Computers need a safety check: Caelli

Information security guru, Bill Caelli yesterday urged the Australian government to stress-test new computer models for security flaws in the same way safety councils crash test new cars.

"Let's start smashing a few computers," Caelli told more than 200 delegates from 20 countries attending the 11th annual conference of the Forum of Incident Response and Security Teams (FIRST) in Brisbane.

A notable identity on the global information security circuit and head of the school of data communications at Queensland University of Technology, Caelli said computers are now "unsafe at any megahertz".

In a keynote conference speech, he called for the government to set up the IT equivalent of the New Car Assessment Program which crashes new car models to rate their safety.

The endemic trends to commoditisation, outsourcing and downsizing have left fundamental computer security structures for software and hardware components in a shambles, Caelli argued.

"There is now general agreement in the US that we have lost two decades in relation to information and computer security activity."

Commercial Off The Shelf (COTS) products, such as Intel chips and Microsoft operating systems, were "utterly unsuited" for deployment in critical information systems across government and private industry, Caelli said.

Just as the motor vehicle industry had to be legislated into designing safer cars in the 1950s, computer manufacturers now needed to be made to confront security shortcomings, he argued.

A National Computer Assessment Program would operate just like the New Car Assessment Program and "I would recommend to government that they make purchasing of new computer systems conditional on the manufacturers cooperating with this type of program."

Caelli urged conference delegates to lobby political representatives in their home countries to put more teeth into computer security regulations.

The recent Melissa and Explore viruses are only the tip of the iceberg in terms of the deeper holes and loopholes in today's commoditised hardware and software structures, he said.

Those trying to patch up the security of today's networks are wrapping cotton wool around switches, routers and servers, Caelli noted.

"But they avoiding the bleeding obvious which is that the underlying computer systems are totally insecure, fragile eggs."