
the fact that people generally don't die or show up on newspaper front pages wi
Re: (Score:1)
Australian already does it under another department http://www.acma.gov.au/WEB/LANDING/pc=INTERNET_MAIN [acma.gov.au]. Clearly the Australian government is signalling they are not interested in playing cyber warfare and feeding the global military industrial complex with billions more of tax payer dollars.
The threat is being hype up again and again, and yet all that bloody infrastructure not so long ago was safe from internet attacks because there was not internet and it ran fine. So cut the crap, in they connect impo
Re: (Score:1)
In practice, ah, I think we'd need an entirely new form of police-ing/policy-ing to deal with internet crime.
Cyber shield sounds like a bit of a wank (Score:5, Insightful)
Re: (Score:2)
Tell that to the Debian project.
Have they upgraded to ELF binaries yet?
Re:Cyber shield sounds like a bit of a wank (Score:5, Funny)
Have they upgraded to ELF binaries yet?
They did but the result was... a bit gay.
They're now planning an upgrade to DWARF binaries.
Re: (Score:1)
...and my ACKs!
Re: (Score:1)
Re: (Score:2)
Probably with the same kill ratio as SDI as well.
Re: (Score:1)
What good would the government do anyway? (Score:4, Insightful)
Sure if power plants are being attacked, the government would step in.
But if a lot of private businesses are being attacked, what good would the government do anyway? Such an attack would be far more skillfully handled by the IT personnel at various companies, who have shown the ability to band together as needed for serious attacks.
Re: (Score:1)
Re: (Score:3, Insightful)
In some states, the power infrastructure is still a government-owned asset, so they'll be the ones being attacked in the first instance.
I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.
Re: (Score:1)
I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.
Correct. Also, Power Plants, distribution grid etc are designated as "critical infrastructure", and they typically are given the benefit of government threat analysis and advice (on a "cost recovery" basis, so the government makes or loses no money in performing them). The scope of this advice extends to cyber threats (which are usually along the lines of "although you may not have heard of them, there are things called Industry Standards for IT Security. We suggest you begin looking at them")
Re:What good would the government do anyway? (Score:5, Informative)
"Sure if power plants are being attacked, the government would step in."
If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.
There is NO excuse for vital infrastructure to be controlled via the internet. At all. Ever. People who expose it to the internet are worse than negligent and merit firing, public exposure, and blacklisting so they never work again in a position of responsibility.
Re: (Score:2)
Australians like MS at the front end?
eg http://www.smh.com.au/technology/security/sinister-integral-energy-virus-outbreak-a-threat-to-power-grid-20091001-gdrx.html [smh.com.au]
http://www.zdnet.com.au/virus-hits-integral-energy-desktops-339298861.htm [zdnet.com.au]
Re: (Score:2)
Re: (Score:3, Informative)
The only way I have seen that implemented report gathering for SCADA systems, where security was decent, was a setup akin to the following:
1: The systems were on their own private network, airgapped from everything else.
2: A machine polled them, and wrote the logs to hard disk accessible by a second machine in XML format with a header for files.
3: The second machine would copy the logs through a serial port with the rx wires cut on one side. It was configured not to care about ACKs, just send data, don'
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.
I feel like I repeat this at least once per 'cyberwar' thread, but it bears repeating until people start to understand. "Power plants can be attacked via the internet" is not equivalent to "Power plant controls are exposed to the internet". There's plenty of risk to the power infrastructure that comes from systems that can affect power usage being exposed to the internet, even if the power plant isn't exposed to the internet...
The reason that some people give 'cyberwar' more thought than that is that it's
Re: (Score:2)
Modern power networks are being implemented to manage load control at the sub-sector and even unique address level. This will minimise the effect the type of attack you are proposing could have, as increasing the load at a domestic level will simply result in your meter switching off supply. It will switch back on after a delay, and if the load is still over a given threshold, will switch off again. Lather, rinse, repeat.
