Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aussie Gov't Won't Help Fight Cyber Attacks

Soulskill posted more than 3 years ago | from the they'd-probably-screw-it-up-anyway dept.

Australia 101

mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."

cancel ×

101 comments

Sorry! There are no comments related to the filter you selected.

CYBER TECHNOLOGY (3, Insightful)

BitHive (578094) | more than 3 years ago | (#33719906)

I am so sick of the term "cyber" being used by people to make their ideas sound sophisticated. It drives me mad to see this not having the opposite effect.

SO YOU SEE, WITH CYBER TECHNOLOGY....

aaagghh

Re:CYBER TECHNOLOGY (2, Informative)

Anonymous Coward | more than 3 years ago | (#33719946)

It sounds to me as if you are going through cyber rage.

Re:CYBER TECHNOLOGY (1)

Elbereth (58257) | more than 3 years ago | (#33719948)

I was going to cyber-post this very cyber-message. Because you cyber-beat me to the cyber-punch, I'll instead take this cyber-opportunity to inflict great cyber-pain on you.

Re:CYBER TECHNOLOGY (1)

DrugCheese (266151) | more than 3 years ago | (#33720066)

mod parent +1 cyber-funny

Re:CYBER TECHNOLOGY (0)

Anonymous Coward | more than 3 years ago | (#33720286)

Speaking as a post-cyberist, I reject your obsolete classification of the world into cyber and non-cyber.

All opportunity is opportunity. All pain is pain. All messages are messages.

It is not necessary to reevaluate your ethics and values just because the diegisis has changed.

Re:CYBER TECHNOLOGY (1)

ginbot462 (626023) | more than 3 years ago | (#33722138)

> Speaking as a post-cyberist

Pssah. As a true post-cyberist, you would have broken the cyber-wall and commented on your comment.

cyber-monkey

Re:CYBER TECHNOLOGY (0)

Anonymous Coward | more than 3 years ago | (#33719970)

Hilarious, to be sure.

Re:CYBER TECHNOLOGY (0)

Anonymous Coward | more than 3 years ago | (#33720916)

You mean like this [theonion.com] ?

Re:CYBER TECHNOLOGY (0)

Anonymous Coward | more than 3 years ago | (#33721094)

Cyber cyber, shove it up yer Khyber [babylon.com] .
Nano, nano, shove it up yer arse.

 

Re:CYBER TECHNOLOGY (1)

JustOK (667959) | more than 3 years ago | (#33721152)

pseudo-cyber-intellectuals

Re:CYBER TECHNOLOGY (1)

mvojtko (1910984) | more than 3 years ago | (#33725552)

This is the same response you get from any police force. Why would this surprise you? If you do not protect yourself, you are waiting on a reactionary force and you will suffer.

Re:CYBER TECHNOLOGY (1)

BitHive (578094) | more than 3 years ago | (#33729380)

protecting yourself is reactionary, real men never leave their basements

could it be (1)

Adolf Hitroll (562418) | more than 3 years ago | (#33719908)

does /. have a shield against fp?

But that's all that is the security agencies' job! (1)

ysth (1368415) | more than 3 years ago | (#33719910)

Dealing with cyber attacks that are not a national security issue would be the job of police agencies.

Re:But that's all that is the security agencies' j (1)

mjwx (966435) | more than 3 years ago | (#33720026)

here, here.

About time the /. notion of "get the gubbermit out of the way" was actually useful. Corporate security is the companies responsibility, it's up to the company to ensure that nothing damaging happens to their physical property (by installing security cameras, screening staff, guards and so forth) why should network security be any different? It isn't ASIO (Australian Security and Intelligence Organisation) or the AFP's (Australian Federal Police) job to secure a corporate network. The Attorney Generals department (where this article came from) may set a security standard, but it's up to an individual company to follow it.

Good thing, we've already got enough nutbars in politics trying to erect some kind of "shield" around the intertubes.

Yes Dr Conroy, I said "erect", you insecure tosser.

Re:But that's all that is the security agencies' j (2, Informative)

dakameleon (1126377) | more than 3 years ago | (#33720120)

Yes Dr Conroy, I said "erect", you insecure tosser.

As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor. No need to accord him an unnecessary honorific.

Tosser (or wanker, or variations on the same) on the other hand is a perfectly valid qualification to identifying the man.

Re:But that's all that is the security agencies' j (1)

mjwx (966435) | more than 3 years ago | (#33720142)

As amusing as that is, Senator The Hon. Stephen Conroy isn't a Doctor

Sorry, I got him confused with another Dr Conroy... not an uncommon name.

Re:But that's all that is the security agencies' j (2, Informative)

Anonymous Coward | more than 3 years ago | (#33720228)

It's 'hear, hear', not 'here, here', you retard.

http://en.wikipedia.org/wiki/Hear,_hear [wikipedia.org]

Re:But that's all that is the security agencies' j (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33720578)

here, here.

Hear, hear!

FTFY

Re:But that's all that is the security agencies' j (1)

FatdogHaiku (978357) | more than 3 years ago | (#33720710)

Where, where?

Re:But that's all that is the security agencies' j (1)

ysth (1368415) | more than 3 years ago | (#33726688)

Wow. I posted one sentence and you didn't even read it. Wow.

