[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Australien: "Cyber-Verwundbarkeiten bekommen zu wenig Aufmerksamkeit"
... sagt das australische CERT. Und warum: Weil sich alle Aufmerksamkeit
auf _richtigen_ Terrorismus richtet.
Was mir auffiel:
"Opposition IT spokeswoman Kate Lundy says (...) laws are needed to
force the private sector to comply with minimum standards of protection
for critical information infrastructure. She says Australia needs to
look to minimum standards enshrined in United States and British law."
Welche Gesetze in den USA könnten denn da wohl gemeint sein? Es gibt
eine Reihe von Gesetzen, die Hacken und Ähnliches verbieten, aber m.W.
keines, das den Betreibern irgendwelche zwingenden Sicherheitsauflagen
macht. Habe ich da was übersehen?
Weiss jemand etwas über entsprechende britische Gesetze?
Die Idee der gesetzlichen Verpflichtung zu Mindestmaßnahmen in der
IT-Sicherheit ist ja im Rahmen der US-Debatte über die letzte
Cyber-Sicherheitsstrategie von einigen Fachleuten wie Bruce Schneier
stark gemacht worden. Es wäre daher interessant, mal einen
internationalen Überblick darüber zu bekommen.
Australia leaves the hack door open to cyber sabotage
By Nathan Cochrane and Sue Cant
April 8 2003
Australia's critical information infrastructure is at risk because of
the Federal Government's focus on physical infrastructure and
terrorism, the head of Australia's Computer Emergency Response Team
AusCERT general manager Graham Ingram says that while Australia is
neglecting its cyber infrastructure Asia is spending huge amounts of
money to protect its own.
"I've done significant work through Asia and I say in the nicest
possible way that if Australia doesn't get serious about these issues
we are going to be left behind," Ingram says.
He says knowledge about the way computer systems interact, which was
built up during Year 2000 remediation - and which could significantly
improve the protection of Australia's information infrastructure - has
Ingram says Malaysia, South Korea and Japan are spending enormous
amounts of money on protecting information infrastructure - things
such as government, banking, public utility, telecommunications and
emergency networks. In Australia, many of these assets are in private
AusCERT, which was founded in 1992 at the University of Queensland
after a hacking incident, has been contracted by the Federal
Government to provide a free service to the general public and
business about new threats to networked computer systems as part of
the Trusted Information Sharing Network (TISN).
TISN is a voluntary forum for owners of critical infrastructure to
exchange information on security issues announced last November.
But Opposition IT spokeswoman Kate Lundy says laws are needed to force
the private sector to comply with minimum standards of protection for
critical information infrastructure. She says Australia needs to look
to minimum standards enshrined in United States and British law.
"No one is out there enforcing standards," she says. "There is no
effective data collection, no mandatory reporting of security
incidences in the Government, let alone the private sector."
But her call was rejected by Ingram and Mike Rothery, the senior
national information infrastructure adviser at the information and
security law division of the federal Attorney-General's Department.
Rothery says the Federal Government will not introduce specific
legislation to enforce compliance with a critical infrastructure
regime because it does not know how different sectors of Australia's
"If I was to bring in legislation, the first thing I would have to do
is understand all the threats and vulnerabilities and infrastructure
mapping for each sector, and I don't believe anyone in government
does," he says.
Rothery says the information is in the private sector and would have
to be "dragged" out of companies. Otherwise the Government would have
to use a generic template that "would be wrong in 99 per cent of
Rothery agrees with Ingram that critical knowledge learnt through Y2K
has disappeared. "Some of that awareness of infrastructure dependence
has already begun to evaporate and it would be great to think that
those lessons were still around to stay."
But he says there is a "little bit of exaggeration" now about
cyberterrorism and that decision makers are sceptical about the cyber
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.