JT: How long did it take to set up? MS: Forty years but we have not evolved it to the internet. Does it now involve PC makers, banks, infrastructures? Having senior private sector people working physically inside government works for telecom but will it work for the internet? That is to be seen.
EB: Is it the internet or each of the sectors as well? MS: Perhaps financial services are similar but we don’t see them embedded with Treasury. There’s a desire to have government network operators, technical people, on ad hoc forums but that doesn’t happen.
JT: So is there cyber war, yes or no, depends on how you define it. What can Australia do to defend itself? Is it the Government’s job to protect organisations from attacks, whether we call it cyber war or cyber crime?
EB: Australia is a leader in Scada policy, it shows up in meetings like the American Petroleum Institute. So Australia can influence best practices; for the money the US throws, Australia does a better job. NC: Are there protocols, specifications or methodologies that you can point to?
KP: Idaho National Laboratory sets a lot of standards and guidelines. The National Institute of Science and Technology guidance in the US provides a lot of foundations. Is it because they recognised through their industry assessments there were gaping holes?
EB: You’re referring to Australia – yes. I honestly don’t know why Australia punches far above its weight. But it’s very simple things, like just reporting practices, not complex technology.
AM: Government has stayed out of the cyber crime area; we have to get involved in what role governments should play to protect systems.
JT: When I was in Northern Ireland the IRA was bombing pubs to intimidate people but it required a government response because people couldn’t defend themselves and no organisation would step up.
AM: The motivation of a criminal is financial but politically motivated activities sit on one side.
NC: That’s a Western approach. I’ve been in Russia and sometimes you can’t tell where police and military end and criminal gangs begin – from the beat cop passport scam to the South Ossetian campaign spurring jingoistic actors on your behalf, giving you deniability. GI: Packets don’t have attribution...
JT: ...Bullets and bombs don’t have attribution, either...
GI: ...governments rely on attribution to determine its responses. Ali Imanat from UK Payments said particularly useful was Britain's £640 million ($980 million) e-crime unit. Britain understands the consequences.
AM: What's embarrassing is the UK had the National High-Tech Crime Unit and they rolled it into Serious Organised Crime Agency. Australia had the Australian High-Tech Crime Centre. You don’t dissolve DSD and start it up again five or six years later with less money. If you call any policing agency today in Australia to report a cyber crime it starts that game of pass-the-parcel.
TS: It’s ridiculous that if it came from a nation it’s up to Defence because you can’t be certain it’s correct. And it’s hard to find out if the bad guy is on your system and see what they’re exfiltrating because they’re encrypting.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