Re: (Score:2)
A late response to a dead thread, but it's worth pointing out that the problem we examined in detail was not too much load, it was a rapid reduction of load. The precise problem was that, if the smart meter is ever compromised (or some other home automation system was compromised in very large numbers), one could switch enough meters off supply such that the load at the generator is very drastically reduced to the point that it is mechanically damaged.
Stuxnet managed it without direct access (Score:2)
If powerplant controls are exposed to the internet
They don't have to be exposed to the internet.
The recent Stuxnet worm targeted industrial controllers with a transmission vector of USB fobs entering said facilities... and it worked.
I agree that powerplant controls should not be exposed to the internet but it does not mean they cannot face a virtual attack.
Re: (Score:2)
Re: (Score:1)
How else do you outsource to Mumbai?
Re: (Score:2)
So it is quite right to say 'you are on your own'. The difficult choice is whether to call the police or not - or pay extortion money.
If private industry can't protect themselves then the government will have no-one better off. They'll either have to train up people for the purpose, or pay out the money.
Aussie govt won't lift a finger... (Score:2)
Aussie govt won't lift a finger...You could've stopped right there. Well unless it's to fine the populace, cut services, or boost their own salaries.
Re: (Score:1, Interesting)
Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?
Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 1
Re: (Score:2)
Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?
Well, that's blatantly wrong [autoguide.com]. Considering the pointless Holden vs Ford patriotism that goes on here there's no government intervention required to keep bogans buying locally produced cars (except for those produced by Asian owned manufacturers). I'm all for repeat or blatant idiots having their cars impounded. I had some moron drive into me to cut in front of me at a set of traffic lights, and then he raged and reversed into me before speeding off. That's the only collision I've ever been involved in.
Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 10 starving disabled orphans instantly and advancing the impending doom of civilisation.
+1 tro
Re: (Score:2)
+1 troll there. I've been done for speeding a minor amount over the limit a couple of times. There's usually leeway in the form of not fining someone until they are a certain amount over the speed limit. It's adequate motivation to make me check my speed whenever I pass fixed speed cameras or see brand new cars suspiciously parked in unusual places.
They've actually removed that leeway, in both VIC and most recently in NSW. The speedometers are allowed to be up to 10% out. (Fortunately car companies take the opportunity to make them read 10% higher not lower). But now the leeway allowed is much less than that - 1-2km. I don't even know if that's within the tolerance of the equipment.
It most certainly is not a troll that forcing someone to regulate their speed so vigorously makes people concentrate on their speedo when they should be assessing the road.
Re: (Score:2)
The hoon-car laws are actually one thing that's pretty damned good, it's not targeting custom cars, it's targeting gits who see it fit to light up rubber, forget their exhaust or think they're exempt from engineering standards.
If you want to really let the lead-foot fly then go join up to CAMS or other similar racing clubs - oooh but of course, you're probably too cool for that (but really your car is just shit and those Type-R stickers will peel off when the CAMS boys fly by your sad piece of bling).
Oh yea
Re: (Score:1)
So what's it gonna be? (Score:2)
Should the Australian government lift a finger to protect children from the evils that lurk online? No, let parents sort it out. Should it lift a finger to protect businesses? No, let the free market sort it out.
If the government is going to do anything, its focus should be on protecting the infrastructure as a whole, not individual businesses.
Re: (Score:1)
They SHOULDN'T be doing anything here; let me give you an example,
You go out for a couple of hours, leaving the front door to your house wide open, when you return you find all your possessions missing - was it the Government's responsibility to ensure that your house was locked?
To Stand a cop out the front of your house exclaiming 'move along'?, to lock the door for you? No.
These are your responsibilities, The police will come and investigate the crime - and you know there will be nothing they can do about
Re: (Score:2, Informative)
What about if you come home while the thiefs are still their taking your stuff? Should the cops come and stop them, or wait until it's all done and take your statement?
