E-security Review prompted by cyber attacks
by Ernie Davitt, National Affairs Editor, ASM
The Federal Government’s whole-of-government review of e-security – prompted by intelligence community concerns about an upsurge in cyber attacks against government, business and community CIT systems – is expected to be completed by the end of October.
The review, designed to counter the threat of a hostile online environment, will help the Government develop a national framework for securing Australia’s electronic networks.
The review was announced by the Attorney-General, Robert McClelland, and the Minister for Broadband, Communications and the Digital Economy, Senator Stephen Conroy, earlier this year.
Under its terms of reference, the review is examining current programs, arrangements and agency capabilities and capacities which contribute to e-security, including:
• those being implemented by agencies under the E Security National Agenda; and
• incident response and crisis management arrangements for e-security, including the recommendations from Australia’s participation in Exercise Cyber Storm II.
The announcement followed warnings by the Director General of ASIO, Paul O’Sullivan, that individuals and nations were targeting the private sector in a bid to steal sensitive information.
An executive committee comprising senior representatives of the Attorney-General’s Department, the Defence Signals Directorate, ASIO, the Department of the Prime Minister and Cabinet, the Department of Broadband, Communications and the Digital Economy, the Australian Federal Police and the Australian Government Information Management Office is overseeing the review.
Urging business to re-assess its cyber security systems, Mr O’Sullivan told businessmen at an international seminar in Sydney that espionage and espionage-related activities continued to evolve and pose security challenges in the post-Cold War world.
“A range of non-state actors – hackers, criminals and other foreign entities, acting independently or on behalf of groups, networks, or states – are engaged in nefarious cyber-activities: whether for profit; to cause damage; test for vulnerabilities; or acquire sensitive information,” he warned.
“Such actors are targeting business and government alike.
"And, in terms of private sector vulnerabilities, they may not be trying merely to test, manipulate, or damage your IT systems.
“By using trojans and other covert programs designed to transmit sensitive information, data held on compromised IT systems can be exfiltrated, covertly, via the internet, to someone virtually anywhere on the planet.”
A successful attack could see the loss of commercially-sensitive information: business strategies, intellectual property, sensitive client details, even company employee information.
The various IT related devices - software, mobile phones, disks, thumb-drives, personal organisers, and so forth - all of which are now in common use - are also potential vectors for trojans, etc, capable of compromising information security, Mr O’Sullivan said.
“So it is important that you consider whether you have appropriate security policies covering their use, particularly as they can be easily ‘inserted’ into your systems, sometimes quite innocuously - as gifts to staff, for example.
“Such devices have also changed the way business is conducted around the world, making it possible to maintain access to information when you travel - but it is essential you consider whether the information you carry around on laptops, personal organisers or data-sticks when you travel overseas is exposing you to risks.”
Announcing the e-security inquiry, Mr McClelland said new and networked systems increasingly underpinned our business and social interactions, but they also provided fertile ground for exploitation by cyber criminals.
“The e-security review is an opportunity to look at what help the Government can provide to develop a more secure and trusted electronic operating environment for both the public and private sectors.
"The review will also consider whether Commonwealth programs can be better focused to deal with the ever increasing range of online threats,” he said.
Senator Conroy said the review of e-security was a vital step towards fostering confidence in using the internet for personal and business activities.
“A secure online environment trusted by the community coupled with the Government’s rollout of the National Broadband Network is critical to our nation’s continued social and economic prosperity,” he said.
About the author: Ernie Davitt is the National Affairs Editor for Australian Security Magazine.