Re:But that's all that is the security agencies' j (1)

Mashiki (184564) | more than 3 years ago | (#33720534)

That's great except police are limited by what can be done, and you'll generally find that police services(or forces depending on where you are), have bigger fish to fry(like rape, murder, assaults, theft(physical), etc). In Canada unless the losses in relation to a computer crime, are greater than $100k the RCMP will not investigate. Local police will direct you there, and if it's under 100k, your local dept. may possibly try to divert manpower to it. But the ability to investigate is limited.

Internet based crime is a low priority, half because of manpower issues, half because police worldwide are in a transitional state in the way they do policing.

Re:But that's all that is the security agencies' j (1)

HungryHobo (1314109) | more than 3 years ago | (#33720716)

Internet based crime has got to me a massive headache for the police to try to deal with.

juristiction problems are almost guaranteed and even identifying the criminal with enough certainty for a court of law would take a hell of a lot of effort.

I'm told if you do most of the work for them- hand them a case on a silver platter and somehow find someone who definitly has juristiction you can get some results but otherwise forget it.

the fact that people generally don't die or show up on newspaper front pages with cut up faces also lowers it priority.

Re:But that's all that is the security agencies' j (0)

rtb61 (674572) | more than 3 years ago | (#33724750)

Australian already does it under another department http://www.acma.gov.au/WEB/LANDING/pc=INTERNET_MAIN [acma.gov.au] . Clearly the Australian government is signalling they are not interested in playing cyber warfare and feeding the global military industrial complex with billions more of tax payer dollars.

The threat is being hype up again and again, and yet all that bloody infrastructure not so long ago was safe from internet attacks because there was not internet and it ran fine. So cut the crap, in they connect important infrastructure to the internet in order to take stupid cheap shortcuts and skimp on a few dollars and their system gets hacked and costs hundreds of millions, then they're the bloody idiots and they should be the ones going to jail for criminal negligence.

Easy answer if governments want secure infrastructure then they can simply threaten executives responsible for keeping the infrastructure secure and safe with fines and prison time. Watch all the silly short cuts disappear overnight and a totally secure system take it's place.

As long as corporations are safe to take short cuts to inflate executive bonuses, then infrastructure collapse is ensured, whether mines blow up, oil rigs burn and sink, pipes burst, bridges collapse, workers die, internet failures etc. etc. as long those who make bad decisions are not individually prosecuted than expect them to continue.

Re:But that's all that is the security agencies' j (1)

LongearedBat (1665481) | more than 3 years ago | (#33723380)

In principle, yes, I agree.
In practice, ah, I think we'd need an entirely new form of police-ing/policy-ing to deal with internet crime.

Cyber shield sounds like a bit of a wank (4, Insightful)

orin (113079) | more than 3 years ago | (#33719924)

Cyber Shield? Is this like SDI for the internets? Zapping the rogue packets in the boost phase before they approach the systems that they target? How about instead of creating Cyber Shields, people are just reminded to read security bulletins and keep their software up to date?

Re:Cyber shield sounds like a bit of a wank (1)

Elbereth (58257) | more than 3 years ago | (#33719956)

Tell that to the Debian project.

Have they upgraded to ELF binaries yet?

Re:Cyber shield sounds like a bit of a wank (4, Funny)

Thanshin (1188877) | more than 3 years ago | (#33720134)

Have they upgraded to ELF binaries yet?

They did but the result was... a bit gay.

They're now planning an upgrade to DWARF binaries.

Re:Cyber shield sounds like a bit of a wank (1)

b00fhead (669286) | more than 3 years ago | (#33721948)

...and my ACKs!

Re:Cyber shield sounds like a bit of a wank (1)

LongearedBat (1665481) | more than 3 years ago | (#33723434)

Well, that's good. At least they're that won't cause bloat like GIANT binaries would.

Re:Cyber shield sounds like a bit of a wank (0)

Anonymous Coward | more than 3 years ago | (#33724132)

There's been a snag with the DWARF upgrade. The installation keeps getting interrupted by CARP.

Re:Cyber shield sounds like a bit of a wank (1)

arivanov (12034) | more than 3 years ago | (#33719968)

Probably with the same kill ratio as SDI as well.

Re:Cyber shield sounds like a bit of a wank (1)

milanmall (1897894) | more than 3 years ago | (#33720160)

i don't agreed this milanmall.com

Re:Cyber shield sounds like a bit of a wank (1)

Phopojijo (1603961) | more than 3 years ago | (#33720416)

I believe I saw a 3-country license of Cyber Shield in a Best Buy or something...

Sweet! (-1, Troll)

Zadaz (950521) | more than 3 years ago | (#33719986)

If this becomes standard government policy that means I can rob or kill any Australian citizen I want, as long as they're not in the government or military.

Re:Sweet! (1)

mjwx (966435) | more than 3 years ago | (#33720112)

If this becomes standard government policy that means I can rob or kill any Australian citizen I want, as long as they're not in the government or military.

Don't know how you figured that one out.

If you break into the network of the Westpac bank, you will still be charged under the relevant law, all this states is that it is Westpac's responsibility to prevent you from doing so.

By the same token, if you try to kill or rob me you'll have to deal with the punishments under relevant law. Also, we dont just hand out guns in this nation so you'll have to get mighty close to do it which means I can fight back. Now I wont kill you but you will learn that within 3 hours drive of my city is a barren wilderness full of poisonous snakes, spiders, 40 C heat, not much water and no one around for miles... A few reckless tourists die there each year, so y'all have a real nice day now.

