blog Prime Minister Julia Gillard has spent much of yesterday and today talking about the massive threat that so-called “cyber-security” attacks pose to Australia, and highlighting how the Federal Government is throwing billions of dollars at the situation. But is the “cyber” threat really that imminent and dangerous? No, according to Crikey correspondent Bernard Keane. Keane has published an extensive, highly referenced article debunking eleven recent “cyber” attacks. A sample par (we recommend you click here for the full article):

“… it pays to be sceptical whenever politicians, commentators or companies talk about the massive threat cyber warfare poses. To help, Crikey has compiled a reading guide to some of the claims made both about cyber warfare and cybersecurity generally, and to some of the specific incidents that are used by advocates of “cybersecurity” …”

We don’t always agree with everything Keane writes, but we think he’s nailed it in this article. There is no doubt that attention needs to be placed on the IT security of Australia’s critical infrastructure, and that governments and corporations all around Australia should be doing a better job of securing their IT systems. However it’s very unlikely that Australia is on the verge of a hugely dangerous “cyber” attack. Calm down, people. The “cyber” sky isn’t falling.

Tweet

1. Marcus
   Posted 24/01/2013 at 2:51 pm | Permalink | Reply

   +1.
   what can i say, you’re both right.

2. Kevin Davies
   Posted 24/01/2013 at 2:53 pm | Permalink | Reply

   Can someone in the security industry please take Renai LeMay aside and have a quiet word with him…

   • Renai LeMay
     Posted 24/01/2013 at 2:58 pm | Permalink | Reply

     Kevin,

     You’ve got evidence which runs contrary to this article? I invite you to present it and I will consider it.

     Cheers,

     Renai

     • Trevor
       Posted 24/01/2013 at 3:25 pm | Permalink | Reply

       Haha calm down Ren, Kevin was attempting to be humerous/sarcastic, his comment being directed at the fact that your article runs contrary to Govt & much private security propaganda/publication on the topic (and justifiably so, too – this is exactly the same kind of sky-is-falling fear mongering that generated the ‘Y2k bug’ nonsense that was one of the biggest orchestrated international rorts by an entire industry that the world has ever seen).

       Seems to me that memories are very short & the usual suspects are at play here with the same tired old tricks, but my money’s on them grtting away with it because they always have & the public shows no signs of waking up at this juncture…

       • Woolfe
         Posted 25/01/2013 at 1:48 pm | Permalink | Reply

         Offtopic, but Y2k wasn’t a complete Rort. The biggest concern was what would happen when all the devices and especially the heavy machinery type devices that had chips in them that couldn’t go past 99. That was the real issue. Unfortunately in most of those situations because a lot of the gear couldn’t be tested easily(often the work required to be able to test, was harder than just replacing).

         Home pc’s even most business pc’s etc were not a great concern, that was definately hyped out of all proportion.

         As it turns out it all went swimmingly anyway. There were a couple of documented failures due to y2k (HSBC lost all its swipe card access or something) and I have no doubt there were a lot of little glitches that just got managed. Now whether that was because it was a “non issue” or because everyone replaced and “fixed” every system is a question only the gods can answer.

         I actually look on Y2k as a major success. There was an issue, and people did something to prevent it, and lo and behold no issue. If only we were so forward thinking about climate change :-)

3. Kevin Davies
   Posted 24/01/2013 at 3:07 pm | Permalink | Reply

   I am not in a position to do that. For your benefit, have asked. If it does happen, no promises Renai, you will likely not be able to discuss it in other than the most general terms. However you would have a much better understanding of the challenges we face in the cyber sphere.

   • PointZeroOne
     Posted 24/01/2013 at 3:58 pm | Permalink | Reply

     Do you really work in the ‘cyber’ industry and call it ‘cyber something’?

     “oh what do you do for work?”
     “I cyber”
     “erm…you have online sex?”

   • Renai LeMay
     Posted 24/01/2013 at 4:05 pm | Permalink | Reply

     “in the cyber sphere”

     hey Kevin,

     perhaps it’s time to reveal who you are/where you’re employed? I don’t think anyone who works in IT security would refer to their role as being “in the cyber sphere”.

     Cheers,

     Renai

     • Ausgnome
       Posted 24/01/2013 at 4:08 pm | Permalink | Reply

       I often tell people I am a Cyber Programmer or was that Cider Programmer

       • Renai LeMay
         Posted 24/01/2013 at 4:17 pm | Permalink | Reply

         Maybe I should start describing myself as a “cyber-blogger”.

         I can just imagine the reaction that would get every time I called up a government department for a comment.

