CYBER SECURITY STRATEGY AN OVERVIEW

Transcription

1 CYBER SECURITY STRATEGY AN OVERVIEW

2 Commonwealth of Australia 2009 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth. Requests and inquiries concerning reproduction and rights should be addressed to the Commonwealth Copyright Administration, Attorney General s Department, National Circuit, Barton ACT 2600 or posted at

3 Cyber Security Strategy 2009 Introduction Australians have openly welcomed the internet in their lives and businesses. For most of us the internet is part of our daily routine for keeping in touch with friends and family, studying, shopping and paying bills. Increasingly, businesses also use the internet and other information technology to improve efficiency, quality of service, and to access new markets. While the internet offers many benefits, there are also security challenges associated with its use. Our use of the internet has created new opportunities for criminals to seek access to our personal and corporate information, assume our identities and commit financial crimes, such as fraud. Indeed, the Prime Minister in his 2008 National Security Statement to Parliament acknowledged that addressing online threats is now one of our top national security priorities. The Australian Government has developed a new Cyber Security Strategy that provides a framework to better address these threats. It is important that all Australians have a trusted, resilient and secure online environment one that can keep pace with new technologies as they emerge. This is why the Australian Government has based the Cyber Security Strategy on these guiding principles: - strong national leadership to help make sure all Australians look out for the security of our computer systems - shared responsibilities by all online users because we are all susceptible to security threats to our computer systems - partnerships between government, industry and the community so everyone works together to help protect our computer systems - active international engagement because the world is interlinked by computer systems - risk management to make sure the most dangerous threats to our computer systems are dealt with first, and - protecting Australian values so our individual freedoms and right to privacy are upheld while we tackle security threats to our computer systems. 3

4 1. Criminals are targeting internet users There are an increasing number of criminals who are compromising, stealing, changing or destroying information online potentially causing critical disruptions to our computer systems. The borderless, anonymous nature of the internet makes it hard to track down the source of these cyber attacks. Largely driven by personal and financial gain, offenders range from individuals to sophisticated criminal networks. The internet connects all online users around the world whether home users, small businesses, industry or government services. This interconnection means that our actions affect each other. It is for this reason that it is important that all users protect their computers from home users to businesses and governments. 4

5 2. What information are criminals after? Cyber criminals are after personal and business information such as information about your identity and finances. For example, the sort of identity information cyber criminals are after include your: - name - date of birth - home address - work address. The sort of financial information cyber criminals are after include your: - bank account details - credit card details - passwords - logon names. Any site where you publish any of the above information, such as social networking sites, blogs and online CVs, could leave you open to misuse of your personal information or fraud. Be cyber smart be cautious about the personal information you put online. 3. Why do we need a Cyber Security Strategy? The risk to Australia s economic and social wellbeing from cyber crime has been rated as high by the Australian Government. The advent of cyber espionage and, potentially, cyber warfare also means that this is an important national security issue. This is because our economic and social wellbeing depends on our computer systems being secure and reliable. However, the sale and distribution of tools designed to threaten the online environment has become big business for criminals. Moreover, criminals have a variety of attack techniques at their disposal, and cyber exploitation activity has become more sophisticated, more targeted and more serious. 5

6 As government, business and personal activities continue to move to online systems, this threat will continue to grow. Protecting our online environment and our prosperity from these threats is an important strategic issue for the Australian Government. This has led to the development of the new Cyber Security Strategy. 4. The new strategy The Cyber Security Strategy has three goals: 1. for all Australians to know about the security threats to our computers, to know how to secure our computers, and to know how to help protect our identities, privacy and finances online 2. for Australian businesses to operate secure and resilient computer systems to protect their operations and the identity and privacy of their customers 3. for the Australian Government to make sure its computer systems are secure and resilient. 6