Re:Sweet! (1)

sumdumass (711423) | more than 3 years ago | (#33720300)

Who needs a gun handed to them. It doesn't take much to turn the theory of operation into practice. Sure, it may not work as well as a $1000 pistol but it will work. Especially if the goal is to get close enough for you to see it coming but far enough away that you can't fight back.

BTW, I agree with your comment. This stance doesn't make existing laws go away. At best, it simply says that they won't invest time and money preventing it from happening.

Re:Sweet! (5, Funny)

ozmanjusri (601766) | more than 3 years ago | (#33720304)

If you break into the network of the Westpac bank,

You're clearly not familiar with Australian banks.

If you broke into the network of the Westpac bank, they'd be more likely to steal from you than the other way around. They've had a lot more practice, and have far lower scruples than the average cracker.

Re:Sweet! (1)

base2_celtic (56328) | more than 3 years ago | (#33720654)

I think you'll find that's any Australian bank.

Actually, any bank at all. Um. ...is there a trend we're missing here?

Re:Sweet! (1)

donscarletti (569232) | more than 3 years ago | (#33720940)

I know at least two guys on their security team. I would have to agree with you there. One particular guy I remember was tossed out of my university for hacking and snapped right up by their HR. I would suggest attacking pretty much any other bank.

Re:Sweet! (1)

Macgrrl (762836) | more than 3 years ago | (#33731448)

I was in the bridal party of the head of ANZ online security program, don't try them either. He's an ex-sniper and has the requisite morals.

Re:Sweet! (2, Insightful)

c6gunner (950153) | more than 3 years ago | (#33721262)

Also, we dont just hand out guns in this nation so you'll have to get mighty close ...

It's really cute that you think that :) It's like you've never heard of criminals. Naiveté can be so adorable!

Re:Sweet! (1)

mjwx (966435) | more than 3 years ago | (#33729918)

It's really cute that you think that :) It's like you've never heard of criminals. Naiveté can be so adorable!

Well I do live somewhere where I feel perfectly safe without weapons (and in a land with the 10 most dangerous animals on earth, petty criminals dont scare you much after that).

Re:Sweet! (2, Interesting)

dakameleon (1126377) | more than 3 years ago | (#33720132)

This isn't the government saying it won't pursue prosecution if there is accusation of a crime within its jurisdiction, just that it is not the government's duty to provide protection against the specific instance of a crime possible occurring. On your twisted extension, that means they won't provide every citizen with a kevlar vest, though they do so for the military.

What good would the government do anyway? (3, Insightful)

SuperKendall (25149) | more than 3 years ago | (#33720014)

Sure if power plants are being attacked, the government would step in.

But if a lot of private businesses are being attacked, what good would the government do anyway? Such an attack would be far more skillfully handled by the IT personnel at various companies, who have shown the ability to band together as needed for serious attacks.

Re:What good would the government do anyway? (1)

JimboG (1467977) | more than 3 years ago | (#33720048)

Correct. I'd also like to point out that having previously worked in govt. for a number of years, the IT departments are over-staffed and under-budgeted. There might be enough people to do something about an attack, but no equipment/software/tools to know if was happening to them. I can't speak for DSD or perhaps ASIO, maybe they do.

Re:What good would the government do anyway? (2, Insightful)

dakameleon (1126377) | more than 3 years ago | (#33720150)

In some states, the power infrastructure is still a government-owned asset, so they'll be the ones being attacked in the first instance.

I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.

Re:What good would the government do anyway? (1)

liamoshan (1283930) | more than 3 years ago | (#33720536)

I think you'll find most governments have been building "cyber" defence teams, which would be filled with people whose job it is to stay on top of security issues, attack techniques etc, and so you'd presume has as much if not more expertise than your average IT department.

Correct. Also, Power Plants, distribution grid etc are designated as "critical infrastructure", and they typically are given the benefit of government threat analysis and advice (on a "cost recovery" basis, so the government makes or loses no money in performing them). The scope of this advice extends to cyber threats (which are usually along the lines of "although you may not have heard of them, there are things called Industry Standards for IT Security. We suggest you begin looking at them")

Re:What good would the government do anyway? (4, Informative)

couchslug (175151) | more than 3 years ago | (#33720672)

"Sure if power plants are being attacked, the government would step in."

If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.

There is NO excuse for vital infrastructure to be controlled via the internet. At all. Ever. People who expose it to the internet are worse than negligent and merit firing, public exposure, and blacklisting so they never work again in a position of responsibility.

Re:What good would the government do anyway? (1)

AHuxley (892839) | more than 3 years ago | (#33721132)

"excuse for vital infrastructure to be controlled via the internet."
Australians like MS at the front end?
eg http://www.smh.com.au/technology/security/sinister-integral-energy-virus-outbreak-a-threat-to-power-grid-20091001-gdrx.html [smh.com.au]
http://www.zdnet.com.au/virus-hits-integral-energy-desktops-339298861.htm [zdnet.com.au]

Re:What good would the government do anyway? (1)

L4t3r4lu5 (1216702) | more than 3 years ago | (#33721788)

SCADA should be air-gapped from public networks, and in this instance public means "anything not involved with SCADA duties directly". It doesn't have to be a big air gap; Use the same cabs, use the same rooms. Just don't plug one into the other.

