Australia needs a central ‘Internet shop front’ where the public can report cyber security matters, according to a report by the Australian Strategic Policy Institute (ASPI).
The report, Cyber security: threats and responses in the information age, said that although it’s a “critical” issue, cyber security is not yet fully understood by the public.
Author, founder of the Australian High Tech Crime Centre (AHTCC) and former security head at eBay, Alastair MacGibbon, said the Rudd Government needs to broaden the scale in which it addresses cyber security and better address end users in its policies.
The report has recommended the establishment of an internet crime reporting and analysis centre, drawing attention to the current difficulty for consumers to report cyber crime incidents to authorities.
MacGibbon said the centres are needed to implement a national approach to cyber crime, and to enable the government to better determine bureaucratically and jurisdictionally which agencies can best deal with certain enquiries and then determine a response.
“The key to understanding cyber crime is data,” he said, adding that Australia currently lacks the capacity to share data across several jurisdictions.
The report also highlighted the government’s failure to address security vulnerabilities in ICT infrastructure, saying there is a “keen interest” in data held by Australian companies and that the imminent threat of economic espionage could cost companies billions of dollars in revenue.
“We need to move away from the current light-touch approach of telecommunications where industry self-regulation was the dominant force to one’s where the government sets the standards required by telecommunications provide,” MacGibbon said.
Another issue addressed was the “widening gap” between the cyber security problems and Australia’s capacity to deal with it.
“The money the government is investing [into cyber security] I think is reasonably well spent, and it’s always heartening to see the services growing, but they are not growing at the pace that the public uses technology,” MacGibbon said.
“The services that we expect from government in the offline world, should be reflected in the online world, but they’re not.”
Other recommendations include the development of policies that enhance the end-point security of users connecting to the NBN and a cyber warfare doctrine for the military.
The report comes after several developments in the Government cyber security space in recent weeks.
At the end of November the House of Representatives Inquiry into Cyber Crime – which had decided to [[artnid:327513|question the agencies at the forefront of the Government's cyber security efforts - heard the Federal Attorney-General’s department is working on developing greater co-ordination between the international community, business, internet service providers and government agencies to better manage cyber crime.
Speaking at the Inquiry, Mike Rothery, first assistant secretary of the National Security Resilience Policy Division with the Attorney-General’s Department, said the department was working on a an international engagement strategy with several cyber security forums including the International Telecommunication Union, the UN, the OECD, and APEC.
The same week the Federal Government announced a new research project to track the awareness of kids’ cyber-safety and security issues.
The project, which will be undertaken by the Wollongong University’s Illawarra Regional Information Service (IRIS) and the Australian Council for Educational Research, will build on the Review of Existing Australian and International Cyber-safety Research from Edith Cowan University.
Finally, Computerworld revealed Australia's Cyber Security Operations Centre (CSOC), announced earlier this year as part of the first Defence White Paper in a decade, has already reached some operational capability.
An acute lack of information on the offensive capabilities being developed by the CSOC, however, and little clarity around its governance or oversight mechanisms, has sparked calls from academics and information security analysts for greater public debate and disclosure.
The full report and its recommendations can be downloaded at the ASPI website.