iTnews

Cyber czar could create policy delays

By John Hilvert on Aug 1, 2011 12:28PM
Cyber czar could create policy delays

Responsibility best left to agencies, thinktank suggests.

Page 1 of 2  |  Single page

The head of the government-sponsored Australian Strategic Policy Institute Andrew Davies has urged against appointing a single 'cyber czar' to combat internet-borne security threats.

Davies told the a summit in Canberra last week that cyber security was best understood as a set of policy issues ranging from nuisance to national security.

He said those issues currently fell under the remit of three sets of Federal and State agencies.

Any attempt to consolidate responsibility would cause delays and introduce inflexible approaches to override otherwise practical approaches, Davies said.

Federal and state law enforcement authorities became involved in cyber crime policing for identity theft and credit card fraud issues.

Issues of lax user behaviour and unwise site searching made cyber security an educational and quasi-regulatory issue, bringing it under the auspices of the Australian Communications and Media Authority (ACMA) and the Department of Broadband, Communications and the Digital Economy (DBCDE).

Because cyber security was also associated with potential incursions by foreign governments, it became an issue for the Department of Defence and for the National Cyber Security Adviser within Prime Minister and Cabinet.

While Davies agreed it was important for the various agencies to communicate regularly with each other to stay alert to new developments in cyber crime, this was an inadequate argument for establishing a national cyber czar.

Davies argued there was a clear mandate for government intervention only on issues of Defence, national security or where it was clear a crime had been committed.

His view was countered by a general consensus at the summit that the Government had been too slow implementing a cyber security strategy, putting it years behind other nations.

No national picture

A perceived lack of official statistics on cyber security was seen by summit attendees as conflating the Government's cyber security woes.

While priding itself on evidence-based policy making, statistics and a systematic national perspective on cyber security provided by the Government and its various agencies remained elusive.

Attorney-General Robert McClelland, who opened the summit, offered little in terms of hard data, reprising a previous announcement by CERT Australia of its identification of 250,000 stolen records and advising organisations to take steps to minimise damage.

Australian Institute of Criminology research analyst Alice Hutchings submitted to the summit a wide range of estimates of the cost of cyber crime varying from $345 million to over $1 billion.

She also cited survey results from 2009 on the number of businesses said to have experienced a cyber "incident".

However, the summit did not turn up a clear and credible benchmark of what was happening, whether it was getting worse and what worked best in reducing cybercrime.

Read on to page two to find out why we shouldn't worry too much about the cyber threat posed by China.

The Chinese threat

Australia ranked among the top ten targets for China’s cyber-intelligence operations.

China, thought to be behind the theft of emails from Parliamentary computers reported back in March, had the most extensive and "practiced" cyber-warfare capabilities in Asia.

However, ANU Professor Desmond Ball said that China's technical expertise was "uneven" and that the actions of private netizens ("wangmin") were often confused as those of the official cyber-warfare units.

Not all netizens were motivated by national causes, he said.

Presenting a subset of data from his “China’s Cyber Warfare Capabilities” paper, Ball said that China was the biggest victim country of hacking, with at least as many netizens seeking to attack the country's own Great Firewall as those targeting foreign network assets.

According to the National CERT Technical Coordination Centre in Beijing, more than 4600 Chinese government websites had their content modified by hackers in 2010, a 68 percent increase over the previous year.

Furthermore the vast majority of personal computers in China (over 80 percent) were infected with a computer virus, according to Ball's figures.

Ball concluded there was no evidence that Chinese cyber-warriors could penetrate highly-secure networks or covertly steal or falsify critical data. 

He rated China’s information warfare capabilities as inferior for at least the next ten years.

“China’s cyber-warfare authorities must despair at the breadth and depth of modern digital information and communications systems and technical expertise available to their adversaries," he said.

However, the threat of a China-initiated cyber war meant Australia's national security agencies needed to strengthen their protective capabilities and be ready for retaliatory and offensive operations, he noted.

Next Page 1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aspi auscert cert australia cyber czar cyber security desmond ball pressgallery security

Partner Content

Nestlé subsidiary sees sweet returns from data-driven transformation
Partner Content Nestlé subsidiary sees sweet returns from data-driven transformation
Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Promoted Content Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Resetting cyber security for the new threat landscape
Partner Content Resetting cyber security for the new threat landscape
Putting cyber security basics in place
Partner Content Putting cyber security basics in place

Sponsored Whitepapers

Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world
Move beyond passwords
Move beyond passwords
The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By John Hilvert
Aug 1 2011
12:28PM
0 Comments

Related Articles

  • Large Australian education data leak traced to third-party service
  • Okta to buy Auth0 for $8.3 billion
  • Avast boosted by work-from-home trend
  • Urgent patches out for exploited Exchange Server zero-days
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

CBA becomes first 'Big 4' data recipient under CDR

CBA becomes first 'Big 4' data recipient under CDR

NSW Police green-lights Mark43 for $1bn COPS overhaul

NSW Police green-lights Mark43 for $1bn COPS overhaul

Urgent patches out for exploited Exchange Server zero-days

Urgent patches out for exploited Exchange Server zero-days

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.