Re:What good would the government do anyway? (2, Informative)

mlts (1038732) | more than 3 years ago | (#33722216)

The only way I have seen that implemented report gathering for SCADA systems, where security was decent, was a setup akin to the following:

1: The systems were on their own private network, airgapped from everything else.
2: A machine polled them, and wrote the logs to hard disk accessible by a second machine in XML format with a header for files.
3: The second machine would copy the logs through a serial port with the rx wires cut on one side. It was configured not to care about ACKs, just send data, don't expect anything back.
4: The machine on the other end of the serial cable was configured to listen to what came through and write the data to files specified by the XML contents.
5: These files were picked up and made available on an external Web server.

If the machine that received the logs got compromised, the worst that could happen was that the input from the serial cable would be ignored and bogus logs written on that machine. It would be almost impossible to touch any machine in the internal network with the SCADA stuff without having physical access with this type of setup.

Of course, the bottleneck was the serial port, but with the relative low amount of data being polled and written, it was not that big an issue, compared to getting the reports out on time.

Re:What good would the government do anyway? (1)

Puff_Of_Hot_Air (995689) | more than 3 years ago | (#33731920)

But, as I keep saying on this damn site, the air-gap is long gone. You can't wish it back, you can't say "it mustn't be gone! it mustn't!". It's gone. Now attempts at network isolation through various other means are in place, but these can be compromised in a way that the physical air gap cannot. Add to this the fact that SCADA is being seen more and more as an "IT" kind of thing (and thus manageable by IT and not control system guys), the control system engineers are losing the fight for the air-gap. It sucks, but it's too late to cry about it, we need to deal with what is.

Re:What good would the government do anyway? (1)

dbIII (701233) | more than 3 years ago | (#33721692)

I think there's only one power plant in the country of any size with remote controls, but it's relatively tiny (4x60MW or 80MW units?), within line of sight from where it is controlled from and would have to have a dedicated cable. There are of course remote distribution controls but that is a different thing to trying to run a generator remotely.

Re:What good would the government do anyway? (2, Informative)

darkfire5252 (760516) | more than 3 years ago | (#33724580)

If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.

I feel like I repeat this at least once per 'cyberwar' thread, but it bears repeating until people start to understand. "Power plants can be attacked via the internet" is not equivalent to "Power plant controls are exposed to the internet". There's plenty of risk to the power infrastructure that comes from systems that can affect power usage being exposed to the internet, even if the power plant isn't exposed to the internet...

The reason that some people give 'cyberwar' more thought than that is that it's not as simple as you make it out to be. I'm a coauthor on a DOE sponsored paper (under security review, so no citation for now) that covers some more subtle aspects of the problem. The electrical grid can be attacked by compromising the control system if that system is internet connected, true. However, if a significant proportion of the electrical load for any one generator can be controlled via the internet, then that generator can be attacked via the internet without requiring any direct internet contact. Case in point, X10, Google, Microsoft, and many other companies are currently looking into home automation and controlling the home's electrical system via the computer. So, what happens the next time there's a runaway MS worm, but instead of just sending spam it gives control of the home automation system to the attacker? Simply by turning the power off in enough houses in an area, an attacker could actually cause physical damage to the power plant.

That's why we can't just dismiss the problem as "unhook the power plants from the internet." In a world that's increasingly hooked to the internet, we can't afford to overlook how the internet-connected components can possibly have an effect on the non-connected components.

Re:What good would the government do anyway? (1)

Macgrrl (762836) | more than 3 years ago | (#33731490)

Modern power networks are being implemented to manage load control at the sub-sector and even unique address level. This will minimise the effect the type of attack you are proposing could have, as increasing the load at a domestic level will simply result in your meter switching off supply. It will switch back on after a delay, and if the load is still over a given threshold, will switch off again. Lather, rinse, repeat.

Re:What good would the government do anyway? (1)

darkfire5252 (760516) | more than 3 years ago | (#33752752)

A late response to a dead thread, but it's worth pointing out that the problem we examined in detail was not too much load, it was a rapid reduction of load. The precise problem was that, if the smart meter is ever compromised (or some other home automation system was compromised in very large numbers), one could switch enough meters off supply such that the load at the generator is very drastically reduced to the point that it is mechanically damaged.

Stuxnet managed it without direct access (1)

SuperKendall (25149) | more than 3 years ago | (#33727818)

If powerplant controls are exposed to the internet

They don't have to be exposed to the internet.

The recent Stuxnet worm targeted industrial controllers with a transmission vector of USB fobs entering said facilities... and it worked.

I agree that powerplant controls should not be exposed to the internet but it does not mean they cannot face a virtual attack.

Re:What good would the government do anyway? (1)

Puff_Of_Hot_Air (995689) | more than 3 years ago | (#33731892)

And yet it is. Perhaps not directly, but the air-gap is long long gone. Not only that, many such plants are losing control of their networks to the IT side of the fence, and being forced to to provide the (potentially exploitable) bridge due to business constraints. So what are you going to do about it? Hold your hands over your ears and pretend it's not happening?

Re:What good would the government do anyway? (0)

Anonymous Coward | more than 2 years ago | (#33732868)

"Sure if power plants are being attacked, the government would step in."

There is NO excuse for vital infrastructure to be controlled via the internet.

Which is why the thumb drive attack vector is becoming more popular.

Re:What good would the government do anyway? (1)

Oxyde (1171033) | more than 3 years ago | (#33744382)

There is NO excuse for vital infrastructure to be controlled via the internet.

How else do you outsource to Mumbai?

Govt Failed in Online Betting Site Fiasco (0)

Anonymous Coward | more than 3 years ago | (#33720894)

1) USA is presently hiring all the good *CERT, paying serious money so attractive there is about a 100% brain drain. AUSCERT relies on good people stuck with domestic ties. What is left are 'B' graders or people who probably would fail a conventional security assessment at TS or above.