I mean seriously, no defense shield is going to be able to autonomously say "they are attacking here, lets guard the doors". What they will likely do is be ready when company X says, I'm getting attacked at these ports by these IP's, then respond similar to a cop being called while the thieves are still cleaning out your house. But what it wo
Re: (Score:2)
Should the Australian government lift a finger to protect children from the evils that lurk online?
Stephen Conroy seems to think they should... :(
Ah but wait, the filter only actually blocks spams and scams [youtube.com].
From the US Article (Score:1)
Does this sound like a blatent religious ripoff to anyone else ?
Re: (Score:2, Funny)
Ah, the slashdot mind (Score:4, Insightful)
Small government! The state should stay out of my business! Private industry can take care of everything!
Waah, something is happening, the state should step in! Save us oh mighty government! Regulate them! Control our every action and thought!
You can't have it both ways. Remember a while back when the US government announced that it could under emergency rules take control of networks? 99% of Slashdot was up in arms. No government spooks on your private network.
So, now the demand is that Australian soldiers walk into private business and secure the network?
So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?
Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?
And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.
We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.
It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.
Or as Douglas Adams said: People are a problem.
I say we nuke them from orbit. It is the only way to be sure.
Re:Ah, the slashdot mind (Score:4, Insightful)
So, now the demand is that Australian soldiers walk into private business and secure the network?
So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?
Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?
And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.
We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.
It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.
Or as Douglas Adams said: People are a problem.
I say we nuke them from orbit. It is the only way to be sure.
I think a lot of this cognitive dissidence is coming top down as troll stories trying to drum up support for minority lobby pressure, rather than from the population (or Slashdot readers minds) as you suggest. Take this news article that Slashdot has posted for instance: Complete crap, an obvious troll piece to try and pressure the Aussie government to toe the US line [salon.com] when it comes to it's invented "cyber warfare" rhetoric. Little more than a thin veil of fear to give itself permission to Secure, Clamp, Contain the internet against we the people. To SCC effectively of course you need to coordinate other countries at the same time, or it won't really work - so now the lobby pressure begins to reach us via these puff pieces - this article is asking if your on side with it? Read [slashdot.org] Most uprated [slashdot.org] comments [slashdot.org] on the topic from Slashdot and people are calling it what it is - a farce. So how the Fsk did slashdot editors pick this drudge piece to get posted - Is Geeknet's policy to reeducate geeks... or perhaps the firehose full of lobbyist brigades [slashdot.org]?
Either way, where your seeing cognitive dissidence of individuals - I am seeing the divide widening between what lobbyists behind Gov policies want you to think, and what increasing number of people are actually thinking.
Re: (Score:2, Insightful)
You are mistaking the actions of the government for the reactions of the people. They are not one in the same and often bear no resemblance to each other.
Re: (Score:2)
You are missing the point, its not about having one philosophy to make decisions, its about making the right decision for the right problem, philosophy be damned. Using a political philosophy to justify a decision is a cop-out to critical thinking. Is it wrong to regulate an industry's reporting requirements when they are using numbers that don't correlate with the truth? No. Is it wrong to remove regulation from an industry requiring 5-10 years of permit pursuit just to get started? No. I'll let you
Think of the Children (Score:2)
But what of the glorious Internet Filter that was promised to save us all from the "spams or scams that come through the portal [apcmag.com]" ?
International (Score:2)
I'm all for smaller government. We're not dealing with just business to business dealings when it comes to the internet we're dealing with nation to nation. So when hosts from one nation are crippling your business with attacks, how do you bring them to justice without dealing with government?
As long as governments want to draw these lines and claim nationalities then they need to be able to deal with problems that transcend those lines.
Sounds fairly realistic to me (Score:5, Insightful)
- Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
- Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.
That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
- Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
- Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.
P.s. Sorry for the first and second halve of the post being only somewhat related.
Re: (Score:2)
I think they should receive some congrats.
Re: (Score:2)
, that's to most common-sensical message I saw lately coming from the Australian government!!!
