Feeds

Aussie pols want compulsory AV software and firewalls

Police, business and lawyers consulted: consumers not

Combat fraud and increase customer satisfaction

As the Australian Government continues to grapple with the issue of how best to protect the nation from internet nastiness, the House of Representatives Standing Committee on Communications has just lobbed a major new element into the debate in the form of a mega-report on cyber-crime.

The report - entitled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime (pdf) - is a 260-page opus, published this week and compiled under the chairmanship of Ms Belinda Neal MP. In the foreword, Ms Neal writes that "the interests and needs of consumers and business [should] generally be elevated in the national Cyber Security Strategy".

Some of the steps that can be taken immediately include a national coordination point to oversee this broader strategy, a national cyber-crime reporting centre, better coordination and training for law enforcement agencies and public-private information sharing on a wider range of cyber-crime types.

These conclusions were based on evidence that the Committee heard, to the effect that Australian consumers (and businesses) were being targeted by cyber criminals as never before, with a total cost to Australian business as high as $649m a year.

The committee were also told that increasing internet speeds were likely to make the situation worse.

The report also came up with a series of some 34 recommendations that ranged from the banal - the Australian Communications Department should publicise the issues more widely and support the development of community-wide IT literacy training that includes cyber security – to the slightly more scary.

The latter include new obligations on both ISPs and end-users to keep the net free from viruses. So, the report recommends that end-users be required to "install anti-virus software and firewalls before the Internet connection is activated". They should then do their best to keep security up to date and "take reasonable steps to remediate their computer(s) when notified of suspected malware compromise".

ISPs would be obliged to provide security advice, inform users when their IP address has been flagged as linked to infected machine, and put in place a policy of "graduated access restrictions" – with disconnection as the ultimate sanction.

Bad news, too, for hackers. The committee wants law enforcement agencies to "target the underground economy in malicious IT tools and personal financial information", as well as disrupt botnets and prosecute "botherders".

For those already concerned about Orwellian tendencies in Australia’s policy on the internet, there is yet more stuff to cause alarm. The Australian Communications and Media Authority will be asked to increase (further!) "its access to network data for the purpose of detecting malware compromised computers".

"This should include active consideration of how to increase access to network data held by global IT security companies and, in consultation with relevant departments, whether legal protections to address commercial, regulatory and privacy concerns are desirable."

In other words, the amount of seriously sensitive data to be held by government is going to increase dramatically – and government (at least in the shape of this committee) is not entirely convinced whether end-users need any legal protection in respect of this increase.

On the positive side, there is likely to be a push for specific protections against the unauthorised installation of software programs, particularly those that "monitor, collect, and disclose information about end users’ Internet purchasing and Internet browsing activity".

For those puzzled by the irony of it all – the focus on protecting the consumer from nasty hackers "out there", coupled with complacency in respect of the role of the state – a short glance at the witness list is all that is needed. Big business (including security providers such as McAfee and Symantec), lawyers, government departments and police are there: the end-user is not.

As an exercise in top-down policy-making, this report is exemplary: if, however, Ms Neal is looking for wider acceptance amongst the community she is seeking to police, the report might have done better to trawl a lot wider. ®

Bootnote

While public debate on whether or not Communications Minister Stephen Conroy will be able to bring in legislation to support his great firewall project before the next election, a reader writes to suggest it really doesn't matter. The government just bought the AU last mile from Telstra and as part of the deal requires Telstra to "retire" their existing copper loop. In time, therefore, all ISPs will have no choice but to migrate to the Conroy-connector - at which point legislation to impose a filter will not really be needed.

SANS - Survey on application security programs

More from The Register

next story
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.