• Great articles on other sites
  • RSS Great articles on other sites

  • Blog, Security - Written by on Thursday, January 24, 2013 14:38 - 27 Comments

    Debunking the “cyber-security” hype

    blog Prime Minister Julia Gillard has spent much of yesterday and today talking about the massive threat that so-called “cyber-security” attacks pose to Australia, and highlighting how the Federal Government is throwing billions of dollars at the situation. But is the “cyber” threat really that imminent and dangerous? No, according to Crikey correspondent Bernard Keane. Keane has published an extensive, highly referenced article debunking eleven recent “cyber” attacks. A sample par (we recommend you click here for the full article):

    “… it pays to be sceptical whenever politicians, commentators or companies talk about the massive threat cyber warfare poses. To help, Crikey has compiled a reading guide to some of the claims made both about cyber warfare and cybersecurity generally, and to some of the specific incidents that are used by advocates of “cybersecurity” …”

    We don’t always agree with everything Keane writes, but we think he’s nailed it in this article. There is no doubt that attention needs to be placed on the IT security of Australia’s critical infrastructure, and that governments and corporations all around Australia should be doing a better job of securing their IT systems. However it’s very unlikely that Australia is on the verge of a hugely dangerous “cyber” attack. Calm down, people. The “cyber” sky isn’t falling.

    submit to reddit

    27 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Marcus
      Posted 24/01/2013 at 2:51 pm | Permalink |

      +1.
      what can i say, you’re both right.

    2. Kevin Davies
      Posted 24/01/2013 at 2:53 pm | Permalink |

      Can someone in the security industry please take Renai LeMay aside and have a quiet word with him…

      • Posted 24/01/2013 at 2:58 pm | Permalink |

        Kevin,

        You’ve got evidence which runs contrary to this article? I invite you to present it and I will consider it.

        Cheers,

        Renai

        • Trevor
          Posted 24/01/2013 at 3:25 pm | Permalink |

          Haha calm down Ren, Kevin was attempting to be humerous/sarcastic, his comment being directed at the fact that your article runs contrary to Govt & much private security propaganda/publication on the topic (and justifiably so, too – this is exactly the same kind of sky-is-falling fear mongering that generated the ‘Y2k bug’ nonsense that was one of the biggest orchestrated international rorts by an entire industry that the world has ever seen).

          Seems to me that memories are very short & the usual suspects are at play here with the same tired old tricks, but my money’s on them grtting away with it because they always have & the public shows no signs of waking up at this juncture…

          • Woolfe
            Posted 25/01/2013 at 1:48 pm | Permalink |

            Offtopic, but Y2k wasn’t a complete Rort. The biggest concern was what would happen when all the devices and especially the heavy machinery type devices that had chips in them that couldn’t go past 99. That was the real issue. Unfortunately in most of those situations because a lot of the gear couldn’t be tested easily(often the work required to be able to test, was harder than just replacing).

            Home pc’s even most business pc’s etc were not a great concern, that was definately hyped out of all proportion.

            As it turns out it all went swimmingly anyway. There were a couple of documented failures due to y2k (HSBC lost all its swipe card access or something) and I have no doubt there were a lot of little glitches that just got managed. Now whether that was because it was a “non issue” or because everyone replaced and “fixed” every system is a question only the gods can answer.

            I actually look on Y2k as a major success. There was an issue, and people did something to prevent it, and lo and behold no issue. If only we were so forward thinking about climate change :-)

    3. Kevin Davies
      Posted 24/01/2013 at 3:07 pm | Permalink |

      I am not in a position to do that. For your benefit, have asked. If it does happen, no promises Renai, you will likely not be able to discuss it in other than the most general terms. However you would have a much better understanding of the challenges we face in the cyber sphere.

      • PointZeroOne
        Posted 24/01/2013 at 3:58 pm | Permalink |

        Do you really work in the ‘cyber’ industry and call it ‘cyber something’?

        “oh what do you do for work?”
        “I cyber”
        “erm…you have online sex?”

      • Posted 24/01/2013 at 4:05 pm | Permalink |

        “in the cyber sphere”

        hey Kevin,

        perhaps it’s time to reveal who you are/where you’re employed? I don’t think anyone who works in IT security would refer to their role as being “in the cyber sphere”.

        Cheers,

        Renai

        • Ausgnome
          Posted 24/01/2013 at 4:08 pm | Permalink |

          I often tell people I am a Cyber Programmer or was that Cider Programmer

          • Posted 24/01/2013 at 4:17 pm | Permalink |

            Maybe I should start describing myself as a “cyber-blogger”.

            I can just imagine the reaction that would get every time I called up a government department for a comment.

            • Murdoch
              Posted 24/01/2013 at 4:36 pm | Permalink |

              Are you …… no …. you can’t be …..

              A Cyberman?

              I guess the next question is …. who are the Daleks?

              O wait. That’d be Tony Abbott wouldn’t it?

              CALL THE DOCTOR! WE’RE UNDER ATTACK!

        • PointZeroOne
          Posted 24/01/2013 at 4:34 pm | Permalink |

          He’s CyberMan, defender of the cybers!

    4. PointZeroOne
      Posted 24/01/2013 at 3:18 pm | Permalink |

      ON NOES SOMETHING ‘BAD’ HAPPENED ON A PIECE OF TECH

      CYBER CRIME!!!

      • Hubert Cumberdale
        Posted 24/01/2013 at 4:14 pm | Permalink |

        yep, pretty much, it’s always easier and more convenient to blame those “evil hackers stealing my megabytes” lol… of course those with an interest need to overstate the severity to keep themsleves relevant.

