Govt could make telcos block malware

The government is looking into making telecommunications companies responsible for blocking malware and ransomware travelling across their networks.

In an op-ed [pdf] in the West Australian today, federal cyber minister Dan Tehan said the public and private sectors needed to move from a passive to active position of cyber defence.

He said the government was currently working on its own efforts to "prevent government users visiting sites known to be malicious", and said telcos were similarly responsible for protecting their customers from malware.

"Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats,” Tehan said, as reported by the West Australian.

The minister said the government was investigating existing legislation to "remove any roadblocks" that may be preventing the private sector and government from delivering such services.

"As cyber exploits become increasingly sophisticated, we want the private sector to step up and provide their customers — business and consumers — with products that reduce the risk of malicious cyber activity and give users the choice to purchase additional security services," he wrote.

"The private sector drives innovation and product development, not government. Industry must be empowered to design and implement products the public want."

Tehan said small business owners had made it clear that accessing security products from their internet service providers would help them manage security risks.

He attempted to distance the government's moves from previous "ill-advised" web filtering efforts, saying it was more aimed at ensuring there were commercially available products to secure end users.

"It would allow users — who may not know malware when they see it — to buy products where their provider takes greater responsibility for security and gives the user peace of mind that they have reduced their risk," Tehan wrote.

"Technology should improve our online experience, like stopping spam emails and providing SMS authentication for your banking services."

Tehan's office declined to offer any detail on the government's plans.

John Stanton, the CEO of telco industry body the Communications Alliance, said he had not had any direct communication from the government about its intentions.

Stanton said there was already a wealth of virus protection products available in the market, and it would be "unrealistic" to impose obligations on service providers for network elements beyond their control.

"Many viral infections result not from a lack of available protection, but rather because consumers choose not to protect their services," Stanton told iTnews.

“Similarly, on many occasions malware and/or viruses use over-the-top (OTT) applications as their entry point. That is, applications that sit on the service providers’ networks but are not offered, operated or controlled by the service provider.

“Industry has a strong vested interest – for commercials reasons among others – in ensuring that its networks are resilient to attacks and safe for consumers to use. Service providers are typically very active in this regard."