1 August 2011

Canberra's InfoSec boffins letting the team down?

| johnboy
Join the conversation

The SMH has a lengthy piece on industrial scale penetration of Government information networks by hostile Governments.

Last week Graham Ingram, the general manager of Australian independent cyber emergency unit AusCERT, told a security conference Australia was as much as five years behind regarding cyber security.

Earlier this year it was revealed that foreign spies, likely Chinese, hacked into Parliament House’s email system and stole thousands of messages from at least 10 government ministers including the Prime Minister and the ministers for foreign affairs and defence.

So is the problem lack of competence? Or lack of funding?

Join the conversation

All Comments
  • All Comments
  • Website Comments

Hack is hardly the correct term. Information was only gathered from low security sources. It wasn’t a sophisticated attack like that done on RSA tokens. Imagine being a large Corp who has to divert serious time/money into the consideration of replacing all your tokens!

Security really begins with education and moves on from there. Most attacks occur because of end user stupidity or naivety. Sending PW via email etc make you much more venerable, particularly in a high sec system which would normally require a hashing to break. Unfortunately most people are dumb to cyber security.

Cyber attacks are far more common than most people realise. So much so that most Governments actually have a whole branch of defence dedicated to cyber security i.e. Army, Navy, Air force and Cyber Security.

It’s possible to have a 100% secured system and allow information freedom. The technology is available and we will probably see a large change of direction in the equipment used in the next 5 years.

eyeLikeCarrots10:21 am 02 Aug 11

Maybe we could actually field staff with cyber security skills if Defence stopped listening to the bloody headshrinkers.

johnboy said :

countries have no recourse under defamation laws.

Plenty of other options for recourse though…

Most of the system penetrations come through the gap assigned to risk management (eg we want to be able to do something like have web enabled services, allow people to use IT systems etc). If you had a 100% secure IT system, it’d be useless.

Buy ‘stuff’ and having ‘time’ is just a mitigation – not an absolute guarantee nothing bad will happen. Non-investment in technology/time/resources is a popular risk management technique (ie “we’ll gamble now and maybe pay later if anyone finds out”).

johnboy said :

countries have no recourse under defamation laws.

Well, they might stop sending us pandas…

countries have no recourse under defamation laws.

foreign spies, likely Chinese, hacked into Parliament House’s email system

I hope they have evidence to back that claim or it could meet some defamation law suit.

If I was to hack in to something like the parliament house (not that I have any interest) I’d use a proxy hosted in China as the last of the proxy chain.

I think people need to understand and lock down what is important, not the entire system. I don’t think money is the fix, I think time and innovative thinking is the solution.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.