• Great articles on other sites
  • RSS Great articles on other sites


  • Renai's other site: Sci-fi + fantasy book news and reviews
  • RSS Renai LeMay

  • Blog, Security - Written by on Thursday, January 24, 2013 14:38 - 27 Comments

    Debunking the “cyber-security” hype

    blog Prime Minister Julia Gillard has spent much of yesterday and today talking about the massive threat that so-called “cyber-security” attacks pose to Australia, and highlighting how the Federal Government is throwing billions of dollars at the situation. But is the “cyber” threat really that imminent and dangerous? No, according to Crikey correspondent Bernard Keane. Keane has published an extensive, highly referenced article debunking eleven recent “cyber” attacks. A sample par (we recommend you click here for the full article):

    “… it pays to be sceptical whenever politicians, commentators or companies talk about the massive threat cyber warfare poses. To help, Crikey has compiled a reading guide to some of the claims made both about cyber warfare and cybersecurity generally, and to some of the specific incidents that are used by advocates of “cybersecurity” …”

    We don’t always agree with everything Keane writes, but we think he’s nailed it in this article. There is no doubt that attention needs to be placed on the IT security of Australia’s critical infrastructure, and that governments and corporations all around Australia should be doing a better job of securing their IT systems. However it’s very unlikely that Australia is on the verge of a hugely dangerous “cyber” attack. Calm down, people. The “cyber” sky isn’t falling.

    Print Friendly

    27 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Marcus
      Posted 24/01/2013 at 2:51 pm | Permalink |

      +1.
      what can i say, you’re both right.

    2. Kevin Davies
      Posted 24/01/2013 at 2:53 pm | Permalink |

      Can someone in the security industry please take Renai LeMay aside and have a quiet word with him…

      • Posted 24/01/2013 at 2:58 pm | Permalink |

        Kevin,

        You’ve got evidence which runs contrary to this article? I invite you to present it and I will consider it.

        Cheers,

        Renai

        • Trevor
          Posted 24/01/2013 at 3:25 pm | Permalink |

          Haha calm down Ren, Kevin was attempting to be humerous/sarcastic, his comment being directed at the fact that your article runs contrary to Govt & much private security propaganda/publication on the topic (and justifiably so, too – this is exactly the same kind of sky-is-falling fear mongering that generated the ‘Y2k bug’ nonsense that was one of the biggest orchestrated international rorts by an entire industry that the world has ever seen).

          Seems to me that memories are very short & the usual suspects are at play here with the same tired old tricks, but my money’s on them grtting away with it because they always have & the public shows no signs of waking up at this juncture…

          • Woolfe
            Posted 25/01/2013 at 1:48 pm | Permalink |

            Offtopic, but Y2k wasn’t a complete Rort. The biggest concern was what would happen when all the devices and especially the heavy machinery type devices that had chips in them that couldn’t go past 99. That was the real issue. Unfortunately in most of those situations because a lot of the gear couldn’t be tested easily(often the work required to be able to test, was harder than just replacing).

            Home pc’s even most business pc’s etc were not a great concern, that was definately hyped out of all proportion.

            As it turns out it all went swimmingly anyway. There were a couple of documented failures due to y2k (HSBC lost all its swipe card access or something) and I have no doubt there were a lot of little glitches that just got managed. Now whether that was because it was a “non issue” or because everyone replaced and “fixed” every system is a question only the gods can answer.

            I actually look on Y2k as a major success. There was an issue, and people did something to prevent it, and lo and behold no issue. If only we were so forward thinking about climate change :-)

    3. Kevin Davies
      Posted 24/01/2013 at 3:07 pm | Permalink |

      I am not in a position to do that. For your benefit, have asked. If it does happen, no promises Renai, you will likely not be able to discuss it in other than the most general terms. However you would have a much better understanding of the challenges we face in the cyber sphere.

      • PointZeroOne
        Posted 24/01/2013 at 3:58 pm | Permalink |

        Do you really work in the ‘cyber’ industry and call it ‘cyber something’?

        “oh what do you do for work?”
        “I cyber”
        “erm…you have online sex?”

      • Posted 24/01/2013 at 4:05 pm | Permalink |

        “in the cyber sphere”

        hey Kevin,

        perhaps it’s time to reveal who you are/where you’re employed? I don’t think anyone who works in IT security would refer to their role as being “in the cyber sphere”.

        Cheers,

        Renai

        • Ausgnome
          Posted 24/01/2013 at 4:08 pm | Permalink |

          I often tell people I am a Cyber Programmer or was that Cider Programmer

          • Posted 24/01/2013 at 4:17 pm | Permalink |

            Maybe I should start describing myself as a “cyber-blogger”.

            I can just imagine the reaction that would get every time I called up a government department for a comment.

            • Murdoch
              Posted 24/01/2013 at 4:36 pm | Permalink |

              Are you …… no …. you can’t be …..

              A Cyberman?

              I guess the next question is …. who are the Daleks?

              O wait. That’d be Tony Abbott wouldn’t it?

              CALL THE DOCTOR! WE’RE UNDER ATTACK!

        • PointZeroOne
          Posted 24/01/2013 at 4:34 pm | Permalink |

          He’s CyberMan, defender of the cybers!

    4. PointZeroOne
      Posted 24/01/2013 at 3:18 pm | Permalink |

      ON NOES SOMETHING ‘BAD’ HAPPENED ON A PIECE OF TECH

      CYBER CRIME!!!

      • Hubert Cumberdale
        Posted 24/01/2013 at 4:14 pm | Permalink |

        yep, pretty much, it’s always easier and more convenient to blame those “evil hackers stealing my megabytes” lol… of course those with an interest need to overstate the severity to keep themsleves relevant.

    5. Ausgnome
      Posted 24/01/2013 at 4:06 pm | Permalink |

      After reading this. I am not sure if I should be laughing or Crying

      or both

    6. Posted 24/01/2013 at 4:07 pm | Permalink |

      We must fear all cybers. For they will cyber us with their cyber-ey things.

      The FUD and extensive bollocks perpetuated by those in this industry was the reason my time in it was limited. Yes, there are attacks. Yes, people have data stolen or compromised. Yes, both state and non-state actors are involved. Yes, attention needs to be paid and dollars spent.

      But lots of yesterday was hype. As is a significant part of what we hear from government and the media.

      It remains the fact that the greatest risk to corporate and government secrets is the compromised or disaffected insider walking out via the front door with photocopies or a USB stick full of information.

      And, for individuals, low-quality passwords, easily guessable, and overly-linked data are the wide-open front door to messing with your reputation and money. For those unsure, see Wired’s extensive coverage of Mat Honan’s very messy story – http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

      • SMEMatt
        Posted 24/01/2013 at 5:49 pm | Permalink |

        How could that happen I thought all apple products are safe from hackers.

        • Tom
          Posted 24/01/2013 at 6:20 pm | Permalink |

          They are!

          Apparently third-party cookies are unsafe, unless you’re using Safari on OS X, in which case you won’t get your viruses from third-party cookies…

          :|

      • Dan
        Posted 25/01/2013 at 9:54 am | Permalink |

        Modern ‘photocopiers’ can be made to prevent the disclosure of sensitive information. Remember it’s just a digital scanner on top of a laser printer, so a second set of ‘eyes’ can “big-brother” anything happening on the device.

        Also, the sensitive government departments use terminal services with USB devices denied access by policy enforcement.

        You would really, really have to go to some lengths to steal that sort of information these days, which beggars belief as to how the whole ‘cable gate’ affair was executed.

        • Posted 25/01/2013 at 10:01 am | Permalink |

          Dan, what they *can* and do do are two separate things. I’ve worked in highly secure environments in recent times where not only are photocopiers not controlled, they are still rigged as faxes as well, against DSD advice.

          So too, USB. I’ve worked many places where they’re switch off at hardware or hot-glued. Doesn’t stop people invoking Gilmore’s Law when they need to.

          When need meets motivation, shit gets done.

          • Trevor
            Posted 25/01/2013 at 12:05 pm | Permalink |

            I think this highlights a huge problem in IT security worldwide, but is particularly prevalent in Australia – if you want to secure your systems, you need to think and act like someone throwing everything they’ve got at compromising them. The best way to do this is often to employ hackers to do penetration testing, or at the very least developing these skills in-house. Unfortunately Australian law, government and industry prefer to deal with this issue by criminalising any and every part of it (including hacking for ‘legitimate’ purposes) and then burying their heads in the sand in the hope that somehow by ignoring it they have solved the very problem they are avoiding.

