Feeds

Aussie pols want compulsory AV software and firewalls

Police, business and lawyers consulted: consumers not

Mobile application security vulnerability report

As the Australian Government continues to grapple with the issue of how best to protect the nation from internet nastiness, the House of Representatives Standing Committee on Communications has just lobbed a major new element into the debate in the form of a mega-report on cyber-crime.

The report - entitled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime (pdf) - is a 260-page opus, published this week and compiled under the chairmanship of Ms Belinda Neal MP. In the foreword, Ms Neal writes that "the interests and needs of consumers and business [should] generally be elevated in the national Cyber Security Strategy".

Some of the steps that can be taken immediately include a national coordination point to oversee this broader strategy, a national cyber-crime reporting centre, better coordination and training for law enforcement agencies and public-private information sharing on a wider range of cyber-crime types.

These conclusions were based on evidence that the Committee heard, to the effect that Australian consumers (and businesses) were being targeted by cyber criminals as never before, with a total cost to Australian business as high as $649m a year.

The committee were also told that increasing internet speeds were likely to make the situation worse.

The report also came up with a series of some 34 recommendations that ranged from the banal - the Australian Communications Department should publicise the issues more widely and support the development of community-wide IT literacy training that includes cyber security – to the slightly more scary.

The latter include new obligations on both ISPs and end-users to keep the net free from viruses. So, the report recommends that end-users be required to "install anti-virus software and firewalls before the Internet connection is activated". They should then do their best to keep security up to date and "take reasonable steps to remediate their computer(s) when notified of suspected malware compromise".

ISPs would be obliged to provide security advice, inform users when their IP address has been flagged as linked to infected machine, and put in place a policy of "graduated access restrictions" – with disconnection as the ultimate sanction.

Bad news, too, for hackers. The committee wants law enforcement agencies to "target the underground economy in malicious IT tools and personal financial information", as well as disrupt botnets and prosecute "botherders".

For those already concerned about Orwellian tendencies in Australia’s policy on the internet, there is yet more stuff to cause alarm. The Australian Communications and Media Authority will be asked to increase (further!) "its access to network data for the purpose of detecting malware compromised computers".

"This should include active consideration of how to increase access to network data held by global IT security companies and, in consultation with relevant departments, whether legal protections to address commercial, regulatory and privacy concerns are desirable."

In other words, the amount of seriously sensitive data to be held by government is going to increase dramatically – and government (at least in the shape of this committee) is not entirely convinced whether end-users need any legal protection in respect of this increase.

On the positive side, there is likely to be a push for specific protections against the unauthorised installation of software programs, particularly those that "monitor, collect, and disclose information about end users’ Internet purchasing and Internet browsing activity".

For those puzzled by the irony of it all – the focus on protecting the consumer from nasty hackers "out there", coupled with complacency in respect of the role of the state – a short glance at the witness list is all that is needed. Big business (including security providers such as McAfee and Symantec), lawyers, government departments and police are there: the end-user is not.

As an exercise in top-down policy-making, this report is exemplary: if, however, Ms Neal is looking for wider acceptance amongst the community she is seeking to police, the report might have done better to trawl a lot wider. ®

Bootnote

While public debate on whether or not Communications Minister Stephen Conroy will be able to bring in legislation to support his great firewall project before the next election, a reader writes to suggest it really doesn't matter. The government just bought the AU last mile from Telstra and as part of the deal requires Telstra to "retire" their existing copper loop. In time, therefore, all ISPs will have no choice but to migrate to the Conroy-connector - at which point legislation to impose a filter will not really be needed.

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.