Failure Example: Globally, some Europe extortion mob started blackmailing online betting / Casino sites, not just Australia but UK too. They even did a 'sample' . Well those dummies (Police) and smart ISP's did a few things, but guess what: Attack mark 2 left them bleeding and in the gutter. See 4 Corners report.

If they can't defend against Eurotrash, what hope have they got against determined Chinese launches that got past at least a few levels.

The best part is yet to come. By making hacking 'illegal' in Australia, the community of experts to draw upon is minuscule, while China has schools of them.

So it is quite right to say 'you are on your own'. The difficult choice is whether to call the police or not - or pay extortion money.

Re:Govt Failed in Online Betting Site Fiasco (1)

SuperKendall (25149) | more than 3 years ago | (#33728338)

So it is quite right to say 'you are on your own'. The difficult choice is whether to call the police or not - or pay extortion money.

If private industry can't protect themselves then the government will have no-one better off. They'll either have to train up people for the purpose, or pay out the money.

Aussie govt won't lift a finger... (1)

syousef (465911) | more than 3 years ago | (#33720024)

Aussie govt won't lift a finger...You could've stopped right there. Well unless it's to fine the populace, cut services, or boost their own salaries.

Re:Aussie govt won't lift a finger... (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33720138)

Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?

Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 10 starving disabled orphans instantly and advancing the impending doom of civilisation.

Yeah, keep up the great work.

OT: The government barely understands the internet at all. The NSW government claimed they had been "breached after two days of sustained attacks" [securecomputing.net.au] when a newspaper found they could freely access the URL of an agency the gov't used to produce train timetables. The agency didn't secure the pages, so the government kicked up a stink about being "hacked". I'm glad they're keeping their incompetence far far away from our networks.

DO. NOT. WANT.

Re:Aussie govt won't lift a finger... (1)

zblack_eagle (971870) | more than 3 years ago | (#33720688)

Don't forget impounding those evil "hoons" cars. Nothing is more important than ensuring that Australian roads are completely free of import vehicles and car enthusiasts. How else can you train the population to help the government prop up our car industry than to intimidate them into buying the junk that rolls off the assembly line here?

Well, that's blatantly wrong [autoguide.com] . Considering the pointless Holden vs Ford patriotism that goes on here there's no government intervention required to keep bogans buying locally produced cars (except for those produced by Asian owned manufacturers). I'm all for repeat or blatant idiots having their cars impounded. I had some moron drive into me to cut in front of me at a set of traffic lights, and then he raged and reversed into me before speeding off. That's the only collision I've ever been involved in.

Or making sure that nobody, absolutely nobody, takes their eyes off the speedometer for even half a second, lest they creep 0.0000001 km/h over the limit, thereby killing 10 starving disabled orphans instantly and advancing the impending doom of civilisation.

+1 troll there. I've been done for speeding a minor amount over the limit a couple of times. There's usually leeway in the form of not fining someone until they are a certain amount over the speed limit. It's adequate motivation to make me check my speed whenever I pass fixed speed cameras or see brand new cars suspiciously parked in unusual places.

The agency didn't secure the pages, so the government kicked up a stink about being "hacked".

Quote from your linked article: 'Campbell said he had been advised by the IT contractor building the website, Bang The Table, that "there were two days of IT attacks on the website firewall security that began on Thursday 18 February at 8.44 p.m. and continued until around midday on Friday 19 February".'

Sounds like a Cover Your Ass on behalf of the contractor and a politician. Nothing new there.

Re:Aussie govt won't lift a finger... (1)

syousef (465911) | more than 3 years ago | (#33728716)

+1 troll there. I've been done for speeding a minor amount over the limit a couple of times. There's usually leeway in the form of not fining someone until they are a certain amount over the speed limit. It's adequate motivation to make me check my speed whenever I pass fixed speed cameras or see brand new cars suspiciously parked in unusual places.

They've actually removed that leeway, in both VIC and most recently in NSW. The speedometers are allowed to be up to 10% out. (Fortunately car companies take the opportunity to make them read 10% higher not lower). But now the leeway allowed is much less than that - 1-2km. I don't even know if that's within the tolerance of the equipment.

It most certainly is not a troll that forcing someone to regulate their speed so vigorously makes people concentrate on their speedo when they should be assessing the road. I have no doubt at all more lives are being lost than saved, all so that revenue can be raised.

The agency didn't secure the pages, so the government kicked up a stink about being "hacked".

Quote from your linked article: 'Campbell said he had been advised by the IT contractor building the website, Bang The Table, that "there were two days of IT attacks on the website firewall security that began on Thursday 18 February at 8.44 p.m. and continued until around midday on Friday 19 February".'

Sounds like a Cover Your Ass on behalf of the contractor and a politician. Nothing new there.

There are also circumstances where obeying a speed limit can be fatal due to the behaviour of others. I once was run off the road by a pair of semi-trailers who weren't obeying a 40 zone for roadwork. Had there been less gutter to pull into my wife and I would have been killed. Patchy enforcement to raise revenue will always be dangerous.

Re:Aussie govt won't lift a finger... (1)

inflex (123318) | more than 3 years ago | (#33720782)

The hoon-car laws are actually one thing that's pretty damned good, it's not targeting custom cars, it's targeting gits who see it fit to light up rubber, forget their exhaust or think they're exempt from engineering standards.

