Monday, August 15, 2016

Australian Government Needs a Planned Response to Cyber Attack

The security of government information systems is the responsibility of government ministers, not IBM or the ABS. What should be of concern is not just that there was a successful denial of service attack on the Australian Census, but the apparent lack of a planned and practiced response from the relevant government ministers and their staff. Had this been a more serious attack, such as one on critical infrastructure threating lives, the poor performance by ministerial level of government could have been disastrous.

At the senior levels of government there need to be plans in place for who says what and when. These plans need to be tested in exercises, just as is done for natural disaster planning, which Australian state and local governments do well. Internet Australia (IA) members are discussing what form of submission to make to the likely Parliamentary inquiries into this matter. I suggest the Australian Computer Society (ACS) join with IA on this and try to widen the discussion to cover Internet security more generally. ACS and IA need not agree on every aspect, buy could loosely coordinate, as was done for the Internet regulation inquiries of the 1990s, as  described by Chen (2000, p. 161).

Reference

Chen, P. J. (2000). Australia's online censorship regime: the Advocacy Coalition Framework and governance compared. Retrieved from
https://minerva-access.unimelb.edu.au/bitstream/handle/11343/38780/65881_00000240_01_AOCR.pdf?sequence=1#page=162

No comments: