How can international cooperation secure the internet

1

• How can international cooperation secure the
  internet?
• An overview of bilateral/multilateral issues of
  security in the internet
• Alex Webling
• Director - NII
• Critical Infrastructure Protection Branch

2
What are the inherent problems?

• The internet will never be totally secure AND
• Everybody is your neighbour on the internet.
• Thats Nasty and Nice
• Nice if youre doing business with them
• Nasty if theyre trying to attack you

3
More problems - Convergence

• Technological Convergence
• Seamless data, voice and video sharing
• Reduces redundant paths for critical systems
• Higher vulnerability
• Higher threat

4
Convergence eg SCADA

• Supervisory Control Data Acquisition Systems
  (SCADA)
• Used in energy sector for controlling processes
• Increasingly becoming remotely controllable via
  the Internet / wireless!
• Could scada be remotely hijacked?breaching dams,
  shutting down power grids, contaminating water
  supplies etc

5
Where are we?
6
Drivers

• Reduced cost increased availability of Internet
  access
• New business uses technologies
• Bluetooth wireless
• VoIP wireless
• Use increasing in sensitive industries

7
What is being done now?What could be working?

• Information sharing and Joint Response
• CERT to CERT communications
• Cybercrime 24/7 Network (G-8)
• APCERT (Aust/Japan/South Korea etc)
• Standards
• Laws

8
Australian Participation in International Fora on
E-sec

• APEC
• APEC TELActively engaged with APEC
  Telecommunications Working Group
• E-Security Task Group
• APEC Projects (more later)

9
International Fora (cont.)

• OECD
• WPISP - Guidelines for the Security of
  Information Systems and Networks Towards a
  Culture of Security, July 2002
• Working to promote the Culture of Security
  Guidelines with other economies
• Encouraging OECD economies to sponsor projects
  to strengthen e-security of developing economies
  in their regions.

10
International Fora (cont)

• Lets not forget!
• ITU
• Were here!

11
International fora

• APCERT
• CERTs in Asia-Pacific region working together in
  a partnership to share information on threats and
  vulnerabilities
• AusCERT current chair, JPCERT secretariat

12
Multilaterals/Bilaterals

• US/Australian bilaterals
• Regular bilateral talks with the United States on
  broader CIP issues.
• Discussions with Europeanseg GovCERT NL
  Symposium

13
Multilaterals cont.

• Informal Multilateral discussions after AusCERT
  Conference. Government attendees invited to stay
  and discuss issues
• Multilateral talks on NII issues with several
  European and Asian countries, as well as the UK,
  US, Canada and NZ
• Additional bilateral CIP talks being considered
  with other Asia-Pacific regional countries.

14
Capacity Building / Awareness Raising

• CERT capacity building projects funded by APEC
  and AusAID
• AusAID project in Thailand, Vietnam, Philippines,
  Papua New Guinea, Indonesia,
• APEC / US Govt funded project in Chile, Peru,
  Mexico and the Russian Federation.

15
Standards

• Technical standards security should be built
  in, not bolt on Vendor discussions
• Best practice guidelines such as Standards
  Australias HB171-2003 Guidelines for the
  management of IT evidence
• ISO standards

16
Laws

• Cybercrime Act 2001 (based on Council of Europe
  Convention)
• Australia - updated existing criminal provisions
  e.g. previous computer laws did not
  sufficiently address denial of service attacks.
• Enhanced investigatory powers relating to
  electronically stored data.
• Of course Laws which are similar across
  countries makes it easier for multinational law
  enforcement response!

17
Awareness Raising

• CERT Awareness raising seminars being run in
  APECTEL on security issues.
• Began in March 03, ongoing
• Australia encourages developed economies to
  support developing economies CERTs eg through
• Training in-country
• Support for experts to attend conferences
• Technical support

18
What is the future?

• Because of the borderless nature of cyberspace,
  international cooperation is even more essential
  to secure a safe online environment.
• More businesses and governments and business
  machinery online
• A target rich environment

19
Longer term

• Governments and business who are the major users
  of the internet will be forced to work together
  to combat the worst elements
• Technology will provide some help eventually

20
So maybe
We might get closer to the end of the line!
21
Conclusions

• Internet and the high seas (an analogy).
• We need to be exiting the Swashbuckling days!
  Pirates, rogues etc (hopefully). But still,
  anybody can get a ship (computer) and sail the
  seas of the internet.
• Islands of order, seas of chaos
• Treasures to be pillaged and plundered!

22
Conclusions

• Working together to coordinate the islands
  defences is a good way to bring order
• Varying levels of order in different islands!
• Parallel step, work within multilateral orgs and
  bilaterally to increase order
• Eventually, we might aim to a law of the
  internet.

23

• Alex Webling
• Director National Information Infrastructure
• Critical Infrastructure Protection Branch
• alex.webling_at_ag.gov.au
• cip_at_ag.gov.au (general email address for CIP
  matters)
• www.tisn.gov.au (Web site on Trusted Information
  Sharing Network)
• www.nationalsecurity.gov.au (AGD web site on
  National security)