Land down underCERT Australia promotes on network security

Published 1 December 2009

Australia’s Attorney-General’s Department national security resiliency division says CERT Australia would be a two-way clearing house for notifications from local and international authorities, with responsibility for tracking down compromised machines in Australian domains

The new computer emergency response team, CERT Australia, will expect Internet service providers to be more active in cleaning up infected computers operating on their networks.

Following the federal government’s e-security review last year, the Internet Industry Association has been hammering out a voluntary ISP code of practice aimed at identifying botnet activity and alerting customers to security breaches.

Karen Dearne writes that Attorney-General’s Department national security resiliency division head Mike Rothery said CERT Australia would be a two-way clearing house for notifications from local and international authorities, with responsibility for tracking down compromised machines in Australian domains. “We’ll be establishing relationships with our CERT counterparts so that if we identify (attacks coming from) compromised machines overseas, we can ask those authorities to trace the actual owners and seek that those be cleaned up,” Rothery said.

Where identified machines appear to be in Australia — and the notification may come from overseas or from a local ISP or web hosting company — we will track down the owners through their ISP or web host and tell them their machines have been compromised. Where corporations or organizations maintain their own networks, we will go to them directly.”

While these notifications are routinely performed by national CERTs, it will be a new role for the department when the government-run agency begins operating in January.

Previously, the University of Queensland-based AusCERT has provided CERT services to public and private sector clients on a subscription basis, while GovCERT has focused on government-industry liaison, particularly with companies considered at high risk of cyber espionage and those operating critical infrastructure businesses.

Rothery said the GovCERT team of about fourteen people would be merged into the new unit, while AusCERT would provide a range of operational and advisory services under contract. “GovCERT has been sharing the information that we get from law enforcement and the intelligence community, particularly around things like SCADA — the digital control systems used by utilities,” he said.”That work will continue, but we’ll be expanding our relationships and topics to address vulnerabilities in more mainstream systems that are widely used in the economy.”

The cyber security strategy released by Attorney-General Robert McClelland last week recognized the “limitations in the direct influence of governments” over IT networks “predominantly designed, built, owned and operated by the private sector.”

Rothery said cyber security was an issue of national strategic importance, with evidence of “criminal and state-sponsored espionage being conducted against the Australian business community.”

There’s also state-sponsored espionage being attempted against governments, and a growing capacity among nation states to see cyber warfare as a legitimate adjunct to conventional military capabilities,” he said. “The issue there is that if an adversary seeks to use cyber arms, they will likely see that (attacking) the civilian infrastructure may be the most effective way to achieve the outcome they want. So the private sector and civilian arms of government will have just as important parts to play in the defense of that infrastructure as any possible activity on the defense side — and that’s something all Western governments are wrestling with.”

Rothery, who contributed to the report, “Virtually Here: Age of Cyber Warfare,” produced for IT security vendor McAfee, agreed with its key finding that the private sector would be on the frontline if nations turned to cyber warfare. But, he said, Australia was better placed than most, thanks to regular discussions with businesses since 2003, when the Trusted Information Sharing Networks were set up. “We’ve been having conversations with operators on things like SCADA, on the protection of submarine cables and other elements of the telecommunications infrastructure, for many years now,” he said. “In many respects, governments’ perceptions have changed as a result of those discussions, and we have a much better feel for how vulnerable these systems are, and what would be the ability of the market to adjust to a shock. But while government has some understanding of what the threats might be, or the strategic intent of particular players, the real understanding of the durability and resilience of particular systems lies in the private sector. So the only way forward is through partnerships, and we think those arrangements here will continue to mature.”

McAfee regional director Michael Sentonas said private companies had an “enormous responsibility to really understand cyber war threats, and to put in place defense mechanisms and response plans.”

The report suggests many nations are competing w to build cyber arsenals and are spying on corporate networks to identify potential targets and lay the groundwork for electronic disruption. Their job is made easier by businesses, governments and even the military shifting to commercially available software and the Internet for ease of use, remote control and cost reasons.