If you want to really let the lead-foot fly then go join up to CAMS or other similar racing clubs - oooh but of course, you're probably too cool for that (but really your car is just shit and those Type-R stickers will peel off when the CAMS boys fly by your sad piece of bling).

Oh yeah, I'm a crusty grumpy old man who loves his motorbikes and drags them at the right place.

Re:Aussie govt won't lift a finger... (1)

matthobbs05 (987562) | more than 3 years ago | (#33730158)

Well said.

So what's it gonna be? (1)

nacturation (646836) | more than 3 years ago | (#33720032)

Should the Australian government lift a finger to protect children from the evils that lurk online? No, let parents sort it out. Should it lift a finger to protect businesses? No, let the free market sort it out.

If the government is going to do anything, its focus should be on protecting the infrastructure as a whole, not individual businesses.

Re:So what's it gonna be? (1)

.tekrox (858002) | more than 3 years ago | (#33720250)

They SHOULDN'T be doing anything here; let me give you an example,

You go out for a couple of hours, leaving the front door to your house wide open, when you return you find all your possessions missing - was it the Government's responsibility to ensure that your house was locked?
To Stand a cop out the front of your house exclaiming 'move along'?, to lock the door for you? No.
These are your responsibilities, The police will come and investigate the crime - and you know there will be nothing they can do about it.
If multiple robberies happened in small area - there would be need then to inform people and possibly send out a petrol once in awhile.

This should be the same of business 'Cyber Security'.

Re:So what's it gonna be? (2, Informative)

sumdumass (711423) | more than 3 years ago | (#33720326)

What about if you come home while the thiefs are still their taking your stuff? Should the cops come and stop them, or wait until it's all done and take your statement?

I mean seriously, no defense shield is going to be able to autonomously say "they are attacking here, lets guard the doors". What they will likely do is be ready when company X says, I'm getting attacked at these ports by these IP's, then respond similar to a cop being called while the thieves are still cleaning out your house. But what it would do in addition to this, is create a centralized office in every government so that when thieves are tracked down, they can be pursued legally and don't escape the current conundrum where varying laws and unspecified places to report internet crimes typically get looked at funny and ignored once they cross international boundaries. In worse case scenarios, the government could probably access the router code and start dropping packets for the confirmed IP's making the attack much more difficult. It's not like the zombied PCs are normally visiting those sites.

Re:So what's it gonna be? (1)

Samah (729132) | more than 3 years ago | (#33731466)

Should the Australian government lift a finger to protect children from the evils that lurk online?

Stephen Conroy seems to think they should... :(
Ah but wait, the filter only actually blocks spams and scams [youtube.com] .

From the US Article (1)

Twide (1142927) | more than 3 years ago | (#33720046)

Lynn said the Pentagon strategy has identified "five pillars" to cyber security

Does this sound like a blatent religious ripoff to anyone else ?

Re:From the US Article (2, Funny)

Ethanol-fueled (1125189) | more than 3 years ago | (#33720062)

What do you expect? Half-baked ideas usually come from fifth-columnists.

Ah, the slashdot mind (3, Insightful)

SmallFurryCreature (593017) | more than 3 years ago | (#33720056)

Small government! The state should stay out of my business! Private industry can take care of everything!

Waah, something is happening, the state should step in! Save us oh mighty government! Regulate them! Control our every action and thought!

You can't have it both ways. Remember a while back when the US government announced that it could under emergency rules take control of networks? 99% of Slashdot was up in arms. No government spooks on your private network.

So, now the demand is that Australian soldiers walk into private business and secure the network?

So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?

Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?

And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.

We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.

It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.

Or as Douglas Adams said: People are a problem.

I say we nuke them from orbit. It is the only way to be sure.

Re:Ah, the slashdot mind (3, Insightful)

FriendlyLurker (50431) | more than 3 years ago | (#33720312)

So, now the demand is that Australian soldiers walk into private business and secure the network?

So, bad for US soldiers to take control over private networks, bad for AU soldiers not to take control over private networks?

Or maybe they should put up a firewall around Australia to protect business, but not to actually filter anything because an internet filter is bad?

And people wonder why politicians don't listen to their voters. Because it is IMPOSSIBLE. The very same voter will insist that the speed limit be dropped and mile high speed bumps be raised in front of the fire station to stop those devils from driving to fast. The same voter will want green power but no wind mills, tidal station, solar farm or hydro dams because they don't look nice.

We want cheap labor to pick fruit but no immigrants. Free markets to sell OUR goods, import tariffs on THEIR goods.

It is impossible and so politicians stop listening and listen to the lobbyist instead who at least know to be consistent within each single plea.

Or as Douglas Adams said: People are a problem.

I say we nuke them from orbit. It is the only way to be sure.

I think a lot of this cognitive dissidence is coming top down as troll stories trying to drum up support for minority lobby pressure, rather than from the population (or Slashdot readers minds) as you suggest. Take this news article that Slashdot has posted for instance: Complete crap, an obvious troll piece to try and pressure the Aussie government to toe the US line [salon.com] when it comes to it's invented "cyber warfare" rhetoric. Little more than a thin veil of fear to give itself permission to Secure, Clamp, Contain the internet against we the people. To SCC effectively of course you need to coordinate other countries at the same time, or it won't really work - so now the lobby pressure begins to reach us via these puff pieces - this article is asking if your on side with it? Read [slashdot.org] Most uprated [slashdot.org] comments [slashdot.org] on the topic from Slashdot and people are calling it what it is - a farce. So how the Fsk did slashdot editors pick this drudge piece to get posted - Is Geeknet's policy to reeducate geeks... or perhaps the firehose full of lobbyist brigades [slashdot.org] ?

