It Pays to Take Cyber Security Seriously
As experts in the field of computer forensics will tell you, cyber attacks are usually a deadly serious business. Cleaning up after them can be time-consuming and expensive. With the threat continuing to expand, organizations need to be on constant alert, with staff regularly made aware of emerging dangers. Slip-ups, however, can bring this process into ridicule, ultimately serving only those who seek to abuse the electronic systems upon which we increasingly rely.
An example of this came in Australia recently where a group of disgruntled geeks crashed the prime ministerial website.
As The Australian Financial Review – the country’s national daily economic newspaper – highlighted on September 11, experts from one of the government’s super-sensitive spy agencies had to be called in to help. This was an embarrassing affront to the hundreds of millions of dollars of taxpayer money spent on cyber security by the Defence Signals Directorate (DSD), the equivalent of the US electronic eavesdropping organization, the National Security Agency, and Britain’s GCHQ. A brand new Cyber Security Operations Centre was put in place by DSD in May this year to handle threats such as suspected Chinese and Russian government probes of computer systems. Now it has been called in to help stop a group of geeks attacking the prime minister’s site to protest against the government’s attempts to censor the internet.
For nearly two years the government has been examining the introduction of mandatory ISP level filtering of “refused classification” material relating to things like child sexual abuse, detailed instructions on crime and the advocacy of terrorist acts. A blacklist of web addresses believed to contain prohibited content, which had been compiled by the Australian Communications Media Authority, was leaked earlier this year and found to include sites for a Queensland dentist and a school tuckshop. None of this helps people take the threat seriously. Nine ISPs are soon to complete filtration trials, all of which have been less than inspirational. The political Opposition has also criticised the trials as too small-scale and narrow to produce meaningful results.
The PM’s site was targeted by what internet experts call a group of rowdy students angry at the trials. Their hand-crafted protest has evoked the methods Beijing backers recently used to protest against a documentary movie about the Uighur leader Rebiya Kadeer being shown at the Melbourne International Film Festival.
A government spokeswoman has said that the Cyber Security Operations Centre dispatched advisers to help other agencies that had been targeted to monitor and respond to the geeks’ threat. It appears that there had been no unauthorised access to the PM’s website infrastructure and that the website itself was effected for only a short time. Security software companies monitoring the attack say it seemed to have been carried out by just a few thousand individuals clicking away simultaneously.
That may well be so, but it will no doubt spur on other potential abusers with more sinister intentions. The last thing you want in your organization when these sorts of high-profile crashes occur is to have your staff laugh it all off as a bit of a joke. It’s on just such occasions that the importance of security awareness needs to be reinforced.