         • Murdoch
           Posted 24/01/2013 at 4:36 pm | Permalink | Reply

           Are you …… no …. you can’t be …..

           A Cyberman?

           I guess the next question is …. who are the Daleks?

           O wait. That’d be Tony Abbott wouldn’t it?

           CALL THE DOCTOR! WE’RE UNDER ATTACK!

     • PointZeroOne
       Posted 24/01/2013 at 4:34 pm | Permalink | Reply

       He’s CyberMan, defender of the cybers!

4. PointZeroOne
   Posted 24/01/2013 at 3:18 pm | Permalink | Reply

   ON NOES SOMETHING ‘BAD’ HAPPENED ON A PIECE OF TECH

   CYBER CRIME!!!

   • Hubert Cumberdale
     Posted 24/01/2013 at 4:14 pm | Permalink | Reply

     yep, pretty much, it’s always easier and more convenient to blame those “evil hackers stealing my megabytes” lol… of course those with an interest need to overstate the severity to keep themsleves relevant.

5. Ausgnome
   Posted 24/01/2013 at 4:06 pm | Permalink | Reply

   After reading this. I am not sure if I should be laughing or Crying

   or both

6. Stephen Collins
   Posted 24/01/2013 at 4:07 pm | Permalink | Reply

   We must fear all cybers. For they will cyber us with their cyber-ey things.

   The FUD and extensive bollocks perpetuated by those in this industry was the reason my time in it was limited. Yes, there are attacks. Yes, people have data stolen or compromised. Yes, both state and non-state actors are involved. Yes, attention needs to be paid and dollars spent.

   But lots of yesterday was hype. As is a significant part of what we hear from government and the media.

   It remains the fact that the greatest risk to corporate and government secrets is the compromised or disaffected insider walking out via the front door with photocopies or a USB stick full of information.

   And, for individuals, low-quality passwords, easily guessable, and overly-linked data are the wide-open front door to messing with your reputation and money. For those unsure, see Wired’s extensive coverage of Mat Honan’s very messy story – http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

   • SMEMatt
     Posted 24/01/2013 at 5:49 pm | Permalink | Reply

     How could that happen I thought all apple products are safe from hackers.

     • Tom
       Posted 24/01/2013 at 6:20 pm | Permalink | Reply

       They are!

       Apparently third-party cookies are unsafe, unless you’re using Safari on OS X, in which case you won’t get your viruses from third-party cookies…

       :|

   • Dan
     Posted 25/01/2013 at 9:54 am | Permalink | Reply

     Modern ‘photocopiers’ can be made to prevent the disclosure of sensitive information. Remember it’s just a digital scanner on top of a laser printer, so a second set of ‘eyes’ can “big-brother” anything happening on the device.

     Also, the sensitive government departments use terminal services with USB devices denied access by policy enforcement.

     You would really, really have to go to some lengths to steal that sort of information these days, which beggars belief as to how the whole ‘cable gate’ affair was executed.

     • Stephen Collins
       Posted 25/01/2013 at 10:01 am | Permalink | Reply

       Dan, what they *can* and do do are two separate things. I’ve worked in highly secure environments in recent times where not only are photocopiers not controlled, they are still rigged as faxes as well, against DSD advice.

       So too, USB. I’ve worked many places where they’re switch off at hardware or hot-glued. Doesn’t stop people invoking Gilmore’s Law when they need to.

       When need meets motivation, shit gets done.

       • Trevor
         Posted 25/01/2013 at 12:05 pm | Permalink | Reply

         I think this highlights a huge problem in IT security worldwide, but is particularly prevalent in Australia – if you want to secure your systems, you need to think and act like someone throwing everything they’ve got at compromising them. The best way to do this is often to employ hackers to do penetration testing, or at the very least developing these skills in-house. Unfortunately Australian law, government and industry prefer to deal with this issue by criminalising any and every part of it (including hacking for ‘legitimate’ purposes) and then burying their heads in the sand in the hope that somehow by ignoring it they have solved the very problem they are avoiding.

         Much like bankruptcy, Australia needs to grow up and embrace ethical hacking as a legitimate and fundamental step in protecting and securing their IT systems. I’d go so far as to suggest thorough penetration testing be a mandatory legal requirement for any company entrusted to securely store customer/citizen records. To do less is to fail in your duty of care to protecting the privacy of your customers.

