Addressing internet insecurity

Powered by SC Magazine
 

Comment: All connected computers should be registered.

A few days ago, senior FBI official Shawn Henry called for the creation of a new and secure “alternative internet” to secure key infrastructure and financial systems.

He assessed the process of connecting systems of national significance to the internet as a recipe for disaster, and he was right: the internet is insecure. And yet we use it today for everything from social media, shopping and banking through to education and, in the near future, e-health.

The last of these, edging towards becoming reality in Australia, simply should not proceed within the current system.

The rate of cyber-crime on defence, government, business and residential systems is increasing and little can be done to stop it. Why? Because the digital network was not designed with security in mind.

The Australian government recently announced the 2009 review of government security and infrastructure will be implemented and the current 124 individual internet gateways (the place where multiple networks interconnect to exchange traffic) will be reduced to eight – the minimum number needed for operational efficiency and reliability.

The idea is to concentrate spending on a reduced number of gateways with the aim of improving security and, with new equipment, improve operations.

The government’s actions are a step forward, but they don’t tackle the root cause of the security problem – the insecure internet. And what about all the other users of the internet, business and residential customers included?

Most cannot afford the many multiple millions of dollars government is now spending on new gateways – gateways that ultimately cannot and should not be relied upon to secure systems and infrastructure of national importance.

General Keith Alexander, director of the US National Security Agency and head of the US Pentagon’s Cyber Command, recently used a speech in Baltimore to call for the Pentagon and intelligence agencies to step up efforts to secure networks and systems.

General Alexander also called for more government coordination with private companies to improve public network security.

In a key observation, he said that when a computer network is infected someone should be able to disconnect it.

The internet as a runaway vehicle

The current situation cannot be allowed to continue. Internet crime, intellectual property and identity theft is growing. Countries have begun to prepare for cyber warfare.

Criminal organisations have already made billions and appear to be re-investing to develop new and more sophisticated scams.

Another way of looking at the internet is to consider the analogy of the car in the 20th century.

There can be no doubt the 20th century was the century of the car. We all wanted one, speed was encouraged and by 1970 there were 3,600 road deaths annually in Australia.

The number of permanent and disabling injuries associated with road trauma had reached a peak.

Government had to act and did so. Seat belts and lower speed limits were introduced and car companies were forced to redesign with safety as a priority.

The same point in history is now upon us for the internet. The government must act to reduce cyber-crime and to secure the key systems and infrastructure.

As already mentioned, the Australian government must not launch its eHealth systems until security can be guaranteed. If necessary, eHealth should only be utilised on a separate network – the start of a secure network for key national systems and infrastructure, as described by Shawn Henry.

One of the most important services on the internet today is still one of the most insecure: email. The fastest way for a criminal organisation to breach security is through the use of email.

It is fundamental that SMTPSec (the use of SSL certificates for SMTP server to SMTP server communications) and SMTPS (the use of SSL certificates for SMTP server to client communications) be implemented immediately.

New legislation is needed that sets out a path towards Australia having two separate networks. One would remain the public internet and the other would be a secure network for key national systems and infrastructure.

Authority to disconnect parts of the network and to disconnect countries from the Australian network should be detailed. Protocols need to be put in place for these actions to occur and it must be decided who will carry out the actions.

Legislation should set out a timeline and framework whereby equipment and systems suppliers will be required to improve their products with safety and security in mind.

Certain well-known security flaws in the way computers are made and sold must be identified in the legislation and made illegal. One example is that operating systems can be sold without adequate integrated anti-virus and anti-malware capability. To return to our analogy, that would be like selling a car without seat belts today.

All computers connected to the internet should be registered and the computer operating system should report the computers state including the health of the anti-virus and anti-malware checks.

Do you see the parallel with cars? Car registration is now mandatory for any vehicle utilising public roads. Car roadworthy checks are carried out annually or in some states randomly and whenever a vehicle is sold.

Australia is taking a positive lead by working with other nations to identify and try to solve some of the issues with the internet. But the pace of this world-wide effort is glacial and more needs to be done.

Mark Gregory is a senior lecturer in electrical and computer engineering at RMIT University. This article was originally published at The Conversation.

Copyright © iTnews.com.au . All rights reserved.


Addressing internet insecurity
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1428

Vote