Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cybercrime initiatives require government/industry collaboration: Stratsec

Police and defence need help from IT security against cybercriminals

The local security industry must improve its engage with government and defence agencies if it is to help prevent the growing level of cybercrime attacks against Australia, industry experts argue.

Speaking at a roundtable event in Sydney, Stratsec chief executive officer, Tim Scully, said fragmentation of the security industry, coupled with a lack of government collaboration, were added problems.

"You’ve got some [security] companies who have very strong capabilities in some areas such as Stratsec but they are a niche capabilities," he said. "They don’t have the weight or resources in the market to go beyond what they do now which is security advice, governance and network penetration."

Scully added that government security networks such as intelligence agency Defence Signals Directorate (DSD), CERT Australia and the Department of Broadband, Communications and the Digital Economy did not have the resources to help end users in the community.

"This means the security industry has to take up that mantle," Scully said. "Industry has to engage with government to do that because there are ways to source information on cybersecurity."

For example, Scully said large vendors such as McAfee and Symantec had a "fantastic" source of information by which they could analyse trends and patterns.

In addition, companies like BAE Systems, which owns Stratsec, were now providing managed security services to all sectors and were collecting cybersecurity data as well.

"There has to be some information to coordinate the analysis of that data because we need some high level of coordination [from the government]," he said.

Scully added that the use of the term cyberwarfare was a problem, because it made cybercrime sound like a military problem.

"It's a societal problem because every person who uses their computer is affected by cybersecurity threats," he said. "It needs a whole of government approach and coordination of all the stakeholders, such as the police, the IT industry and defence, is needed."

He also called for the security industry to educate its end user consumers as the depth of awareness across the general community for cyber awareness was low.

Sourcefire APJ security engineering manager, Kelvin Rundle, agreed with Scully and added that state police were facing a challenge due to their defensive position.

“If you have ever played defence you will know that you are perpetually behind the eight ball, because the attacks we are talking about are fundamentally simple computer generated attacks. The challenge we have as a country is that we’re still playing a legacy defence game," he said.

"If we look at how those [cyber] threats propagate, we are talking about mums and dads who unintentionally are having their central processing unit [CPU] taken away from them to support these organised crime syndicates. Cybercrime is much easier to commit because I believe that state police do not have the resources available to prevent these overseas attacks."

The call for greater collaboration with government follows comments by federal Justice Minister, Brendan O'Connor, that he was looking at ways of mitigating cybercrime, adding that local victims of attacks were usually too embarrassed to come forward.

The comments follow similar calls from Queensland Police Service officer, Brian Hays, who said officers were behind the eight ball when it came to cybercrime because they were not "at the coal face" of security.

Speaking at AusCERT 2011, Hay said a lack of communication and collaboration between policing entities was hindering the fight against cybercrime, with a lack of crimes being reported to members of police.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BAE Systems, CERT, etwork, McAfee, Sourcefire, Sourcefire, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: security, sourcefire, stratsec
Latest Blog Posts
Whitepapers
  • Restore control, Reinforce security & Reduce Cost
    Uncontrolled print environments and practices present a serious risk to the profit and security of your organisation. IT is under pressure to protect sensitive information, secure devices, and improve the way they manage the entire fleet. To gain better control, your organisation needs to implement plans that meet industry regulations while also increasing productivity, lowering costs, and providing users with more flexible imaging and printing solutions. Read more.
    Learn more »
  • Configuration, Not Coding
    For years, many support teams have been hamstrung by their traditional service desk platforms, which require complex, time-consuming coding for virtually every aspect of customisation. This paper can show how organisations can complete their initial deployments quickly, easily and adapt efficiently to the evolving needs of the business with Nimsoft Service Desk.
    Learn more »
  • Customer Case Study: Yarra Valley Water Turns to Enterprise Software to Improve Information Flow
    “We don’t need to wait till month-end for management reports—they’re now available whenever we need them. We have much more efficient management, as everyone across the organization is looking at the same set of figures. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments