National Broadband Network Will Leave Australia Woefully Unprepared For Cyber Attacks

[Infiltrator]

AUSTRALIAN businesses and infrastructure are woefully unprepared for cyber attacks like the Stuxnet virus, and the Federal Government’s National Broadband Network could open us up to even greater risks.

The discovery of the Stuxnet virus - which allegedly targeted an Iranian nuclear plant among countless other energy companies around the world - has shown the sophisticated levels that malware has reached.

Software security experts are warning that that this sort of attack on governments and nations is becoming more frequent and may successfully hit Australian targets through the NBN.

A survey released today by Symantec has found that small firms are the most unprepared of all businesses, and the industry sector which is the least prepared for an attack on critical infrastructure is, ironically, communications.

This has significant consequences for the National Broadband Network currently being rolled out across the country.

Craig Scroggie, vice president and managing director of Symantec Corporation, told news.com.au that there were risks involved in the building of the “extraordinary piece of infrastructure”.

Mr Scroggie said that despite the economic and community benefits the NBN will bring, “the dangers that come of it are very large”.

According to Mr Scroggie the NBN will make broad ranging attacks, such as Distributed Denial of Service (DDoS) attacks, much easier.

“Imagine you’ve got the entire country on high speed broadband ... you don’t need as large a botnet to do as much damage.”

Critical Infrastructure attacks are real

Mr Scroggie also said that there was a shift in motivations behind cyber attacks away from the strictly financial to politically minded attacks on public infrastructure that we hadn’t seen in previous years.

“Think of 9/11, if the actual support infrastructure had been attacked. Imagine if the electricity grid or traffic system was able to be compromised,” Mr Scroggie said.

“The one thing that we know about the critical infrastructure attacks is that they are real. In the past people thought they were conspiracy theories.”

“Cyber criminals are motivated financially and attacks on critical infrastructure can be sold to the highest bidder.”

Stuxnet 'disturbingly complex

While the motives behind it are as yet unknown, the Stuxnet virus is an advanced example of a critical infrastructure attack that Mr Scroggie described as being disturbing in its complexity. While he said he did not like to guess where it originated from, there were key indicators.

“What we do know, just by the significant volume of resources to perpetrate a fraud (of this size) is it would have to be a private organisation or a government-backed country or organisation.”

And according to the Symantec survey, businesses and infrastructure are at far greater risk than they should be of falling victim to a similar attack in the future.

It found that a majority of businesses and critical infrastructure providers had experienced an attack which they believed had a specific political goal in mind, with one-third of the attacks attempting to manipulate physical equipment.

Three in five of these attacks were considered effective and cost an average of $850,000 each.

One-third of the respondents did not believe they were prepared for an attack in the future.

The 1580 enterprises surveyed ranged from all over the globe, and were varying sizes from 10 employees to 10,000.

Mr Scroggie said that businesses and governments were working together to prepare for cyber attacks adequately.

He said Symantec recommended that businesses establish 24-hour security and protection policies and that governments put forth more resources to establish critical infrastructure programs.

Source: http://www.news.com.au/technology/national...0-1225935261135

Edited October 11, 2010 by Infiltrator

[Netshroud]

There was an ABC 4Corners episode about 6 months ago on this.

[Infiltrator]

There was an ABC 4Corners episode about 6 months ago on this.

Missed that one, will see if I can download the torrents of it.

[Netshroud]

http://www.abc.net.au/4corners/content/2009/s2655088.htm

[Infiltrator]

I think its time for me to deploy Untangle with intrusion prevention and Kaspersky virus blocker and a few more security features. That should give me some peace of mind. And of course I should't forget the machines itself.

[Alias]

Reckon I'll set up an Untangle (or something very similar) server/router that drops packets once it reaches a certain speed.

[macrohard]

I've been using Untangle for a couple of years now, and highly recommend it.

[Infiltrator]

I've been using Untangle for a couple of years now, and highly recommend it.

I have used Smoothwall and PfSense in the past but have to say Untangle has better security features and its more flexible.