240 likes | 414 Views
How can international cooperation secure the internet? An overview of bilateral/multilateral issues of security in the internet Alex Webling Director - NII Critical Infrastructure Protection Branch. What are the inherent problems?. The internet will never be totally secure AND
E N D
How can international cooperation secure the internet? An overview of bilateral/multilateral issues of security in the internet Alex Webling Director - NII Critical Infrastructure Protection Branch
What are the inherent problems? • The internet will never be totally secure AND • Everybody is your neighbour on the internet. That’s Nasty and Nice • Nice if you’re doing business with them • Nasty if they’re trying to attack you
More problems - Convergence • Technological Convergence • Seamless data, voice and video sharing • Reduces redundant paths for critical systems • Higher vulnerability • Higher threat
Convergence eg SCADA • Supervisory Control & Data Acquisition Systems (SCADA) • Used in energy sector for controlling processes • Increasingly becoming remotely controllable via the Internet / wireless! • Could scada be remotely hijacked?breaching dams, shutting down power grids, contaminating water supplies etc
Drivers • Reduced cost & increased availability of Internet access • New business uses & technologies • Bluetooth wireless • VoIP wireless • Use increasing in sensitive industries
What is being done now?What could be working? • Information sharing and Joint Response • CERT to CERT communications • Cybercrime 24/7 Network (G-8) • APCERT (Aust/Japan/South Korea etc) • Standards • Laws
Australian Participation in International Fora on E-sec APEC • APEC TELActively engaged with APEC Telecommunications Working Group; • E-Security Task Group • APEC Projects (more later)
International Fora (cont.) OECD • WPISP - Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, July 2002 • Working to promote the ‘Culture of Security’ Guidelines with other economies • Encouraging OECD economies to sponsor projects to strengthen e-security of developing economies in their regions.
International Fora (cont) Let’s not forget! • ITU • We’re here!
International fora • APCERT • CERTs in Asia-Pacific region working together in a partnership to share information on threats and vulnerabilities • AusCERT current chair, JPCERT secretariat
Multilaterals/Bilaterals • US/Australian bilaterals • Regular bilateral talks with the United States on broader CIP issues. • Discussions with Europeanseg GovCERT NL Symposium
Multilaterals cont. • Informal Multilateral discussions after AusCERT Conference. Government attendees invited to stay and discuss issues • Multilateral talks on NII issues with several European and Asian countries, as well as the UK, US, Canada and NZ • Additional bilateral CIP talks being considered with other Asia-Pacific regional countries.
Capacity Building / Awareness Raising • CERT capacity building projects funded by APEC and AusAID • AusAID project in Thailand, Vietnam, Philippines, Papua New Guinea, Indonesia, • APEC / US Govt funded project in Chile, Peru, Mexico and the Russian Federation.
Standards • Technical standards – security should be built in, not bolt on Vendor discussions • Best practice guidelines such as Standards Australia’s HB171-2003 – Guidelines for the management of IT evidence • ISO standards
Laws • Cybercrime Act 2001 (based on Council of Europe Convention) • Australia - updated existing criminal provisions – e.g. previous computer laws did not sufficiently address “denial of service attacks”. • Enhanced investigatory powers relating to electronically stored data. • Of course Laws which are similar across countries makes it easier for multinational law enforcement response!
Awareness Raising • CERT Awareness raising seminars being run in APECTEL on security issues. • Began in March 03, ongoing • Australia encourages developed economies to support developing economies’ CERTs eg through: • Training – in-country • Support for experts to attend conferences • Technical support
What is the future? • Because of the borderless nature of cyberspace, international cooperation is even more essential to secure a safe online environment. • More businesses and governments and business machinery online • A ‘target rich environment’
Longer term Governments and business who are the major users of the internet will be forced to work together to combat the worst elements Technology will provide some help – eventually
So maybe We might get closer to the end of the line!
Conclusions • Internet and the high seas (an analogy). • We need to be exiting the Swashbuckling days! Pirates, rogues etc (hopefully). But still, anybody can get a ship (computer) and sail the seas of the internet. • Islands of order, seas of chaos • Treasures to be pillaged and plundered!
Conclusions • Working together to coordinate the islands’ defences is a good way to bring order • Varying levels of order in different islands! • Parallel step, work within multilateral orgs and bilaterally to increase order • Eventually, we might aim to a law of the internet.
Alex Webling • Director – National Information Infrastructure • Critical Infrastructure Protection Branch • alex.webling@ag.gov.au • cip@ag.gov.au (general email address for CIP matters) • www.tisn.gov.au (Web site on Trusted Information Sharing Network) • www.nationalsecurity.gov.au (AGD web site on National security)