Either way, where your seeing cognitive dissidence of individuals - I am seeing the divide widening between what lobbyists behind Gov policies want you to think, and what increasing number of people are actually thinking.

Re:Ah, the slashdot mind (0)

Anonymous Coward | more than 3 years ago | (#33720690)

It's cognitive DISSONANCE [wikipedia.org] .

Re:Ah, the slashdot mind (2, Insightful)

sumdumass (711423) | more than 3 years ago | (#33720334)

You are mistaking the actions of the government for the reactions of the people. They are not one in the same and often bear no resemblance to each other.

Re:Ah, the slashdot mind (1)

PPalmgren (1009823) | more than 3 years ago | (#33721420)

You are missing the point, its not about having one philosophy to make decisions, its about making the right decision for the right problem, philosophy be damned. Using a political philosophy to justify a decision is a cop-out to critical thinking. Is it wrong to regulate an industry's reporting requirements when they are using numbers that don't correlate with the truth? No. Is it wrong to remove regulation from an industry requiring 5-10 years of permit pursuit just to get started? No. I'll let you guess which two industries I'm talking about.

I don't think anyone here is arguing that the govt should defend against attacks for anything but critical infastructure like power plants, and even then people are irritated that these power plants are even attackable. I'm not sure who you are ranting at.

Think of the Children (1)

enoz (1181117) | more than 3 years ago | (#33720058)

But what of the glorious Internet Filter that was promised to save us all from the "spams or scams that come through the portal [apcmag.com] " ?

International (1)

DrugCheese (266151) | more than 3 years ago | (#33720122)

I'm all for smaller government. We're not dealing with just business to business dealings when it comes to the internet we're dealing with nation to nation. So when hosts from one nation are crippling your business with attacks, how do you bring them to justice without dealing with government?

As long as governments want to draw these lines and claim nationalities then they need to be able to deal with problems that transcend those lines.

Sounds fairly realistic to me (4, Insightful)

Jeeeb (1141117) | more than 3 years ago | (#33720136)

I'm not sure what all the upset in the summary is about (Other than pulling eyeballs). This guy sounds like he actually knows what he is doing. He hasn't jumped on the panic bandwagon. In fact he's said a number of very logical things:

- Not all cyber attacks are a matter of national security. Even attacks on government infrastructure aren't necessarily matters of espionage.
- Conventional military strategies have nothing to do with maintaining a robust IT infrastructure.

That seems fairly level headed to me. Rather than all this panic about cyber-warfare as a broad collection of laws I'd like to see:
- Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.
- Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.

P.s. Sorry for the first and second halve of the post being only somewhat related.

Re:Sounds fairly realistic to me (1)

c0lo (1497653) | more than 3 years ago | (#33720276)

After so many "Internet filtering" [google.com.au] and browsing history retention [zdnet.com.au] stories, that's to most common-sensical message I saw lately coming from the Australian government!!!

I think they should receive some congrats.

Re:Sounds fairly realistic to me (1)

FriendlyLurker (50431) | more than 3 years ago | (#33720598)

, that's to most common-sensical message I saw lately coming from the Australian government!!!

I think they should receive some congrats.

Common sense answers are not what the US is looking for - so they are being ridiculed for not jumping on the fear bandwagon. Now they want all NAT members to implement "blanket of security over our networks" [google.com] in order to Secure Clamp and Contain the internet [salon.com] ... a wwwar against we the people [youtube.com] .

Re:Sounds fairly realistic to me (0)

Anonymous Coward | more than 3 years ago | (#33720468)

- Liability for corporations who fail to take basic security steps to protect customer data. E.g. you're in-house system gets compromised by an SQL-injection then you're liable. There is no reasonable excuse to still be running system vulnerable to SQL-injection. Or your un-patched systems are compromised then you're liable.

  - Liability for software makers who sell software with easily preventable flaws. E.g. SQL-injections. I raise the point of SQL-injections because automatically checking code for insertion of strings into SQL statements should be trivial.
 

This would require major industry change for software developers as soon as you bring the "liability" word into the picture.
Probably more in line with doctors, engineers and lawyers. I.E. require software developers to be members of official registered government institutes to practice with liability coverage. If there is evidence of mal-practice you can be de-registered as a developer and disallowed from writing a line of code. This is/could/would be a good thing, but i dont see it happening, nobody wants to start paying those levels of wages code monkeys would demand for such conditions, in fact business wants just the opposite. (@see offshoring to countries with lower wages and less worker protections) At the moment EULA's seem to solve these *unnecessary* wage/liability problems for business in the western world. In fact the status quo is also good for OSS. Because *free* software would be extremely difficult to insure.
Actually the liability word is probably the only way big business could kill open source software. I think they will do this when the benefits outweigh the costs.

Re:Sounds fairly realistic to me (1)

liamoshan (1283930) | more than 3 years ago | (#33720514)

I agree. The scope of government intervention in the cyber world should not overstep its responsibilities.

Aussie government departments already provide cyber threat advisory to Australian business, and it's all out in the open.