7. Soth
   Posted 24/01/2013 at 5:27 pm | Permalink | Reply

   That person who’s NBN gigabytes were hacked caused this sudden knee jerk reaction didn’t it! :)

8. Joe
   Posted 24/01/2013 at 6:10 pm | Permalink | Reply

   I saw a documentary the other day called “Skyfall” and OMG its so scary what is happening in the cyber space!!!
   Julia is right, more money spent on cyber safety will make our lives much better. Also we should start investing in prevention of Y3K bugs. My precise calculation, our whole GDP spend on that will make us totaly safe. :-)

9. Paul Krueger
   Posted 25/01/2013 at 11:29 am | Permalink | Reply

   The problem is that anyone who could give accurate advice on the danger would most likely be employed in the Industry, with much to gain from increased spending.

   Having said that… I think that the biggest loss caused by a “cyber attack” last year was the data that Millions of people lost when the United Stated shut down megaupload with no respect for the legitimate data stored there.

   The problem with data, be it photos or business records is that the effort involved in deleting it is so small compared to the effort to create it.

10. Woolfe
    Posted 25/01/2013 at 2:01 pm | Permalink | Reply

    I would suggest this is being pushed by the US. I am in a US company that has in the past few years had some issues that resulted in DHS and FBI getting involved. This company does a certain amount of business with a certain large asian nation.
    We are now going through absolute ridiculous measures in regards to “cyber security”, and it is quite hush hush as to why in the upper echelons. So much so that I have been told not to ask. Which is surprising as whilst communication is a major fail here, if you ask the right people you can find out what you want usually.
    Bearing in mind this company I am in, is not defence or technology related in any way, nor do they do any particular amount of research etc. It is a Primary producer who sells a single product. So any espionage type actions would at most affect the financial well being only. (which could be considered enough in many ways, but still)

11. Kevin Davies
    Posted 28/01/2013 at 8:59 am | Permalink | Reply

    Interesting… http://www.smh.com.au/it-pro/-2delw.html

    Keep the cyber jokes going guys… I am sure humor will protect you.

12. Kevin Davies
    Posted 09/02/2013 at 7:51 pm | Permalink | Reply

    So Renai, what will it take for you to treat these threats seriously? A government institution, oh hang on I have something here for you…

    http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax-system-20130208-2e2kn.html

    And the hits just keep on coming.

• • Topic
  • Voices
  • Posts
  • Freshness
• • Malcolm Turnbull, Time Traveller

    Started by:  quink in: Everything else

  • 2
  • 4
  • 6 days, 14 hours ago

     Karl

  • Article on 'Ultraviolet'

    Started by:  ray73864 in: Everything else

  • 2
  • 2
  • 1 week, 2 days ago

     Karl

  • Surface sells out … of its tiny amount of stock?

    Started by:  Renai LeMay in: Gadgets

  • 4
  • 4
  • 1 week, 3 days ago

     douglasrose

  • Coalition fraudband plan summary…

    Started by:  Hubert Cumberdale in: National Broadband Network

  • 4
  • 5
  • 2 weeks, 1 day ago

     JamesH1

  • NBN Is A Question Of Reliability

    Started by:  JamesH1 in: National Broadband Network

  • 1
  • 1
  • 2 weeks, 1 day ago

     JamesH1

  • Renai asked:

    Started by:  Tinman_au in: National Broadband Network

  • 1
  • 1
  • 2 weeks, 1 day ago

     Tinman_au

  • What Happened to Whirlpool posts

    Started by:  MikeK101 in: Everything else

  • 2
  • 2
  • 4 weeks, 1 day ago

     Bob.H

  • Conroy/Turnbull NBN Debate Next Week

    Started by:  zephram in: National Broadband Network

  • 1
  • 1
  • 4 weeks, 1 day ago

     zephram

  • Blocked from posting? Let me know

    Started by:  Renai LeMay in: Everything else

  • 2
  • 2
  • 1 month ago

     Abel Adamski

  • Falsehoods of the day

    Started by:  Karl in: National Broadband Network

  • 4
  • 5
  • 1 month, 2 weeks ago

     Anonymous

  • Is IBM selling its Network Services Division to Telstra?

    Started by:  Renai LeMay in: Everything else

  • 1
  • 1
  • 1 month, 2 weeks ago

     Renai LeMay

  • 10 Terabit NBN plan? Yes please :)

    Started by:  daniel996 in: National Broadband Network

  • 2
  • 2
  • 1 month, 3 weeks ago

     Karl

  • Renai (or anyone else?): List of working tags?

    Started by:  Tinman_au in: Everything else

  • 3
  • 6
  • 2 months ago

     midspace

  • Receiving spam from "OEMSoftware Newsletter"?

    Started by:  Renai LeMay in: Everything else

  • 4
  • 4
  • 2 months ago

     midspace

  • A brief update on banned users

    Started by:  Renai LeMay in: Everything else

  • 6
  • 9
  • 2 months ago

     Autocrat

•