7 To help achieve these goals, the Australian Government is: - improving the way they detect and respond to threats to our computer systems that are of national importance - working with business to help protect our computer systems - working internationally to help protect our computer systems - modelling best practice in the way they protect our computer systems - making sure the law can help protect our computer systems by being able to catch and prosecute cyber criminals - making sure we have skilled professionals to help keep our computer systems safe, and - giving all Australians the information, confidence and practical tools we need to protect ourselves online. 5. New organisations As part of the Cyber Security Strategy, Australia has two new organisations that will work together to help protect our computer systems: 1. CERT Australia CERT Australia brings together Australia s national computer emergency response team (CERT) arrangements. It will be the national coordination point for providing cyber security information and advice to all Australians. It will also be the first point of contact for international agencies to contact Australia about cyber security issues. For more information visit 2. Cyber Security Operations Centre (CSOC) Established as an initiative of the Australian Government s Defence White Paper, the CSOC provides the Australian Government with all-source cyber situational awareness and an enhanced ability to facilitate operational responses to cyber security events of national importance. The CSOC will provide comprehensive understanding of the cyber threat and the security status of government networks and networks of national importance. 7

8 The CSOC will identify and analyse sophisticated cyber attacks and provide government with response options. It will also assist in responding to cyber events across government and the private sector through Defence s work in support of other government agencies. For more information visit 6. What else is the Australian Government doing? As part of a strategic approach to tackling online threats, the Australian Government has put a range of activities into place. These include: - the development of a voluntary Internet Service Provider (ISP) Code of Practice in partnership with the Internet Industry Association. ISPs are in a unique position to help educate, inform, influence and protect Australian internet users from online threats - sharing information with key Australian businesses to inform them about how best to protect their computers and their clients information - awareness raising, outreach and education for all Australians through initiatives such as school modules and the Stay Smart Online website, - taking steps to ensure that government systems are secure and resilient so that online government services are available when you need them and the information you provide to government is protected. 8

9 7. What can you do? The Cyber Security Strategy calls on all Australian internet users to be aware of the potential risks when going online. It also calls on all Australians to know how our own actions can be the first line of defence to address online threats. Australians can take some simple steps to protect their personal and financial information online: - get a better, stronger password and change it at least twice a year - get security software, and update and patch it regularly - stop and think before you click on links or attachments - information is valuable be careful about what you give away about yourself and others online - visit for further information and to sign up for the alert service. 8. What can businesses do? To increase your understanding of the security environment and the steps you can take to protect your business and your customers, visit: - the Attorney-General s Department cyber security website - the CERT Australia website at - the Trusted Information Sharing Network for Critical Infrastructure Protection website at - the national security website - information for small to medium enterprises is available at The full Cyber Security Strategy is available on 9

10 Where do I go for more information? How do I get help with protecting my home computer or laptop and my information and transactions online? The Stay Smart Online website is a trustworthy source of easy to understand information, including simple steps and top tips on how to secure your computer and your transactions online. For more information visit I work in a small business. How do I get help with protecting my business and client information and my computers and laptops? The Stay Smart Online website is a trustworthy source of easy to understand information, including a selfassessment tool for small business. For more information visit I work in a large company. How do I get help with protecting our computers? CERT Australia provides information and assistance to large companies, including critical infrastructure, on how to prepare for, respond to and recover from cyber events. For more information visit What is cyber security? Cyber security refers to the safety of computer systems also known as information and communications technologies (or ICT). For more information about cyber security visit 10

11 What is cyber safety? Cyber safety is about helping to protect individuals, especially children, from online risks such as exposure to offensive content, cyber-bullying or grooming online. The Government s cyber-safety measures include law enforcement, filtering and education. For more information about cyber safety visit and What is identity security? Identity security is about protecting an individual s identity from theft or fraudulent use. For more information about identify security visit What are online scams? Some scams are especially designed to take advantage of the way the internet works. A lot of internet scams take place without the victim even noticing. It is only when their credit card statement or phone bill arrives that the person realises that they might have been scammed. For information on how to recognise, report and protect yourself from scams visit What is the digital economy? The digital economy is the global network of economic and social activities that are enabled by the internet and other computer systems. A successful digital economy is essential for Australia s economic growth, social well-being and international standing. To benefit from the digital economy, Australia needs effective cyber security. For more information on the digital economy, visit ww.dbcde.gov.au/digital_economy 11

12