Thursday, September 22, 2011

How Long’s A Piece Of String?

Last night I tried to access my email, but encountered a phishing attempt (my provider resolved it quickly).
There’re growing incidents of hacking – some personal, some international (such as hacking of multi-nationals, banks, military and government sites).
Alan Dupont, director of the Centre for International Security Studies at Sydney University and former intelligence analyst: "Cyber security is at the top of the (Australian) national security agenda. It's become the fifth domain of warfare - land, sea, air, space and now cyber."
Last week, Oz and USA formally gave cyber attacks the same gravity as military attack for the purposes of the ANZUS defence treaty. They announced that "in the event of a cyber attack that threatens the territorial integrity, political independence or security of either of our nations, Australia and the United States would consult together and determine appropriate options to address the threat".
It's the first time any country’s written cyber attacks into a defence treaty, and it's a strong message that hackers could potentially start conflict in ways they hadn't expected. But what constitutes such an attack? That hasn't been defined yet.
Well, if a hacker steals military secrets, is that grounds for invoking the treaty? Because that's already happened many times...
What if a country suddenly diverts 15% of all global internet routes through its servers, including those for the US Senate and military, for 18 minutes? Because China Telecom did that (April 2010)...
What if a cyber attack shuts down a country's electricity grid, or its financial system? Hello, Tom Clancy...is that provocative enough?
An official said: "The issue will be one where 'you’ll know it when you see it'." How long is a piece of string...?
Hackers don’t care about repercussions – it’s all about the game or the gain - so the onus is on their host countries to tighten their own cyber security. But what if that country benefits from any information received...? 
PS: 27 Sept.2011 - NZ's new National Cyber Security Centre opens.

No comments: