Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Information privacy law wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cyberwarfare wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cyberattack wikipedia , lookup
Computer security wikipedia , lookup
Cyber-Terrorism Australia ARF Seminar on Cyber-terrorism Busan 16 – 19 October 2007 What is Cyber-Terrorism? • An action or threat of action which seriously interferes with, seriously disrupts, or destroys, an electronic system including, but not limited to information, telecommunications or financial systems. Security Legislation Amendment (Terrorism) Act 2002 What is Cyber-Terrorism? • The action is done or the threat is made with the intention of: – advancing a political, religious or ideological cause; and – coercing, or influencing by intimidation, the government of the Commonwealth or a State, Territory or foreign country (or part of); or – intimidating the public or a section of the public. Security Legislation Amendment (Terrorism) Act 2002 What is Cyber-Terrorism? • The action must cause: – – – – – serious physical harm to a person; or serious damage to property; or a person’s death; or endanger a person’s life; or create serious risk to public health or safety. Security Legislation Amendment (Terrorism) Act 2002 Example – Maroochy Water • Act of sabotage on Maroochydore sewerage treatment system in 2000 • SCADA system manipulated • One of only a handful of confirmed incidents of critical infrastructure sabotage by cyber attack • Not of sufficient scale or motivation to constitute cyber-terrorism Challenges of New Technology • Technological Convergence – Data, voice and video sharing over a single comms infrastructure – Reduces diversity & increases dependence upon core networks – Increases opportunities for cyber-terrorism – Denial of service in addition to risk of data manipulation Cyber-Terrorism Capabilities • Terrorist groups making increasing use of Internet and other technologies. • Increasing links between terrorists and cyber criminals – Recent terrorist events funded through online fraud? – May be increasing the computer skills of terrorist groups and access to skilled programmers • Terrorist groups expanding recruitment to people studying maths, computer science and engineering What is Terrorist Use of the Internet? • Terrorist use of the internet is different from Cyber-terrorism • Concerns terrorist use of Information Communications Technology (ICT) to facilitate and maximise the impact of real world, traditional, terrorist actions as well as a means of influencing individuals and communities. The Internet as a Source of Radicalisation • The internet is a powerful tool to influence people. • Terrorist groups are increasingly using the internet to spread propaganda, radicalising and recruiting individuals by indoctrinating them with extremist ideologies. The Internet as an Operational Tool for Terrorists • Computer Mediated Communications (CMC) facilitates real world terrorist operations by making them cheaper, faster and more secure. The Internet as a “Force Multiplier” for Terrorist Actions • By showing graphic images, such as beheadings and IED attacks terrorist groups are engaging in a form of psychological warfare against their target audience. • The internet and other global media serves as ‘force multiplier’ for terrorist actions. Protection of Australia’s NII • Australian Government is committed to protecting Australia’s critical information and physical infrastructure Critical Infrastructure Protection Modelling and Analysis (CIPMA) • Goals • Business-Government partnership Protection of Australia’s NII • Australian Government’s objective – to create a trusted and secure electronic operating environment • The E-Security National Agenda • Joint Operating Arrangement Protection from Cyber Attack • • • • • • • • Encryption Firewalls & intrusion detection products Virus protection software Password control & protection Internal security policies Patching security vulnerabilities quickly Information sharing on good practice Isolation of critical systems Conclusion • No instance of cyber-terrorism to date, however: – The threat of cyber-terrorism is increasing – Remotely controlled systems are increasing the attraction – Vulnerabilities are increasing while costs of attack are decreasing – Interdependencies are not well understood • Threat must be acknowledged and addressed [email protected] (General CIP matters) www.tisn.gov.au (Trusted Information Sharing Network website) www.nationalsecurity.gov.au (A-G’s website on national security) THANK YOU