Inquiry calls for 'cyber czar', compulsory anti-virus

By Liz Tay on Jun 22, 2010 6:10 PM
Filed under Security

Government could require anti-virus on internet-enabled machines.

A parliamentary inquiry into cybercrime has recommended the Government appoint a Cyber Security Coordinator to lead whole-of-Government activities.

In a report presented to the Federal House of Representatives yesterday, the Standing Committee on Communications highlighted a need to consolidate Australian security efforts.

The Committee called for the establishment of an 'Office of Online Security', which would be located in the Department of Prime Minister and Cabinet and headed by the Cyber Security Coordinator.

Working with State and Territory governments, regulators, departments, industry and consumers, the Office would be tasked with bringing together the current "plethora" of Government organisations responsible for tackling cyber crime.

Federal, State and Territory police, the Attorney-General's Department, Australian Communications and Media Authority (ACMA), Australian Privacy Commissioner and Department of Broadband, Communications and the Digital Economy (DBCDE) were among the "plethora" named in the report.

"This highly decentralised approach was regarded by some as an impediment to a nationally coordinated and strategic response to tackling the problem of cyber crime," the Committee wrote.

"A more centralised and genuinely national approach is required to ensure that strategic responses to cyber crime that impact on the broader Australian society are as effective as possible."

The Committee considered advice from Microsoft and the Australian Communications Consumer Action Network (ACCAN) in its Recommendation 3, which called for a Cyber Security Coordinator.

In its submission to the inquiry, Microsoft Australia recommended that Australia consider the US model of a "cyber security czar" within the White House.

ACCAN highlighted the UK Office of Cyber Security in its call for an Australian Office of Online Security to be established within the DBCDE, reporting at Cabinet level and "setting benchmarks for basic pre-installed security features to be provided with the purchase of all computers".

Mandatory anti-virus

The Committee tackled software installation in a separate recommendation to "protect the integrity of the internet".

Under Recommendation 14, the committee called for the current, voluntary e-security code of practice to be extended and registered under the Telecommunications Act 1997.

A Committee spokesperson confirmed that registration under the Act would make it mandatory for ISPs to comply with the code.

The Committee claimed that the current code "sets the bar too low" in its requirements that ISPs notify their subscribers of potential malware infections.

It moved to require ISPs establish contractual obligations that force subscribers to install anti-virus software and firewalls before the internet connection is established, and endeavour to keep this software up to date.

"While many ISPs do provide e-security products, the code itself does not, for example, promote the use of anti-virus software at the point of connection to the Internet or other security advice or software services," the Committee wrote.

"This is a missed opportunity that could provide some benefits to ISPs and make a real contribution to promoting a culture of e-security."

Committee member and Shadow Communications Minister Tony Smith argued against part of the recommendation in his supplementary remarks, attached to the report.

"To dramatically and quickly institute a requirement that ISPs contractually require the subscriber to install anti-virus software and firewalls before connecting to the internet ... opens up a plethora of new liability issues for subscribers," he wrote.

Internet Industry Association (IIA) chief Peter Coroneos provided the Committee with information about the current code of practice, which the IIA developed.

He questioned if the recommended ISP-subscriber obligations would be practical in an interview published in the Sydney Morning Herald today.

"For a start there's a jurisdictional question here. You can't dictate to ISPs what ought to go in their contracts," he told Herald journalists.

"We've put forward what we consider to be workable guidelines for the industry. There's always a balance between the ideal and the practical."

The Committee was chaired by Labor MP Belinda Neal and considered submissions from the Office of the Privacy Commissioner, Interpol, Google, Symantec, Telstra, Sophos and the DBCDE.

Inquiry calls for 'cyber czar', compulsory anti-virus

14 comments in this discussion

""This is after describe their problem, a hijacker or like." Que? "the customer needs better reliability and want someone to take at least a little responsibility." [sic] Heaven forbid the ..."

By Sams

Tags

antivirus, malware, cybersecurity, acma, iia, dbcde

Twitter buys anti-malware firm

Is the digital dividend a billion dollar windfall?

Internet death worm found

Killing Conficker, 1000 days on

Breaking Stories

BigPond emails will be stored overseas

Google shapes as digital dividend dark horse

Oracle buys Taleo for $1.76 billion

Scientists tout super-fast hard drives

Alstom Transport eyes single project system

Comments: 14

Sams Jun 23, 2010 8:21 AM	"It moved to require ISPs establish contractual obligations that force subscribers to install anti-virus software and firewalls before the internet connection is established, and endeavour to keep this software up to date." As if we need more evidence that that government is clueless about the Internet.
Thysce Jun 23, 2010 9:09 AM	How would ISPs know exactly?
funkyg Jun 23, 2010 9:10 AM	I agree with Sams, this shows a fundamental misunderstanding of many of the problems with internet security. You'd be better stripping out email attachments, making all links in emails not clickable and requiring that all connections are made via an ISP supplied router (which pretty much happens anyway).
brownbear Jun 23, 2010 9:55 AM	Why does this Government believe that it was elected to intrude into the lives of Australian citizens? Anti-virus and anti-malware programs are certainly useful but THEY DON'T REPLACE SAFE SURFING. The updates to these defensive programs are only made after a threat has been identified so there will already be some computers infected before the update is available. There are three different common OS for computers and soon there will be four each has different requirements for an anti-malware/virus program. How do you legislate to cover the different requirements for these, not to mention the various mobile platforms? Wouldn't it make more sense for the Government to be chasing the makers of OS to provide fit for purpose goods which can't be infected?
Joe M Jun 23, 2010 4:11 PM	Is there no bottom to the stupidity of the people who are supposedly running this country? Where do they get this garbage from? They seem to live in a fantasy world where they can ignore small things like facts and reality. And they all seem to have the slimy, reptilian instincts of a 1950's KGB colonel: Yu vill doo vat vee vant yu tu doo tovarish!!! Listen up dopies, see if you can get this. You can't force people to be secure! If it was that easy I and lots of others would have been out of a job a long time ago. And we are only trying to make networks and systems secure for a couple of hundred users at a time - not millions.
anonymous Jun 23, 2010 5:58 PM	It's very simple, all you working families. We find the Net is very threatening because: 1) We don't understand it, so it must be bad; and 2) Any R--f----- can use the Net to oppose our centrally planned perfection. Just think about how that is contrary to national security! Or at least, please think of the children.
Mobius Jun 23, 2010 6:41 PM	Besides the blatant stupidity of this inquiry isn't anyone getting increasingly worried about the term czar's being thrown around here and in the US?
Tequnuki Jun 23, 2010 9:19 PM	The only way to really ensure that the government can save people from themselves is to have a OS that is created and endorsed by the government, with anti-virus/firewall as well as monitoring software to protect the end user and make sure they are only running approved software.NK has its own Red Star OS, so maybe it would be better if we had a OS made by our government? [sarcasm]
HubertCumberdale Jun 24, 2010 12:14 AM	This government can go and get stuffed, internet filters, saving browsing history and now they want to force people to install anti virus software and whats next on the list DPI? yeah wouldn't surprise me. Listen it's my PERSONAL computer. I'll choose to install the software I WANT... so I hereby declare my HDDs a logical extension of my brain, you cannot force someone to get medical treatment if they dont want it. Oh and another thing, it's all very well and good to disconnect those would have viruses and other malwares, but I wonder how many false positives will happen... then of course it would be impossible that the system could be abused. Lets see, hmm I wonder how anyone could even do it, why they would need some type of hardware in place to analyze data patterns and what not, updates from a central source perhaps, it could even block stuff coming through the portal too.
realitybites Jun 25, 2010 3:20 PM	@Hubert.. shhhh don't mention DPI! Goodness me, look at the response concerning the 'Filter'. Imagine whats going to happen when everyone knows about DPI :)
anonymous Jun 25, 2010 4:43 PM	Doesn't everyone think that DPI here stands for Don't Pissoff Iguanas?
Tom Brown Jun 26, 2010 3:30 PM	The Government is not the driving force behind these changes. It is ordinary people involved in home and business who do not have a good handle on these issues and who have immense frustration over the inadequacies presented within the industry. I often say to clients, to deal with people involved in sex, gambling and drug industries you are dealing with criminals. This is after describe their problem, a hijacker or like. The industry needs to be proactive, the customer needs better reliability and want someone to take at least a little responsibility. I see ICANN now is going to register 110,000 (pre booked) XXX sites. These people (not ICANN) generally have no respect for anyone and are, or are associated with, criminal activities. A whole lot more trash on the net!
Tom Brown Jun 26, 2010 3:33 PM	I wish to commend the Hon Tony Smiths comments. http://www.aph.gov.au/house/committee/coms/cybercrime/report/supplementary_remarks_mrsmith.pdf
Sams Jun 28, 2010 8:07 AM	"This is after describe their problem, a hijacker or like." Que? "the customer needs better reliability and want someone to take at least a little responsibility." [sic] Heaven forbid the customer takes responsibility and installs anti-virus when advised to do so. "I see ICANN now is going to register 110,000 (pre booked) XXX sites. These people generally have no respect for anyone and are, or are associated with, criminal activities. A whole lot more trash on the net!" Know all 110,000 of them well, do you?