[LINK] Australian Cyber Security Operations Centre

Tom Worthington tom.worthington at tomw.net.au
Mon Jan 18 12:09:43 AEDT 2010

Tom Koltai wrote:
>> ... Tom Worthington Sent: Friday, 15 January 2010 2:56 PM The
>> Australian Defence Department officially opened its Cyber Security
>> Operations Centre (CSOC) ... in Canberra ...
> Tom, I think there are two distinct roles for "Cert" organisations in
> Australia. Commercial activity and Anti-Cyber-Terrorism activity. ...

As I told the Channel 10 news, there is no clear distinction between 
civil and military with network security. The first line of defence 
against online attacks are not the military, but civilians. Most of the 
critical infrastructure to be protected is run by private sector 
companies and staffed by civilians. It is these people who are in the 
best position to detect an attack and provide the initial defence.

> With the next level of hostile incursions doubtless being mounted via
> the Net, I don't see how the Government could do aught but set up their
> own system.

The Government do need their on system, but this should be as a adjunct 
to the private civilian systems, which will be the primary line of 
defence. We can't rely on the government to protect us from cyber 
attack: they do not have the resources nor skills required.

> I consider that in the future, Cybersecurity will become as important
> from a national security standpoint as the armed forces and
> anti-terrorist law enforcement groups.

Yes, cyber security will be important, but like anti-terrorism, it is 
mostly a civilian non-government activity. Terrorists are detected and 
defeated mostly by ordinary civilians noticing unusual events, not by 
anti-terrorist paramilitary police in black balaclavas.

There is a popular perception that detection of a military attack comes 
from someone sitting at a radar screen in a military command centre. In 
fact the screen which is always on at such centres and most likely to 
detect an attack is the 24 hour news channel.

The Australian Government helped fuel the perception of an all seeing 
military surveillance of cyberspace with the launch of the Cyber 
Security Operations Centre (CSOC). The TV reporting of the launch shows 
a large room set up as an operations centre, with a big screen and rows 
of operators at consoles. This is clearly not the real DSD CSOC and was 
set up just for the TV news crews to film as a PR exercise. It may be 
useful for government PR purposes, but I doubt that creating this false 
impression makes Australia more secure.

> I don't consider that Auscert is qualified to act in a co-ordinated
> military fashion to prevent attacks ...

As the recent RAND report "Cyberdeterrence and Cyberwar" (Martin C. 
Libicki) points out there is no feasible military defence for an online 

The best defence is ordinary computer security. Conventional military 
force is not much use to deter a cyber attack.

> Counter Cyber Insurgency must be a Government controlled and funded
> exercise.

Counter insurgency involves political as well as military considerations 
and can include civilian and police measures. In any case it seems 
unlikely that Australia has a cyber-insurgency problem. I don't think we 
have an organised group of cyber-activists in Australia seeing to 
undermine the political authority of the government, apart perhaps from 
the Minister for Communications. ;-)

> But there are people in Australia that the Government should hire,
> rather than attempt to manage this task on it's own. ...

The Government should help fund and coordinate civil efforts of cyber 
defence. It should fund and take part in exercises so that those 
involved in companies, universities, government and military, know what 
to do when their is a problem and know who they can communicate with.

> Now as long as the GovCert chaps have real interdiction talent, Oz will
> be fine. ...

Yes, they government and military have some good people (I used to be 
one of them and now help train others), but they need to keep in mind 
that they are only a small fraction of the resources available and their 
main role is to help coordinate the civil defence.

Tom Worthington FACS HLM, TomW Communications Pty Ltd. t: 0419496150
PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
Adjunct Lecturer, The Australian National University t: 02 61255694
Computer Science http://cs.anu.edu.au/people.php?StaffID=140274

More information about the Link mailing list