To effectively assess Internet security threats to Australian business the federal government is seeking to establish new reporting mechanisms that force companies to disclose detection of hacking or virus attacks.
The reports will remain confidential and form a national information database, according to the executive director of the Internet Industry Association, Peter Coroneos, who is involved in the project.
The database will be able to quantify security threats to business and play a key role in protecting Australia's national infrastructure against information warfare, which was evident in East Timor recently when that government was subject to military style hacking.
While the reporting mechanism will be used to alert national security and defence signals, Coroneos believes it is an opportunity to monitor the extent of hacking and get a clear picture of the threat which currently remains unreported.
He said the attorney general is forming a working party that includes Australia's top 20 companies such as Coles Myer and Telstra to encourage greater disclosure and develop joint strategies to isolate hacking incidents and ensure there isn't a concerted attack on the nation's infrastructure.
"In the national interest we have to enlighten CEOs to realise there is a more overarching concern here than the fear of competitors taking advantage of reported security attacks," Coroneos said.
"We are not getting the disclosures because it is dealt with behind doors without a recognition that this is a national security issue.
"This project will finally quantify how much damage these hackings and viruses do; however, such figures would not be released publicly but compiled to encourage heads of corporations to improve their own internal security practices."
Coroneos admits the issue of trust has created difficulty in getting a commitment from companies to disclose such sensitive information.
"Can they trust the entity to which they've given that information, should it be a government entity, an independent third party entity, who should it be?" he asked.
"There's a lot of education at senior corporate level that needs to occur before we even get to that outcome; our work on this is to try and bring them to that understanding."
Coroneos expressed surprise at the lack of malicious intent seen to date with the spreading of viruses.
The ability to cause serious destruction is available, he said, yet there has not been an incident reported of a group of large companies being held to ransom.
"It depends on motivation because the people writing viruses have the skill to cause real damage; I think we are fortunate we haven't seen far more malicious intent," Coroneos said.
He attributed this to the type of people spreading viruses such as young people having fun.
In a military sense Coroneos said the risk is much greater and industry needs to be aware of the dangers of information warfare, particularly multinationals.