22 February 2011

Stanhopian self-congratulation on IT Security

| johnboy
Join the conversation
12

Chief Minister Stanhope is celebrating that his Government’s servers have not been hacked, as far as he knows.

ACT Government websites faced more than 646,000 cyber attacks in 2009-10 but repelled each one of them, Chief Minister and Minister for Territory and Municipal Services, Jon Stanhope, said today.

“The fact that not one of the 646,700 cyber attacks on ACT Government-hosted websites was successful demonstrates the robust security procedures and tactics in place,” Mr Stanhope said.

Reports on website attacks are assessed in line with the industry standard Common Vulnerability Scoring System which rates the severity of attacks as high, medium or low. In 2009-10 approximately 78,000 cyber attacks rated as high, 565,000 rated as medium and 3,700 rated as low.

“The ACT Government, through its information communication technology (ICT) service provider, InTACT, has implemented a layered defence against cyber attacks on 98 ACT Government-hosted websites,” Mr Stanhope said.

“InTACT continually improves its ICT infrastructure gateway by deploying well managed firewalls, intruder prevention systems and geographically dispersed websites. The vulnerability levels of the public-facing websites are continually being reviewed by both automated and manual testing.

“Prior to allowing a new website to go live, InTACT’s ICT security team tests the vulnerability of the site to cyber attacks using automated and manual tactics. The security team also conducts periodic audits across websites using an internal ethical hacker.”

The problem being that it’s the hacks you don’t detect which you have to worry about.

Join the conversation

12
All Comments
  • All Comments
  • Website Comments
LatestOldest
georgesgenitals7:52 am 23 Feb 11

Nothing to see here. There are lots of automated processes that scan a range of Internet devices, and people who run basic tools to fiind vulnerabilities.

IT security is much larger than simply blocking some basic scans and malicious packets.

I’d expect that bragging about your security simply serves to invite some hacker to have a go at cracking the security. Better to just do the security well and lay low.

What is it with Stanhope lately? ACT government agencies performing basic organisational functions competently is news somehow? eg IT security working properly, ACTION training new employees. What next? Public servants paid? Vendor invoices paid?

I would have thought any domain with a “.gov” in it would as a matter of course be subject to a host of attacks from the Chinese.

As disinformation pointed out, lets hope this isnt a challenge put out there thats gonna see unhealthy attention from those with something to prove.

I had heard around the traps they had a successful intrusion last March anyway.

At the end of the day, I cant see why the “government” (read=council) of a small territory would be of any interest to someone to ‘penetrate’ in the first place.

Doesn’t quite gel with the letter we got from ACT health saying one of their laptops was ‘stolen’ with compromising personal data within. IT security wonderful, physical security of IT….s***house

I wonder how they “calculated” 646,000 cyber attacks. I wonder if a 1 second DDOS attack counts as “1 attempt” or 80 attempts.

Am i surprised? not really.

Government website + static IP + general scanning of the internet = a lot of “attempts”.

I wonder what the point of this PR is? Surely there are better performance indicators to measure an IT service on? How about some information on how much this all cost? How about down time? He must be getting desperate for attention if this is the best he can come up with.

Disinformation3:19 pm 22 Feb 11

A very astute article a while ago pointed out that anyone who uses the word “cyber” is trying to drum up legitimacy with luddites.
The internet is now full of noise. Vulnerability scanners work randomly across ranges of IP addresses. Anyone in IT security knows that the best crackers aren’t detected anyway. It’s why they’re the best. Script kiddies provide the noise and get the attention. Just pray that the ACT government doesn’t annoy someone that really knows what they’re doing. Mr Stanhope could end up paying for a lot of people’s phone bills, parking tickets or electricity. And that would just be the fun things.

Banks repelled about as many visual attacks of people looking at bank vaults and thought attacks of people thinking the ATM would spontaneously release many thousands of dollars for them.

Most cyber attacks had about as much chance of succeeding as these visual and thought attacks.

Cyber statistics are just sad in the way media and politicians present them.

Is Stanhope, in effect, just saying that every attack that has got through has gone unnoticed?

grundy said :

Just a normal part of being online these days…

I suspect that a lot of these “attacks” are the internet equivalent of you receiving a wrong number or a telemarketer call on your home phone, then reporting it as an attempted house invasion.

Your average, always-on broadband connection at home could get just as many ‘attempts’ blocked over 2 years.
Just a normal part of being online these days…

I wonder what constitutes a ‘cyber attack’ here? 646,700 strikes me as an awfully large number of ‘attacks’ in the space of a couple of years.

I imagine it’s mostly buffer overflow attempts. Every device with a direct internet connection gets dozens of them a minute.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.