Australia's E-security Activities ITU Workshop- Brisbane Sabeena Oberoi Assistant Secretary, Communication Security Department of Broadband, Communications, and the Digital Economy Australia 1 Current landscape z Change is a constant- more sophisticated and malicious attacks z Online environment highly interconnecteddifferent segments can not be addressed in isolation z More holistic and integrated approach needed to e-security 2 E-Security National Agenda z Established in 2001 to create a secure, trusted electronic operating environment for both the public and private sectors. z Reviewed in 2006 3 E-Security policy priorities 1. Reducing the e-security risk to Australian Government information and communications systems; 2. Reducing the e-security risk to Australia’s national critical infrastructure; and 3. Enhancing the protection of home users and SMEs from electronic attacks and fraud. 4 E-Security Review z Announced in July 2008 z Changing online environment z Development of new policy framework for esecurity 5 Awareness Raising z Focus needs to be on the most vulnerable sector home users and SMEs z Australian Initiatives ¾ National Awareness Week 6-13 June 2008 ¾ Stay Smart Online www.staysmartonline.gov.au 6 Awareness raising z Stay Smart online alert service z Schools education package ¾ Targeted at year 3 and year 9 7 Public-private sector partnerships z Working with Industry ¾ Collaboration with IT vendors, financial sector and ISPs z Australian Examples ¾ National E-Security Awareness Week ¾ Australian Internet Security Initiative ¾ Trusted Information Sharing Network 8 Critical Infrastructure Protection z Trusted Information Sharing Network (TISN) z IT Security Expert Advisory Group z Supervisory Communications and Data Acquisition (SCADA) Community of Interest 9 Australia’s Critical Infrastructure Protection Arrangements Business Government Advisory Group on National Security (BGAG) Attorney-General National Counter-Terrorism Committee OTHER GOVERNMENT BODIES E-Security Policy and Coordination (ESPaC) Committee National Committee on Critical Infrastructure Protection (NCCIP) Federal, state and territory governments Australian Government Senior Officers Group (AGSOG) - NCCIP Trusted Information Sharing Network Critical Infrastructure Advisory Council (CIAC) Infrastructure Assurance Advisory Groups (IAAGs) Banking & Finance (AGD) Emergency Services (EMA) Communications (DBCDE) Mass Gatherings (AGD) Food Chain (DAFF) Energy (DRET) Expert Advisory Groups (EAGs) Health (DHA) Water Services (AGD) Transport (DITRDaLG) CIP Futures (AGD) IT Security (DBCDE) SCADA Community of Interest (DBCDE) Agency/ portfolio shown in brackets provides support services and interface with Australian Government December 2007 10 IT Security Expert Advisory Group z Provides strategic information and advice to Australia’s critical infrastructure sectors on emerging IT security issues z Policy advice for CIOs and CEOs ¾ Wireless security ¾ Outsourcing ¾ IT Security Governance ¾ Security of Voice over IP ¾ Denial of Service Attacks 11 SCADA Community of Interest z A focus of the IT Security Expert Advisory Group is the security of SCADA systems z SCADA security is crucial to continuity of essential services z Community of interest is a cross sectoral network of practitioners z Raises awareness of SCADA security issues 12 International Cooperation • Global Problem – Collaboration with other economies and organisations such as ITU, OECD and APEC TEL vital 13 Questions? Thank you sabeena.oberoi@dbcde.gov.au 14