achieving a just and secure society how can international cooperation secure the internet? an...

Achieving a just and secure society

How can international cooperation secure the How can international cooperation secure the internet?internet?

An overview of bilateral/multilateral issues of An overview of bilateral/multilateral issues of security in the internetsecurity in the internet

Alex WeblingDirector - NIICritical Infrastructure Protection

Branch


What are the inherent problems?

• The internet will never be totally secure AND

• Everybody is your neighbour on the internet.

That’s Nasty and Nice – Nice if you’re doing business with them– Nasty if they’re trying to attack you


More problems - Convergence

• Technological Convergence– Seamless data, voice and video sharing– Reduces redundant paths for critical

systems– Higher vulnerability– Higher threat


Convergence eg SCADA

• Supervisory Control & Data Acquisition Systems (SCADA)– Used in energy sector for controlling

processes– Increasingly becoming remotely

controllable via the Internet / wireless!– Could scada be remotely hijacked?

breaching dams, shutting down power grids, contaminating water supplies etc


Where are we?


Drivers

• Reduced cost & increased availability of Internet access

• New business uses & technologies– Bluetooth wireless– VoIP wireless

• Use increasing in sensitive industries


What is being done now?What could be working?

• Information sharing and Joint Response– CERT to CERT communications– Cybercrime 24/7 Network (G-8)– APCERT (Aust/Japan/South Korea etc)

• Standards

• Laws


Australian Participation in International Fora on E-sec

APEC– APEC TEL

Actively engaged with APEC Telecommunications Working Group;

• E-Security Task Group• APEC Projects (more later)


International Fora (cont.)

OECD – WPISP - Guidelines for the Security of

Information Systems and Networks: Towards a Culture of Security, July 2002

– Working to promote the ‘Culture of Security’ Guidelines with other economies

– Encouraging OECD economies to sponsor projects to strengthen e-security of developing economies in their regions.


International Fora (cont)

Let’s not forget!

• ITU– We’re here!


International fora

• APCERT – CERTs in Asia-Pacific region working

together in a partnership to share information on threats and vulnerabilities

– AusCERT current chair, JPCERT secretariat


Multilaterals/Bilaterals

• US/Australian bilaterals– Regular bilateral talks with the United

States on broader CIP issues.

• Discussions with Europeanseg GovCERT NL Symposium


Multilaterals cont.

• Informal Multilateral discussions after AusCERT Conference. Government attendees invited to stay and discuss issues

• Multilateral talks on NII issues with several European and Asian countries, as well as the UK, US, Canada and NZ

• Additional bilateral CIP talks being considered with other Asia-Pacific regional countries.


Capacity Building / Awareness Raising

• CERT capacity building projects funded by APEC and AusAID– AusAID project in Thailand, Vietnam,

Philippines, Papua New Guinea, Indonesia, – APEC / US Govt funded project in Chile,

Peru, Mexico and the Russian Federation.


Standards

• Technical standards – security should be built in, not bolt on Vendor discussions

• Best practice guidelines such as Standards Australia’s HB171-2003 – Guidelines for the management of IT evidence

• ISO standards


Laws

• Cybercrime Act 2001 (based on Council of Europe Convention)

• Australia - updated existing criminal provisions – e.g. previous computer laws did not sufficiently address “denial of service attacks”.

• Enhanced investigatory powers relating to electronically stored data.

• Of course Laws which are similar across countries makes it easier for multinational law enforcement response!


Awareness Raising

• CERT Awareness raising seminars being run in APECTEL on security issues.

• Began in March 03, ongoing• Australia encourages developed economies

to support developing economies’ CERTs eg through:– Training – in-country– Support for experts to attend conferences– Technical support


What is the future?

• Because of the borderless nature of cyberspace, international cooperation is even more essential to secure a safe online environment.

• More businesses and governments and business machinery online

• A ‘target rich environment’


Longer term

Governments and business who are the major users of the internet will be forced to work together to combat the worst elements

Technology will provide some help – eventually


So maybe

We might get closer to the end of the line!


Conclusions

• Internet and the high seas (an analogy). – We need to be exiting the Swashbuckling

days! Pirates, rogues etc (hopefully). But still, anybody can get a ship (computer) and sail the seas of the internet.

– Islands of order, seas of chaos– Treasures to be pillaged and plundered!


Conclusions

– Working together to coordinate the islands’ defences is a good way to bring order

– Varying levels of order in different islands!– Parallel step, work within multilateral orgs

and bilaterally to increase order– Eventually, we might aim to a law of the

internet.


• Alex Webling• Director – National Information Infrastructure• Critical Infrastructure Protection Branch• [email protected]

• [email protected](general email address for CIP matters)• www.tisn.gov.au (Web site on Trusted Information

Sharing Network)• www.nationalsecurity.gov.au (AGD web site on National

security)

achieving a just and secure society how can international cooperation secure the internet? an...

Documents