Chief Minister Stanhope is celebrating that his Government’s servers have not been hacked, as far as he knows.
ACT Government websites faced more than 646,000 cyber attacks in 2009-10 but repelled each one of them, Chief Minister and Minister for Territory and Municipal Services, Jon Stanhope, said today.
“The fact that not one of the 646,700 cyber attacks on ACT Government-hosted websites was successful demonstrates the robust security procedures and tactics in place,” Mr Stanhope said.
Reports on website attacks are assessed in line with the industry standard Common Vulnerability Scoring System which rates the severity of attacks as high, medium or low. In 2009-10 approximately 78,000 cyber attacks rated as high, 565,000 rated as medium and 3,700 rated as low.
“The ACT Government, through its information communication technology (ICT) service provider, InTACT, has implemented a layered defence against cyber attacks on 98 ACT Government-hosted websites,” Mr Stanhope said.
“InTACT continually improves its ICT infrastructure gateway by deploying well managed firewalls, intruder prevention systems and geographically dispersed websites. The vulnerability levels of the public-facing websites are continually being reviewed by both automated and manual testing.
“Prior to allowing a new website to go live, InTACT’s ICT security team tests the vulnerability of the site to cyber attacks using automated and manual tactics. The security team also conducts periodic audits across websites using an internal ethical hacker.”
The problem being that it’s the hacks you don’t detect which you have to worry about.
Nothing to see here. There are lots of automated processes that scan a range of Internet devices, and people who run basic tools to fiind vulnerabilities.
IT security is much larger than simply blocking some basic scans and malicious packets.
I’d expect that bragging about your security simply serves to invite some hacker to have a go at cracking the security. Better to just do the security well and lay low.
What is it with Stanhope lately? ACT government agencies performing basic organisational functions competently is news somehow? eg IT security working properly, ACTION training new employees. What next? Public servants paid? Vendor invoices paid?
I would have thought any domain with a “.gov” in it would as a matter of course be subject to a host of attacks from the Chinese.
As disinformation pointed out, lets hope this isnt a challenge put out there thats gonna see unhealthy attention from those with something to prove.
I had heard around the traps they had a successful intrusion last March anyway.
At the end of the day, I cant see why the “government” (read=council) of a small territory would be of any interest to someone to ‘penetrate’ in the first place.
Doesn’t quite gel with the letter we got from ACT health saying one of their laptops was ‘stolen’ with compromising personal data within. IT security wonderful, physical security of IT….s***house
I wonder how they “calculated” 646,000 cyber attacks. I wonder if a 1 second DDOS attack counts as “1 attempt” or 80 attempts.
Am i surprised? not really.
Government website + static IP + general scanning of the internet = a lot of “attempts”.
I wonder what the point of this PR is? Surely there are better performance indicators to measure an IT service on? How about some information on how much this all cost? How about down time? He must be getting desperate for attention if this is the best he can come up with.
A very astute article a while ago pointed out that anyone who uses the word “cyber” is trying to drum up legitimacy with luddites.
The internet is now full of noise. Vulnerability scanners work randomly across ranges of IP addresses. Anyone in IT security knows that the best crackers aren’t detected anyway. It’s why they’re the best. Script kiddies provide the noise and get the attention. Just pray that the ACT government doesn’t annoy someone that really knows what they’re doing. Mr Stanhope could end up paying for a lot of people’s phone bills, parking tickets or electricity. And that would just be the fun things.
Banks repelled about as many visual attacks of people looking at bank vaults and thought attacks of people thinking the ATM would spontaneously release many thousands of dollars for them.
Most cyber attacks had about as much chance of succeeding as these visual and thought attacks.
Cyber statistics are just sad in the way media and politicians present them.
Is Stanhope, in effect, just saying that every attack that has got through has gone unnoticed?
grundy said :
I suspect that a lot of these “attacks” are the internet equivalent of you receiving a wrong number or a telemarketer call on your home phone, then reporting it as an attempted house invasion.
Your average, always-on broadband connection at home could get just as many ‘attempts’ blocked over 2 years.
Just a normal part of being online these days…
johnboy said :
I see – perhaps the count reflects repeated attack attempts by computer programs as run by attackers, and not individual attacks all initiated directly by people (which may well be significantly less than 646,700)…
JitterBlip said :
I imagine it’s mostly buffer overflow attempts. Every device with a direct internet connection gets dozens of them a minute.
I wonder what constitutes a ‘cyber attack’ here? 646,700 strikes me as an awfully large number of ‘attacks’ in the space of a couple of years.