1 / 23

How can international cooperation secure the internet?

How can international cooperation secure the internet? An overview of bilateral/multilateral issues of security in the internet Alex Webling Director - NII Critical Infrastructure Protection Branch. What are the inherent problems?. The internet will never be totally secure AND

honey
Télécharger la présentation

How can international cooperation secure the internet?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How can international cooperation secure the internet? An overview of bilateral/multilateral issues of security in the internet Alex Webling Director - NII Critical Infrastructure Protection Branch

  2. What are the inherent problems? • The internet will never be totally secure AND • Everybody is your neighbour on the internet. That’s Nasty and Nice • Nice if you’re doing business with them • Nasty if they’re trying to attack you

  3. More problems - Convergence • Technological Convergence • Seamless data, voice and video sharing • Reduces redundant paths for critical systems • Higher vulnerability • Higher threat

  4. Convergence eg SCADA • Supervisory Control & Data Acquisition Systems (SCADA) • Used in energy sector for controlling processes • Increasingly becoming remotely controllable via the Internet / wireless! • Could scada be remotely hijacked?breaching dams, shutting down power grids, contaminating water supplies etc

  5. Where are we?

  6. Drivers • Reduced cost & increased availability of Internet access • New business uses & technologies • Bluetooth wireless • VoIP wireless • Use increasing in sensitive industries

  7. What is being done now?What could be working? • Information sharing and Joint Response • CERT to CERT communications • Cybercrime 24/7 Network (G-8) • APCERT (Aust/Japan/South Korea etc) • Standards • Laws

  8. Australian Participation in International Fora on E-sec APEC • APEC TELActively engaged with APEC Telecommunications Working Group; • E-Security Task Group • APEC Projects (more later)

  9. International Fora (cont.) OECD • WPISP - Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, July 2002 • Working to promote the ‘Culture of Security’ Guidelines with other economies • Encouraging OECD economies to sponsor projects to strengthen e-security of developing economies in their regions.

  10. International Fora (cont) Let’s not forget! • ITU • We’re here!

  11. International fora • APCERT • CERTs in Asia-Pacific region working together in a partnership to share information on threats and vulnerabilities • AusCERT current chair, JPCERT secretariat

  12. Multilaterals/Bilaterals • US/Australian bilaterals • Regular bilateral talks with the United States on broader CIP issues. • Discussions with Europeanseg GovCERT NL Symposium

  13. Multilaterals cont. • Informal Multilateral discussions after AusCERT Conference. Government attendees invited to stay and discuss issues • Multilateral talks on NII issues with several European and Asian countries, as well as the UK, US, Canada and NZ • Additional bilateral CIP talks being considered with other Asia-Pacific regional countries.

  14. Capacity Building / Awareness Raising • CERT capacity building projects funded by APEC and AusAID • AusAID project in Thailand, Vietnam, Philippines, Papua New Guinea, Indonesia, • APEC / US Govt funded project in Chile, Peru, Mexico and the Russian Federation.

  15. Standards • Technical standards – security should be built in, not bolt on Vendor discussions • Best practice guidelines such as Standards Australia’s HB171-2003 – Guidelines for the management of IT evidence • ISO standards

  16. Laws • Cybercrime Act 2001 (based on Council of Europe Convention) • Australia - updated existing criminal provisions – e.g. previous computer laws did not sufficiently address “denial of service attacks”. • Enhanced investigatory powers relating to electronically stored data. • Of course Laws which are similar across countries makes it easier for multinational law enforcement response!

  17. Awareness Raising • CERT Awareness raising seminars being run in APECTEL on security issues. • Began in March 03, ongoing • Australia encourages developed economies to support developing economies’ CERTs eg through: • Training – in-country • Support for experts to attend conferences • Technical support

  18. What is the future? • Because of the borderless nature of cyberspace, international cooperation is even more essential to secure a safe online environment. • More businesses and governments and business machinery online • A ‘target rich environment’

  19. Longer term Governments and business who are the major users of the internet will be forced to work together to combat the worst elements Technology will provide some help – eventually

  20. So maybe We might get closer to the end of the line!

  21. Conclusions • Internet and the high seas (an analogy). • We need to be exiting the Swashbuckling days! Pirates, rogues etc (hopefully). But still, anybody can get a ship (computer) and sail the seas of the internet. • Islands of order, seas of chaos • Treasures to be pillaged and plundered!

  22. Conclusions • Working together to coordinate the islands’ defences is a good way to bring order • Varying levels of order in different islands! • Parallel step, work within multilateral orgs and bilaterally to increase order • Eventually, we might aim to a law of the internet.

  23. Alex Webling • Director – National Information Infrastructure • Critical Infrastructure Protection Branch • alex.webling@ag.gov.au • cip@ag.gov.au (general email address for CIP matters) • www.tisn.gov.au (Web site on Trusted Information Sharing Network) • www.nationalsecurity.gov.au (AGD web site on National security)

More Related