Telstra wants legal clarity to block malicious traffic

Telstra is seeking federal law changes to allow it to rate-limit or block internet traffic that it has “a high degree of confidence” is malicious.

The plan is one of four pillars of a strategy Telstra is calling ‘Cyber Secure Australia’, which it detailed at a forum in late March.

The other pillars include the company’s already-launched managed security services, as well as forthcoming enterprise-grade security services targeting small businesses, consumers and the internet of things.

Security solutions director Neil Campbell said Telstra “sees it as a responsibility” to develop a granular cyber defence capability to protect Australia's national interests.

“This is a genuine effort by a collection of very passionate people to change the face of security in this country,” he said.

Telstra is currently in the process of building out a global network of security operations centres, and its network reach and dominance means it “can often see attacks as they’re forming.”

“For example, we’ll see devices in a botnet communicate to a command-and-control server just in the way we operate our network, because as a telco we have a responsibility to monitor the network for security and availability reasons,” Campbell said.

“We’ll see that traffic but right now we don’t believe we have a clear legal mandate to interfere with it.”

Campbell - a former computer crimes investigator at the AFP - said the telco saw the Crimes Act as inhibiting its ability to act against traffic it believed was malicious.

“There are various bits of legislation here and there including the Telecommunications Act that grant telcos a certain amount of power to take proactive action, but it’s not clear enough for our liking,” Campbell said.

“So what we want to do is to work with the federal government to make sure that we can do things that aren’t Big Brother-ish - because that’s not who we want to be - but that enable us to, where we have a high degree of confidence that a given kind of traffic is representative of malicious activity, be able to rate-limit it or block it altogether and therefore every user of the network benefits.”

'Secure Internet'

Campbell used the same forum to provide significant extra detail of another pillar of its strategy which it has codenamed Secure Internet.

Telstra name-dropped Secure Internet briefly last month but provided little detail about it.

It has now been revealed as an ambitious plan to “inoculate” every internet user in the country against security threats, and to severely limit any opportunity for those threats to spread and cause much damage.

“Our plan is to provide massively scaled, cost effective security for everyone,” Campbell said.

The service would also act as an enormous source of security data for Telstra.

Initially, Secure Internet will be targeted at small businesses. It is likely to launch in September this year at a monthly subscription fee of $20.

“This is a complex project but we aim to be able to deliver a service to small business customers initially that will give them an enterprise-grade [virtual] firewall protecting their fixed network, as well as the same technology protecting two of their mobile devices and two next-generation endpoint clients to protect a Mac and/or a PC,” Campbell said.

“Why would we give that kind of quality of technology to a small business for $20 a month?

“Because part of our strategy is we believe that if we can take a step toward inoculating the country from the vast majority of cyber threats, then we can make Australia a safer place to do business, a safer place for government, a safer place for families, and the kind of place that foreign businesses would like to invest in.”

It is presently envisioned that Secure Internet users would be able to select from three different levels of security requirements - low, medium or high - via a web page and/or an app.

“Then if they’re interested in the next level of detail - and many won’t be - then they can go in and say ‘I want to block Facebook’ or ‘I want to block this kind of information’,” Campbell said.

Campbell said that Secure Internet would, at a very granular level, allow the telco to “kill off” attacks before they were able to propagate to any great extent.

“If you think about the way ransomware works, emails are sent, links are clicked, malware is downloaded and then installed, and then it encrypts the hard drive,” Campbell said.

“That gives us a few opportunities to identify what’s happening and to kill off that attack.

“If we can stop ransomware, worms and viruses, then rather than coming in and sweeping the country and causing widespread damage, we can reduce [their impact] to just a few people when it’s something brand new.

“We should be able to detect it because we’ll be taking all of that information back into our managed security services platform where we’ll be running rules looking for known knowns, and also [applying] advanced security analytics looking for unusual traffic patterns, unusual login attempts, or unusual periodicity where devices pinging out to the internet on a regular basis.

“The latter generally indicates either they’re getting a Microsoft update or an Apple update - but we’ll know that - or that they’ve been compromised and they’re calling a command-and-control server.”

Campbell said that Telstra was being cautious not to “do a Facebook” on Secure Internet.

“What we want to do is make our customers’ privacy paramount, which is why part of this is endpoint clients because what we don’t want to start to do is intercept SSL-encrypted traffic, which on average is 55 percent of all internet traffic,” he said.

“Cracking that open with the best of intentions on behalf of our customers to protect them from what’s in it [is not what we want to do].

“We’d rather say there’s a good reason SSL is used so let’s protect the devices at the end of it rather than try to break it open and mess with a fundamental mechanism that drives the web.”

Once Secure Internet is seeded in the small business space, Telstra plans to launch similar versions targeting consumers as well as enterprises.

“We need to move to consumer at a better price point than $20 a month, and the only way we can do that is with scale,” Campbell said.

“It needs to be so affordable that you think ‘why wouldn’t I?’ but we also need to educate the community that ‘you really should’ because the problem with doing something at a low price is often people then don’t value it.”

A similar product for the enterprise would target security on business mobile devices.

Campbell said that while Telstra isn’t pursuing Secure Internet “because government is regulating” in the space, he could “see the day will come when government will regulate” internet users to have a base level of security in place.