            Much like bankruptcy, Australia needs to grow up and embrace ethical hacking as a legitimate and fundamental step in protecting and securing their IT systems. I’d go so far as to suggest thorough penetration testing be a mandatory legal requirement for any company entrusted to securely store customer/citizen records. To do less is to fail in your duty of care to protecting the privacy of your customers.

    7. Soth
      Posted 24/01/2013 at 5:27 pm | Permalink |

      That person who’s NBN gigabytes were hacked caused this sudden knee jerk reaction didn’t it! :)

    8. Joe
      Posted 24/01/2013 at 6:10 pm | Permalink |

      I saw a documentary the other day called “Skyfall” and OMG its so scary what is happening in the cyber space!!!
      Julia is right, more money spent on cyber safety will make our lives much better. Also we should start investing in prevention of Y3K bugs. My precise calculation, our whole GDP spend on that will make us totaly safe. :-)

    9. Paul Krueger
      Posted 25/01/2013 at 11:29 am | Permalink |

      The problem is that anyone who could give accurate advice on the danger would most likely be employed in the Industry, with much to gain from increased spending.

      Having said that… I think that the biggest loss caused by a “cyber attack” last year was the data that Millions of people lost when the United Stated shut down megaupload with no respect for the legitimate data stored there.

      The problem with data, be it photos or business records is that the effort involved in deleting it is so small compared to the effort to create it.

    10. Woolfe
      Posted 25/01/2013 at 2:01 pm | Permalink |

      I would suggest this is being pushed by the US. I am in a US company that has in the past few years had some issues that resulted in DHS and FBI getting involved. This company does a certain amount of business with a certain large asian nation.
      We are now going through absolute ridiculous measures in regards to “cyber security”, and it is quite hush hush as to why in the upper echelons. So much so that I have been told not to ask. Which is surprising as whilst communication is a major fail here, if you ask the right people you can find out what you want usually.
      Bearing in mind this company I am in, is not defence or technology related in any way, nor do they do any particular amount of research etc. It is a Primary producer who sells a single product. So any espionage type actions would at most affect the financial well being only. (which could be considered enough in many ways, but still)

    11. Kevin Davies
      Posted 28/01/2013 at 8:59 am | Permalink |

      Interesting… http://www.smh.com.au/it-pro/-2delw.html

      Keep the cyber jokes going guys… I am sure humor will protect you.

    12. Kevin Davies
      Posted 09/02/2013 at 7:51 pm | Permalink |

      So Renai, what will it take for you to treat these threats seriously? A government institution, oh hang on I have something here for you…

      http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax-system-20130208-2e2kn.html

      And the hits just keep on coming.




  • Get our weekly newsletter

    All our stories, just one email a week.

    Email address:


    Follow us on social media






    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Microsoft wants to win you back with Windows 10 windows-10

      The latest version of Microsoft’s Windows operating system will begin rolling out from Wednesday (July 29). And remarkably, Windows 10 will be offered as a free upgrade to those users who already have Windows 7 and 8.1 installed.

    • Qld Govt Depts have no disaster recovery plan brisvegas2

      Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.

    • ASD releases Windows 8 hardening guide windows-8-1

      The Australian Signals Directorate appears to have released a guide to hardening Microsoft’s Windows 8 operating system, three years after the software was released for use by corporate customers, and as Microsoft is slated to release its next upgrade, Windows 10.

    • ASG picks up $35m CIMIC IT services deal money

      Perth-headquartered IT services group ASG this week revealed it had picked up a deal worth at least $35 million over five years with CIMIC Group — the massive construction and contracting group previously known as Leighton Holdings.

    • Datacom completes mammoth Health ICT takeover UTP Cat5e Cable with patch panel

      New Zealand-headquartered IT services group Datacom this week announced it has successfully taken over the ICT infrastructure of the Federal Department of Health, in a long-awaited move which has seen the department remove large tranches of work from the hands of long-term outsourcer IBM.

  • News, Policy + Politics - Jul 29, 2015 15:25 - 0 Comments

    Turnbull defends Geelong MP from FTTN critics

    More In Policy + Politics


    Analysis, Enterprise IT - Jul 28, 2015 16:20 - 10 Comments

    Microsoft wants to win you back with Windows 10

    More In Enterprise IT


    Industry, News - Jul 28, 2015 12:37 - 0 Comments

    ICAC to investigate NSW TAFE ICT manager

    More In Industry


    Analysis, Consumer Tech - Jul 28, 2015 15:59 - 0 Comments

    Older Australians embracing video games

    More In Consumer Tech