Australian Government E-Security Review….
July 6th, 2008 Drazen Drazic Posted in Research, Risk Management, Vulnerability Management, cyber crime, governance |
The AGD is leading a review of the Government’s e-security policy, programs and capabilities.
http://www.ag.gov.au/esecurityreview
Submissions are due by 31st July 2008.
The “key areas the ACS [Australian Computer Society] believes will present the major security threats to Australia in coming years” quoted in this SC Magazine article are interesting. Not sure what the ACS means with their last couple of suggestions though.
Personally, I would throw in the following as major security threats for consideration as opposed to what the ACS sees as a priority. Keen to hear what others think:
• Insecure and poorly developed software in critical infrastructure (and in general)
• Protection of critical infrastructure across all CI sectors (broad I know)
• Cyber-crime, cyber-espionage (further protection of state)
• Lack of any liability on software developers in general - hey, it all comes down to software doesn’t it? (inc false and misleading advertising by security product vendors)
• Web 2.0 and other new technologies - rapid deployment vs. business impact implications analysis (how do you stop this though?)
• Awareness and understanding across the business, government and consumer worlds - lack of regulation, establishment of base level requirements for security and looking at root cause
I know some of the above is broad in scope and I’m sure that we could develop a large list but at the same time analysis vs practical and realistic solutions to issues needs to be considered. There are many trains of thought - some believe we must just adapt and accept that we’ll always be living and working in an insecure IT world. Others have more hope and that we can turn things around with great effort. Is there a middle ground in the IT world as mirrored in society in general? Can we segment the good from the bad and acknowledge the “grey” areas will always be there?
July 6th, 2008 at 2:41 pm
Perhaps I missed something somewhere in my reading of the ACS threat analysis report…
Call me an ignoramus if you like, but I would have thought that with the multi-millions of $$ reportedly defrauded by Nigerian e-mail scams &/or Phishing emails *every week* from Australia - would have been seen as one of *the* top threats - now & in the future.
I’m wondering if whether the root cause - stupidity & greed - isn’t sexy enough for the ACS threat analysis?
Help me out here someone ?
July 6th, 2008 at 5:40 pm
I agree with your thoughts but don’t have the context nor full details of how they (ACS) came up with their priorities:
http://www.acs.org.au/news/040708.htm
I don’t disagree that these areas are of concern but more so than other specific technologies? Are the following really the key challenges we face?
* Removable media & storage devices
* VOIP
* Public wireless hotspots
* Instant messaging devices
* Online gaming devices
* Commercialisation of vulnerability research
If these became the focus of government E-security initiatives, I would be pretty worried.
The last one is an interesting topic in its own right and something we’ve been debating internally and following latest industry trends. Surprised this comes up here - doesn’t fit in with the others does it?
Anyway, this is one we’ll probably throw our 2c into and see what happens.
July 7th, 2008 at 9:46 am
Hmm.
I would have expected their ‘context’ to be nothing more than what the ACS said it was - Major Security Threats facing Australia.
DD - I too question whether their list, while a good start, form the ‘key’ challenges faced. And why, all of a sudden, are the ACS the mob of experts that our Govt puts on a pedestal as the font of all security knowledge ?
Do the ACS represent the cream of Security Professionals in Australia ? I doubt it, but am happy to be shown otherwise.
I seem to recall another mob - AISA, for instance.