Gov looks for upstream threat blocking by telcos, cloud operators

The government wants to give telcos and cloud providers the power “to enable upstream blocking of cyber threats” as a key action under the second horizon of the Australian cyber security strategy.

Upstream blocking is one of a number of initiatives laid out in an action plan [pdf] published yesterday.

Home Affairs will lead upstream blocking efforts, which may require “enhanced legislative and policy levers”, according to the action plan.

The aim is to “better defend those who cannot defend themselves” by enabling blocking either closer to the source of the threat, and - for those originating overseas - before carriage to Australia.

A pilot project is likely to test the efficacy of blocking arrangements.

“To increase the update of threat blocking activities across the ecosystem, identify a national opt-in threat blocking pilot, including whether legislation is required to enact,” is listed as an action item.

There are a number of cooperative threat sharing arrangements in place between government and private sector, including infrastructure operators.

These include the Microsoft-Australian Signals Directorate Cyber Shield (MACS) and the Cyber Threat Intelligence Sharing (CTIS) service.

Another key action Home Affairs will lead under the second horizon is “an assessment of Australia’s current subsea cable protections”.

Parts of the horizon two plan, which leaked to newspapers earlier this week, sets a goal to “empower workers as our first line of cyber defence, our ‘human firewall’.”

A key action from this will be the introduction of “a minimum standard of cyber security training in Australian Signals Directorate (ASD) standards.”

“The standards will ensure an appropriate level of governance awareness and training for all staff that access an organisation’s systems,” the action plan stated.

Minister for cyber security Tony Burke said in a statement that “our greatest area of risk is always government systems and critical infrastructure.”

“Horizon one was about putting the strongest possible locks on the front door. In horizon two, we look at the supply chain that engages with government and critical infrastructure. We are now locking the windows,” he said.