I think they should receive some congrats.
Common sense answers are not what the US is looking for - so they are being ridiculed for not jumping on the fear bandwagon. Now they want all NAT members to implement "blanket of security over our networks" [google.com] in order to Secure Clamp and Contain the internet [salon.com]... a wwwar against we the people [youtube.com].
Re: (Score:1)
I agree. The scope of government intervention in the cyber world should not overstep its responsibilities.
Aussie government departments already provide cyber threat advisory to Australian business, and it's all out in the open.
- DSD [dsd.gov.au] (Aussie version of the NSA) provides cyber protection and advice to Australian government, and makes a lot of it's advice available for business to use [dsd.gov.au]
-The Attorney Generals Dept [ag.gov.au] provides cyber security advice to Australian businesses and individuals
-Aus CERT [cert.gov.au] does much of th
Blah blah blah (Score:2)
Another global problem in a nation-based world.
This story makes me think of Julian Assange. (Score:2)
Aussie gov won't help with cyber attacks? What is the Aussie gov's stance on Wikileaks?
surely... (Score:2)
Oz? (Score:2, Insightful)
Re: (Score:1)
Re: (Score:2)
Historically we had a dream location for the NSA. We are tapped into a fun part of the world and have generational links with the NSA. Australia only ever thought of doing intel alone after ww2 and was quickly reconnected with the US/UK.
The net is near anonymous with changing IP's and logs right?
Best to keep that myth alive and well in Australia so our well funded clandestine services can keep an eye on all.
Any hardening via new laws and buying in new tech is no f
It's a question of resources (Score:2)
I am so disgusted with this! (Score:1)
I can not believe that a government would sit there and declare that this is not enough of a problem for them ,aside their own network and not push for the ISPs to get involved. We all know hacking is an INTERNATIONAL past time, so why not monitor incoming international traffic, to filter through, say the chinese, and put blocks on those channels, that if you must , you would have to use a special proxy that is maintained by the ISPs themselves. This could not only limit torrent abuse, but also limit or con
Re: (Score:2)
Don't know how you figured that one out.
If you break into the network of the Westpac bank, you will still be charged under the relevant law, all this states is that it is Westpac's responsibility to prevent you from doing so.
By the same token, if you try to kill or rob me you'll have to deal with the punishments under relevant law. Also, we dont
Re: (Score:1)
Who needs a gun handed to them. It doesn't take much to turn the theory of operation into practice. Sure, it may not work as well as a $1000 pistol but it will work. Especially if the goal is to get close enough for you to see it coming but far enough away that you can't fight back.
BTW, I agree with your comment. This stance doesn't make existing laws go away. At best, it simply says that they won't invest time and money preventing it from happening.
Re:Sweet! (Score:5, Funny)
You're clearly not familiar with Australian banks.
If you broke into the network of the Westpac bank, they'd be more likely to steal from you than the other way around. They've had a lot more practice, and have far lower scruples than the average cracker.
Re: (Score:2)
I think you'll find that's any Australian bank.
Actually, any bank at all. Um. ...is there a trend we're missing here?
Re: (Score:2)
Re: (Score:2)
I was in the bridal party of the head of ANZ online security program, don't try them either. He's an ex-sniper and has the requisite morals.
Re: (Score:3, Insightful)
Also, we dont just hand out guns in this nation so you'll have to get mighty close ...
It's really cute that you think that :) It's like you've never heard of criminals. Naiveté can be so adorable!
Re: (Score:2)
Well I do live somewhere where I feel perfectly safe without weapons (and in a land with the 10 most dangerous animals on earth, petty criminals dont scare you much after that).
Re: (Score:3, Interesting)
This isn't the government saying it won't pursue prosecution if there is accusation of a crime within its jurisdiction, just that it is not the government's duty to provide protection against the specific instance of a crime possible occurring. On your twisted extension, that means they won't provide every citizen with a kevlar vest, though they do so for the military.