Aus-US alliance to combat cyber crime

A new collaboration between Australia and the United States will improve cyber security standards at home – as well as across the globe, according to Nicola Roxon.

The Australian attorney-general, who is also the minister for emergency management, stated last week (May 18) that recent discussions between US and Australian policymakers in Canberra spelled good news for cyber security management.

Roxon said: “Countries everywhere are increasingly reliant on critical infrastructure such as telecommunications, which enables online activities that contribute to global commerce and trade and play an increasingly important role in national security.”

She added that while such activities have a widespread benefit to the Australian and US economies, they also pose new risks and challenges when it comes to cyber security management.

The two nations will work closely in the coming years to actively combat malicious activity in the online space – and will meet regularly to discuss effective strategies for cyber security co-operation. The May 18 statement of cyber security intent follows a number of other statements jointly signed between the United States and Australia that will foster greater collaboration when tackling international crime.

According to Roxon, the latest collaboration will primarily centre around digital control systems and other aspects of critical infrastructure.

Under the new agreement with the United States, the two countries will create collaborative education and training opportunities , as well as an exchange of information – such as IT and cyber security best practices.

National cyber incident response teams in both nations will also work closely with one another to share information and awareness on specific cyber security incidents and issues. Representatives from Australia and the US will meet annually for progress reviews – identifying successes and challenges.

Earlier this year, Roxon also announced the creation of an Australian branch of CREST – the Council of Registered Ethical Security Testers.

This represents another significant collaboration with international security efforts – CREST Australia is affiliated with CREST Great Britain, which requires its members to meet competency requirements by passing a series of exams.

CREST Australia’s role is to create and enforce the ground rules for Australian cyber security testing – a move that will ensure penetration testing and other work carried out by security professionals is carried out to a recognised standard.

In March, Roxon asserted that the creation of CREST Australia would establish clear and uniform cyber security testing standards.

Hacking incident highlights need for vulnerability management

A major Australian telecommunications company was the victim of computer hackers last week (May 24), compromising the user details of 35,000 customers.

In a statement released last Thursday, Telstra announced it has taken precautionary measures to re-set thousands of customer passwords after a “site security incident” took place at two BigPond Games sites.

According to the telco – which reassured consumers that no financial details were at risk as a result of the security violation – its GameArena and Games Shop sites contained information regarding user details, which may have been compromised.

The company has acted quickly to reset passwords and contact affected users.

The privacy commissioner, Timothy Pilgrim, is currently investigating the incident.

Businesses concerned about the risk of computer crime should consider a red cell assessment, to ensure that their internal security protocols are up-to-date.

Red cell assessments are a thorough external examination of business security systems, with the intention of simulating an unauthorised hacking attempt. The test is designed to find weaknesses and foresee potential points of entry.

Ethical hacking procedures provide the benefit of a third-party appraisal, meaning they bring a fresh and unbiased viewpoint to security evaluation.

Red cell teams are highly trained in using both standard and unpredictable techniques to bypass business security systems. They give businesses the invaluable opportunity to identify weak-points and security flaws, without putting essential secure information at risk.

In a statement on the Australian Information Commissioner’s website, Pilgrim noted the concerning regularity with which incidents like Telstra’s are occurring.

“It is worrying that hacking incidents like this are occurring more often,” Pilgrim said, adding that the Telstra case is an important reminder to have the right level of security in place.

He added that under the Privacy Act, businesses are required to keep their security systems up-to-date in order to protect sensitive consumer information.