-DSD [dsd.gov.au] (Aussie version of the NSA) provides cyber protection and advice to Australian government, and makes a lot of it's advice available for business to use [dsd.gov.au]

-The Attorney Generals Dept [ag.gov.au] provides cyber security advice to Australian businesses and individuals

-Aus CERT [cert.gov.au] does much of the same

The simple fact is most businesses have no idea about cyber security. The government tries to educate them, as do IT security industry such as SANS.

The government forcing cyber security down businesses throats would be the equivalent of using infantry to defend banks cash vaults. It's not their job, nor in a free democracy should it be

Blah blah blah (1)

Jeppe Salvesen (101622) | more than 3 years ago | (#33720154)

Another global problem in a nation-based world.

This story makes me think of Julian Assange. (1)

elucido (870205) | more than 3 years ago | (#33720290)

Aussie gov won't help with cyber attacks? What is the Aussie gov's stance on Wikileaks?

Re:This story makes me think of Julian Assange. (0)

Anonymous Coward | more than 3 years ago | (#33720476)

Aussie Govt likes Wikileaks. Aussie Govt gives Julian Assange advice on how not to become a victim of the US SS.

Australians do not trust their own government, and they certainly don't trust anyone else's government - especially those uptight crazy paranoid religous freaks in the US.

Australians tend to think that anyone in power is a lying bastard. Anyone who keeps those bastards honest is likely to be a top bloke.

So, even though Julian Assange is a bit of a wanker, he is also a top bloke.

And he makes the yanks cry, which is always funny. Nothing like seeing bullies get their comeuppance.

surely... (1)

thephydes (727739) | more than 3 years ago | (#33720470)

it is up to individuals - you, me, businesses, corporations - to secure their digital "assets". It is the governments role to secure the country. If my lack of preparedness affects national security then yes the government should take over, otherwise they should not have to. So, imo the Aussie government is doing the right thing.

Information != Attack (0)

Anonymous Coward | more than 3 years ago | (#33720620)

If your machines are stupid enough to read information my* machine sends it and then interpret that to do something that you do not want them to do, then tough luck. Not my problem.

*I would never do such a thing, however.

Oz? (3, Insightful)

WinstonWolfIT (1550079) | more than 3 years ago | (#33720630)

What's so God damned interesting about Australia's internets? We're half the size of California for Christ's sake. Who really gives a toss what we do?

Re:Oz? (0)

Anonymous Coward | more than 3 years ago | (#33721048)

Um, us Aussies? Or do you really have that much of a cultural cringe?

Also, not sure by what measure you're claiming us to be half the size of California. Certainly not by area, nor by population. If/when we do go ahead with the NBN, we'll certainly be matching it with the world leaders, and on a scale not achieved anywhere else. Or would you prefer us to cringe in the corner of the world so no-one notices or cares?

Re:Oz? (1)

MozzleyOne (1431919) | more than 3 years ago | (#33721154)

We may be half the size of California, but as a country we're one of only a very small handful European English-speaking countries (and I find Canada and the US hard to differentiate, and to be honest, NZ is extremely similar to us in all practical respects). This means that we are similar enough that our differences are cherished instead of feared as they are when they are TOO different in most other cases.

Re:Oz? (1)

AHuxley (892839) | more than 3 years ago | (#33721182)

Who really gives a toss what we do?
Historically we had a dream location for the NSA. We are tapped into a fun part of the world and have generational links with the NSA. Australia only ever thought of doing intel alone after ww2 and was quickly reconnected with the US/UK.
The net is near anonymous with changing IP's and logs right?
Best to keep that myth alive and well in Australia so our well funded clandestine services can keep an eye on all.
Any hardening via new laws and buying in new tech is no fun.
Let Unix, MS and Linux float along and everybody is happy until some 1-24h outage. Just dont get people 'upgrading' plaintext too soon.

It's a question of resources (1)

Zontar_Thing_From_Ve (949321) | more than 3 years ago | (#33721602)

Remember, every time the government jumps in to save businesses under a cyber attack, valuable resources are being diverted that could be used to stop people from copying CDs and DVDs. I can only hope that I'm being facetious there.

What is going on down under? (0)

Anonymous Coward | more than 3 years ago | (#33721816)

Yet a web filter to be run with little accountablity is to be implemented ASAP? There is a scale of attack that would require government intervention (eg: the Estonia DOS). For a country where people have such a commendable no bullshit attitude, the politicians sure are complete fuck-wits!

I am so disgusted with this! (1)

hesaigo999ca (786966) | more than 3 years ago | (#33722008)

I can not believe that a government would sit there and declare that this is not enough of a problem for them ,aside their own network and not push for the ISPs to get involved. We all know hacking is an INTERNATIONAL past time, so why not monitor incoming international traffic, to filter through, say the chinese, and put blocks on those channels, that if you must , you would have to use a special proxy that is maintained by the ISPs themselves. This could not only limit torrent abuse, but also limit or control information
flow to a certain extent. We have info overload right now, what would be so bad, to limit all the traffic to be local only to that continent.

I know what I am suggesting raises a few eyebrows, but think about it this way, if I never need to go to a chinese server to get a webpage, why give me access at all, and the reverse is true, if I have no outgoing traffic for china, why allow any incoming traffic, unless i fill a form to my ISP, asking that the vpn residing in china for my company is something i would like to have access to...this would soooooooo limit the amount of wasted bandwidth, and also hacking to a big percent, and also just good old fashioned traffic...no extra ping and echo packet requests to find out where to go, hopping here and there....

Australian Government = Finger up arse. (0)

Anonymous Coward | more than 3 years ago | (#33731296)

Either party. Cyber security = zilch.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>