Skip to content Skip to main navigation

Business

We mean business
Contact us today to get results

Stanhopian self-congratulation on IT Security

By johnboy 22 February 2011 14

Chief Minister Stanhope is celebrating that his Government’s servers have not been hacked, as far as he knows.

ACT Government websites faced more than 646,000 cyber attacks in 2009-10 but repelled each one of them, Chief Minister and Minister for Territory and Municipal Services, Jon Stanhope, said today.

“The fact that not one of the 646,700 cyber attacks on ACT Government-hosted websites was successful demonstrates the robust security procedures and tactics in place,” Mr Stanhope said.

Reports on website attacks are assessed in line with the industry standard Common Vulnerability Scoring System which rates the severity of attacks as high, medium or low. In 2009-10 approximately 78,000 cyber attacks rated as high, 565,000 rated as medium and 3,700 rated as low.

“The ACT Government, through its information communication technology (ICT) service provider, InTACT, has implemented a layered defence against cyber attacks on 98 ACT Government-hosted websites,” Mr Stanhope said.

“InTACT continually improves its ICT infrastructure gateway by deploying well managed firewalls, intruder prevention systems and geographically dispersed websites. The vulnerability levels of the public-facing websites are continually being reviewed by both automated and manual testing.

“Prior to allowing a new website to go live, InTACT’s ICT security team tests the vulnerability of the site to cyber attacks using automated and manual tactics. The security team also conducts periodic audits across websites using an internal ethical hacker.”

The problem being that it’s the hacks you don’t detect which you have to worry about.

What’s Your opinion?


Please login to post your comments, or connect with
14 Responses to
Stanhopian self-congratulation on IT Security
Filter
Showing only Website comments
Order
Newest to Oldest
Oldest to Newst
georgesgenitals 7:52 am 23 Feb 11

Nothing to see here. There are lots of automated processes that scan a range of Internet devices, and people who run basic tools to fiind vulnerabilities.

IT security is much larger than simply blocking some basic scans and malicious packets.

Ian 1:48 am 23 Feb 11

I’d expect that bragging about your security simply serves to invite some hacker to have a go at cracking the security. Better to just do the security well and lay low.

What is it with Stanhope lately? ACT government agencies performing basic organisational functions competently is news somehow? eg IT security working properly, ACTION training new employees. What next? Public servants paid? Vendor invoices paid?

steveu 9:32 pm 22 Feb 11

I would have thought any domain with a “.gov” in it would as a matter of course be subject to a host of attacks from the Chinese.

As disinformation pointed out, lets hope this isnt a challenge put out there thats gonna see unhealthy attention from those with something to prove.

I had heard around the traps they had a successful intrusion last March anyway.

At the end of the day, I cant see why the “government” (read=council) of a small territory would be of any interest to someone to ‘penetrate’ in the first place.

vg 5:58 pm 22 Feb 11

Doesn’t quite gel with the letter we got from ACT health saying one of their laptops was ‘stolen’ with compromising personal data within. IT security wonderful, physical security of IT….s***house

Davo111 5:02 pm 22 Feb 11

I wonder how they “calculated” 646,000 cyber attacks. I wonder if a 1 second DDOS attack counts as “1 attempt” or 80 attempts.

Am i surprised? not really.

Government website + static IP + general scanning of the internet = a lot of “attempts”.

dazzab 4:29 pm 22 Feb 11

I wonder what the point of this PR is? Surely there are better performance indicators to measure an IT service on? How about some information on how much this all cost? How about down time? He must be getting desperate for attention if this is the best he can come up with.

Disinformation 3:19 pm 22 Feb 11

A very astute article a while ago pointed out that anyone who uses the word “cyber” is trying to drum up legitimacy with luddites.
The internet is now full of noise. Vulnerability scanners work randomly across ranges of IP addresses. Anyone in IT security knows that the best crackers aren’t detected anyway. It’s why they’re the best. Script kiddies provide the noise and get the attention. Just pray that the ACT government doesn’t annoy someone that really knows what they’re doing. Mr Stanhope could end up paying for a lot of people’s phone bills, parking tickets or electricity. And that would just be the fun things.

workindan 1:02 pm 22 Feb 11

Banks repelled about as many visual attacks of people looking at bank vaults and thought attacks of people thinking the ATM would spontaneously release many thousands of dollars for them.

Most cyber attacks had about as much chance of succeeding as these visual and thought attacks.

Cyber statistics are just sad in the way media and politicians present them.

TVStar 12:22 pm 22 Feb 11

Is Stanhope, in effect, just saying that every attack that has got through has gone unnoticed?

p1 12:18 pm 22 Feb 11

grundy said :

Just a normal part of being online these days…

I suspect that a lot of these “attacks” are the internet equivalent of you receiving a wrong number or a telemarketer call on your home phone, then reporting it as an attempted house invasion.

grundy 10:56 am 22 Feb 11

Your average, always-on broadband connection at home could get just as many ‘attempts’ blocked over 2 years.
Just a normal part of being online these days…

JitterBlip 10:12 am 22 Feb 11

johnboy said :

JitterBlip said :

I wonder what constitutes a ‘cyber attack’ here? 646,700 strikes me as an awfully large number of ‘attacks’ in the space of a couple of years.

I imagine it’s mostly buffer overflow attempts. Every device with a direct internet connection gets dozens of them a minute.

I see – perhaps the count reflects repeated attack attempts by computer programs as run by attackers, and not individual attacks all initiated directly by people (which may well be significantly less than 646,700)…

johnboy 10:06 am 22 Feb 11

JitterBlip said :

I wonder what constitutes a ‘cyber attack’ here? 646,700 strikes me as an awfully large number of ‘attacks’ in the space of a couple of years.

I imagine it’s mostly buffer overflow attempts. Every device with a direct internet connection gets dozens of them a minute.

JitterBlip 10:02 am 22 Feb 11

I wonder what constitutes a ‘cyber attack’ here? 646,700 strikes me as an awfully large number of ‘attacks’ in the space of a couple of years.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2018 Region Group Pty Ltd. All rights reserved.
the-riotact.com | aboutregional.com.au | b2bmagazine.com.au | thisiscanberra.com

Search across the site