|
This year the IIA will mount a renewed national push to help empower
Australia's internet using public and SMEs against the ever increasing
cyberthreats we face.
The
approach will contain a number of key elements which we will implement
as industry and where appropriate in conjunction with Government.
The IIA's 2010 eSecurity Program will comprise the following measures:
1. icode - Implementation of the eSecurity Code of Practice
This
Code aims to provide a uniform response to addressing the problem of
zombied computers on Australian networks. As far as we are aware this
is the most comprehensive national response yet undertaken to the
problem, and builds on the successful AISI initiative that ACMA has
been running in recent years. The scheme will allow for an escalated
response culminating in potential short term 'quarantining' of zombied
computers.
Users whose computers are suspected of being
compromised will be provided with access to information, resources and
software. IIA member security vendors will be given the opportunity to
participate in the scheme and will be represented on the resource page
that all ISPs will be required to direct users to under the voluntary
code of practice. To date, some 68 ISPs representing over 90% market
share of the online
population are part of the AISI and are
expected to sign on to the code once formally launched. The Code
drafting committee has a target date of 5 June for Code finalisation,
and we aim to have the Minister formally launch the Code during Cyber
Security Awareness Week together with other measures as outlined below.
As well as limiting the ability of zombies to operate in Australia the
intiative will be positioned as a pro
privacy measure to the
extent that will address the potential for identify theft to occur via
zombied systems. Vendors and government also appreciate the larger
national security implications arising from the botnet phenomenon,
another issue the program hopes to help address.
2. Engagement with router manufacturers to address the issue of compromised passwords on router devices
Last
year saw the first brute force attack on consumer grade routers via the
Psyb0t worm. This pernicious exploit takes advantage of preconfigured
login controls (username and passwords) on consumer edge devices
resulting in firmware changes to the device to enable unauthorised
remote access. So far some 30 makes and models have been affected. This
is a very serious problem which can neutralise theprotection that PC
based solutions currently offer and is therefore being addressed by the
IIA as a priority. Government is supportive of this effort and we are
working towards a major announcement during eSecurity awareness week in
June 2010.
3. Launch of a national '@Home' service to provide on
the ground assistance to remediate compromised home computers and
harden security on home computers.
|
Task Forces 
