Cyberwar: The threat to Australia

Hugh Njemanze, ArcSight/HP: Many of our customers are government agencies and financial institutions and the oil industry who are concerned about Scada; so that’s about 80 percent. We have been working with them for 10 years and we’re very interested in what works for you, what doesn’t work, what you see as the gaps to be addressed by vendors, how can you improve your confidence about what you’re up against. We have ideas about how to make it easier, for example, for agencies to collaborate. It’s easy to deploy tools to security organisations knowing you can never be bulletproof but the challenge is, I have information, other agencies have information, and we can’t share because we’re not used to opening our kimonos. There is a lot of risk and vulnerability in sharing information but if we could be more confident while sharing information that would change.

JT: Alastair, what’s your take on the implication for Australia, where the purpose for the internet has shifted from where it was used for research to discovering e-commerce to becoming the battlefield? AM: It’s a realisation that the internet is a reflection of society and humanity. We must have the same level of trust online as we do offline and prepare for failure because it is inevitable. If we are nations engaged in this behaviour – and every one does it whether it’s eavesdropping or more aggressively – we need to understand what the consequences of our actions are.

MS: WikiLeaks has changed the rules. We used to think of information as something to be put in different places behind firewalls on separate machines accessed by those with clearances. But how to communicate, knowing adversaries are in the middle watching and there’s nothing you can do?

GI: I don’t believe cyber warfare exists but it’s on the drawing board. I’ve thought of it as offensive but I’m starting to see what happens when government defends these changes to block, stop, try to prevent it. But who are you defending it from – your citizens?

MS: Cyberspace is man-made, which means it’s man-changeable. Do we want it to be a domain for war? We can optimise protocols for offence, defence. We could build it where you can’t have conflict but you could have e-commerce or social exchange. Our generation sits where we can make that choice because we are at the beginning of cyberspace and what we want it to be.