How can international cooperation secure the
internet?
An overview of bilateral/multilateral issues of
security in the internet
Alex Webling
Director - NII
Critical Infrastructure Protection Branch
Achieving a just and secure society
What are the inherent
problems?
• The internet will never be totally secure
AND
• Everybody is your neighbour on the
internet.
That’s Nasty and Nice
– Nice if you’re doing business with them
– Nasty if they’re trying to attack you
Achieving a just and secure society
More problems - Convergence
• Technological Convergence
– Seamless data, voice and video sharing
– Reduces redundant paths for critical
systems
– Higher vulnerability
– Higher threat
Achieving a just and secure society
Convergence eg SCADA
• Supervisory Control & Data Acquisition
Systems (SCADA)
– Used in energy sector for controlling
processes
– Increasingly becoming remotely
controllable via the Internet / wireless!
– Could scada be remotely hijacked?
breaching dams, shutting down power
grids, contaminating water supplies etc
Achieving a just and secure society
Where are we?
Achieving a just and secure society
Drivers
• Reduced cost & increased availability of
Internet access
• New business uses & technologies
– Bluetooth wireless
– VoIP wireless
• Use increasing in sensitive industries
Achieving a just and secure society
What is being done now?
What could be working?
• Information sharing and Joint Response
– CERT to CERT communications
– Cybercrime 24/7 Network (G-8)
– APCERT (Aust/Japan/South Korea etc)
• Standards
• Laws
Achieving a just and secure society
Australian Participation in
International Fora on E-sec
APEC
– APEC TEL
Actively engaged with APEC
Telecommunications Working Group;
• E-Security Task Group
• APEC Projects (more later)
Achieving a just and secure society
International Fora (cont.)
OECD
– WPISP - Guidelines for the Security of
Information Systems and Networks:
Towards a Culture of Security, July 2002
– Working to promote the ‘Culture of
Security’ Guidelines with other economies
– Encouraging OECD economies to sponsor
projects to strengthen e-security of
developing economies in their regions.
Achieving a just and secure society
International Fora (cont)
Let’s not forget!
• ITU
– We’re here!
Achieving a just and secure society
International fora
• APCERT
– CERTs in Asia-Pacific region working
together in a partnership to share
information on threats and vulnerabilities
– AusCERT current chair, JPCERT
secretariat
Achieving a just and secure society
Multilaterals/Bilaterals
• US/Australian bilaterals
– Regular bilateral talks with the United
States on broader CIP issues.
• Discussions with Europeans
eg GovCERT NL Symposium
Achieving a just and secure society
Multilaterals cont.
• Informal Multilateral discussions after
AusCERT Conference. Government
attendees invited to stay and discuss issues
• Multilateral talks on NII issues with several
European and Asian countries, as well as the
UK, US, Canada and NZ
• Additional bilateral CIP talks being considered
with other Asia-Pacific regional countries.
Achieving a just and secure society
Capacity Building / Awareness Raising
• CERT capacity building projects funded
by APEC and AusAID
– AusAID project in Thailand, Vietnam,
Philippines, Papua New Guinea,
Indonesia,
– APEC / US Govt funded project in Chile,
Peru, Mexico and the Russian Federation.
Achieving a just and secure society
Standards
• Technical standards – security should
be built in, not bolt on
Vendor discussions
• Best practice guidelines such as
Standards Australia’s HB171-2003 –
Guidelines for the management of IT
evidence
• ISO standards
Achieving a just and secure society
Laws
• Cybercrime Act 2001 (based on Council
of Europe Convention)
• Australia - updated existing criminal provisions – e.g.
previous computer laws did not sufficiently address
“denial of service attacks”.
• Enhanced investigatory powers relating to
electronically stored data.
• Of course
Laws which are similar across countries makes it
easier for multinational law enforcement response!
Achieving a just and secure society
Awareness Raising
• CERT Awareness raising seminars being run
in APECTEL on security issues.
• Began in March 03, ongoing
• Australia encourages developed economies
to support developing economies’ CERTs eg
through:
– Training – in-country
– Support for experts to attend conferences
– Technical support
Achieving a just and secure society
What is the future?
• Because of the borderless nature of
cyberspace, international cooperation is
even more essential to secure a safe
online environment.
• More businesses and governments and
business machinery online
• A ‘target rich environment’
Achieving a just and secure society
Longer term
Governments and business who are the
major users of the internet will be forced
to work together to combat the worst
elements
Technology will provide some help –
eventually
Achieving a just and secure society
So maybe
We might get closer to the end of the line!
Achieving a just and secure society
Conclusions
• Internet and the high seas (an analogy).
– We need to be exiting the Swashbuckling
days! Pirates, rogues etc (hopefully). But
still, anybody can get a ship (computer)
and sail the seas of the internet.
– Islands of order, seas of chaos
– Treasures to be pillaged and plundered!
Achieving a just and secure society
Conclusions
– Working together to coordinate the islands’
defences is a good way to bring order
– Varying levels of order in different islands!
– Parallel step, work within multilateral orgs
and bilaterally to increase order
– Eventually, we might aim to a law of the
internet.
Achieving a just and secure society
• Alex Webling
• Director – National Information Infrastructure
• Critical Infrastructure Protection Branch
• alex.webling@ag.gov.au
• cip@ag.gov.au
• www.tisn.gov.au
(general email address for CIP matters)
(Web site on Trusted Information Sharing
Network)
• www.nationalsecurity.gov.au (AGD web site on National
security)
Achieving a just and secure society