    5. Ausgnome
      Posted 24/01/2013 at 4:06 pm | Permalink |

      After reading this. I am not sure if I should be laughing or Crying

      or both

    6. Posted 24/01/2013 at 4:07 pm | Permalink |

      We must fear all cybers. For they will cyber us with their cyber-ey things.

      The FUD and extensive bollocks perpetuated by those in this industry was the reason my time in it was limited. Yes, there are attacks. Yes, people have data stolen or compromised. Yes, both state and non-state actors are involved. Yes, attention needs to be paid and dollars spent.

      But lots of yesterday was hype. As is a significant part of what we hear from government and the media.

      It remains the fact that the greatest risk to corporate and government secrets is the compromised or disaffected insider walking out via the front door with photocopies or a USB stick full of information.

      And, for individuals, low-quality passwords, easily guessable, and overly-linked data are the wide-open front door to messing with your reputation and money. For those unsure, see Wired’s extensive coverage of Mat Honan’s very messy story – http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

      • SMEMatt
        Posted 24/01/2013 at 5:49 pm | Permalink |

        How could that happen I thought all apple products are safe from hackers.

        • Tom
          Posted 24/01/2013 at 6:20 pm | Permalink |

          They are!

          Apparently third-party cookies are unsafe, unless you’re using Safari on OS X, in which case you won’t get your viruses from third-party cookies…

          :|

      • Dan
        Posted 25/01/2013 at 9:54 am | Permalink |

        Modern ‘photocopiers’ can be made to prevent the disclosure of sensitive information. Remember it’s just a digital scanner on top of a laser printer, so a second set of ‘eyes’ can “big-brother” anything happening on the device.

        Also, the sensitive government departments use terminal services with USB devices denied access by policy enforcement.

        You would really, really have to go to some lengths to steal that sort of information these days, which beggars belief as to how the whole ‘cable gate’ affair was executed.

        • Posted 25/01/2013 at 10:01 am | Permalink |

          Dan, what they *can* and do do are two separate things. I’ve worked in highly secure environments in recent times where not only are photocopiers not controlled, they are still rigged as faxes as well, against DSD advice.

          So too, USB. I’ve worked many places where they’re switch off at hardware or hot-glued. Doesn’t stop people invoking Gilmore’s Law when they need to.

          When need meets motivation, shit gets done.

          • Trevor
            Posted 25/01/2013 at 12:05 pm | Permalink |

            I think this highlights a huge problem in IT security worldwide, but is particularly prevalent in Australia – if you want to secure your systems, you need to think and act like someone throwing everything they’ve got at compromising them. The best way to do this is often to employ hackers to do penetration testing, or at the very least developing these skills in-house. Unfortunately Australian law, government and industry prefer to deal with this issue by criminalising any and every part of it (including hacking for ‘legitimate’ purposes) and then burying their heads in the sand in the hope that somehow by ignoring it they have solved the very problem they are avoiding.

            Much like bankruptcy, Australia needs to grow up and embrace ethical hacking as a legitimate and fundamental step in protecting and securing their IT systems. I’d go so far as to suggest thorough penetration testing be a mandatory legal requirement for any company entrusted to securely store customer/citizen records. To do less is to fail in your duty of care to protecting the privacy of your customers.

    7. Soth
      Posted 24/01/2013 at 5:27 pm | Permalink |

      That person who’s NBN gigabytes were hacked caused this sudden knee jerk reaction didn’t it! :)

    8. Joe
      Posted 24/01/2013 at 6:10 pm | Permalink |

      I saw a documentary the other day called “Skyfall” and OMG its so scary what is happening in the cyber space!!!
      Julia is right, more money spent on cyber safety will make our lives much better. Also we should start investing in prevention of Y3K bugs. My precise calculation, our whole GDP spend on that will make us totaly safe. :-)

    9. Paul Krueger
      Posted 25/01/2013 at 11:29 am | Permalink |

      The problem is that anyone who could give accurate advice on the danger would most likely be employed in the Industry, with much to gain from increased spending.

      Having said that… I think that the biggest loss caused by a “cyber attack” last year was the data that Millions of people lost when the United Stated shut down megaupload with no respect for the legitimate data stored there.

      The problem with data, be it photos or business records is that the effort involved in deleting it is so small compared to the effort to create it.

    10. Woolfe
      Posted 25/01/2013 at 2:01 pm | Permalink |

      I would suggest this is being pushed by the US. I am in a US company that has in the past few years had some issues that resulted in DHS and FBI getting involved. This company does a certain amount of business with a certain large asian nation.
      We are now going through absolute ridiculous measures in regards to “cyber security”, and it is quite hush hush as to why in the upper echelons. So much so that I have been told not to ask. Which is surprising as whilst communication is a major fail here, if you ask the right people you can find out what you want usually.
      Bearing in mind this company I am in, is not defence or technology related in any way, nor do they do any particular amount of research etc. It is a Primary producer who sells a single product. So any espionage type actions would at most affect the financial well being only. (which could be considered enough in many ways, but still)

    11. Kevin Davies
      Posted 28/01/2013 at 8:59 am | Permalink |

      Interesting… http://www.smh.com.au/it-pro/-2delw.html

      Keep the cyber jokes going guys… I am sure humor will protect you.

    12. Kevin Davies
      Posted 09/02/2013 at 7:51 pm | Permalink |

      So Renai, what will it take for you to treat these threats seriously? A government institution, oh hang on I have something here for you…

      http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax-system-20130208-2e2kn.html

      And the hits just keep on coming.




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT


    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications


    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry


    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights