Addressing Converged Risks in Converged Infrastructures – A View from Government from Government Jeff Malone Assistant Director – Critical Infrastructure Department of Broadband, Communications and the Digital Economy
Scope • Part 1 - Convergence and its discontents • Part 2 - Historical background • Part 3 – Current Government Initiatives • Part 4 - Future directions
Part 1 - Convergence and its Discontents • Convergence in Infrastructure • Convergence in the Threat
Convergence in Infrastructure • Digital convergence • Public and private • Domestic and international • Physical and virtual
Convergence in the Threat Space • Tools used • Targets attacked
Part 2 - Historical Background • 1970s – 1980s • 1990s • Early 21 st Century
1970s – 1980s • 1979 - Protective Security Review / Vital • 1979 - Protective Security Review / Vital Installations Program • 1986 – DSD designated National Computer Security Authority • 1980s – Information Exchange Steering Committee • 1980s – concepts of the Information Society
1990s • OGIT/OGO – Government ICT • OGIT/OGO – Government ICT • NISCC/IPAC/NOIE – Information Economy • Y2K • Protecting the National Information Infrastructure
Early 21 st Century • Government ICT and the Information • Government ICT and the Information Economy - NOIE • Cybercrime Bill 2001 • E-Security National Agenda
Part 3 – Current Initiatives • E-Security National Agenda reviewed in 2006 2006 • Established E-Security Policy and Coordination Committee • Three priorities: – Protecting Government ICT – Protecting National Critical Infrastructure – Protecting Home Users and SMEs
Protecting Government ICT • OnSecure • OnSecure • Business Continuity
Protecting Critical Infrastructure
Communication Sector Infrastructure Assurance Advisory Group (CSIAAG) • Telecommunications, Broadcast, Submarine Cables, Postal • Trusted information sharing environment • Other activities – Exercises – Risk Management Framework
Information Technology Security Expert Advisory Group • Cross-sectoral • Cross-sectoral • Information papers
SCADA Community of Interest • Working group of ITSEAG • Working group of ITSEAG • Practitioner workshops
Other Initiatives • GovCERT • Computer Network Vulnerability Assessment Program • Critical Infrastructure Modelling and Analysis Program • CYBERSTORM series of exercises
Protecting Home Users and SMEs • Stay Smart Online • Stay Smart Online Alert Service • National E-Security Awareness Week • E-Security Education Package
Stay Smart Online website www.staysmartonline.gov.au Encouraging home Encouraging home users and small businesses to adopt smart e-security practices and behaviours
Stay Smart Online Alert Service • The Stay Smart Online Alert Service is available through the Stay Smart Online website. through the Stay Smart Online website. • The Alert Service is a free subscription service and provides information to home users and small businesses on Australian context e- security threats and possible solutions to address them.
2008 National E-Security Awareness Week • Australia’s National E-Security Awareness • Australia’s National E-Security Awareness Week ran from 6 -13 June 2008. - Range of events, community activities and initiatives held across Australia (both regional and cities) throughout the Week.
E-Security Education Package for Australian Schools • An e-security package for Australian schools is currently being developed. • Targeted at both primary and secondary children to improve secure online behaviours.
Part 4 - Future Directions • National Security Strategy • Homeland and Border Security Review • E-Security Review
National Security Statement • Significant electoral commitment by Government • Provides whole-of-government perspective on national security • Considers broad range of Australia’s interests and threats – specifically includes ‘cyber’ threats
Homeland and Border Security Review • Comprehensive review of border and • Comprehensive review of border and homeland security – includes critical infrastructure protection • Conducted by Ric Smith – coordinated out of DPMC • Presently being considered by Government
E-Security Review 2008 • Develop new policy framework for e- security security • Address emerging issues • Submissions sought • Will report to Government in October 2008.
Conclusion
Questions?
Recommend
More recommend
