[LINK] ISPs in Oz to alert customers???

Richard Chirgwin rchirgwin at ozemail.com.au
Sun Oct 17 08:09:49 AEDT 2010


  It's pretty lazy of the journalist not to identify what she's talking 
about.

Here's the link to the IIA's voluntary code of practice:
http://www.iia.net.au/index.php/codes-of-practice/icode-iias-esecurity-code.html

The actual code is a PDF linked from this page. Section 6 covers how to 
manage customers with compromised computers.

RC

On 16/10/10 9:02 PM, Jan Whitaker wrote:
> Is that ***!!! bit real?
>
>
> US eyes Australian government web plan
>
> http://news.theage.com.au/breaking-news-world/us-eyes-australian-government-web-plan-20101016-16oca.html
>
>
> Lolita Baldor
>
> October 16, 2010 - 8:39PM
>
> AP
>
> The US government is reviewing an Australian
> program that will allow internet service
> providers to alert customers if their computers
> are taken over by hackers and could limit online
> access if people don't fix the problem.
>
> Obama administration officials have been meeting
> with industry leaders and experts to find ways to
> increase online safety, as they try to strike a
> balance between securing the internet and
> guarding Americans' privacy and civil liberties.
>
> ********Cyber experts and US officials are
> interested in portions of the plan, !!!!!slated
> to go into effect in Australia in December.!!!!!!
> But any move toward internet regulation or
> monitoring by the US government or industry could
> trigger fierce opposition from the public.*******
>
> The discussions come as private, corporate and
> government computers across the US are
> increasingly being taken over and exploited by
> hackers and other computer criminals.
>
> White House cyber coordinator Howard Schmidt told
> The Associated Press that the US is looking at a
> number of voluntary ways to help the public and
> small businesses better protect themselves online.
>
> Possibilities include provisions in the Australia
> plan that enable customers to get warnings from
> their internet providers if their computer gets
> taken over by hackers through a botnet.
>
> A botnet is a network of infected computers that
> can number in the thousands and that network is
> usually controlled by hackers through a small
> number of scattered PCs. Computer owners are
> often unaware that their machine is linked to a
> botnet and is being used to shut down targeted
> websites, distribute malicious code or spread spam.
>
> If a company is willing to give its customers
> better online security, the American public will
> go along with that, Schmidt said.
>
> "Without security you have no privacy. And many
> of us that care deeply about our privacy look to
> make sure our systems are secure," Schmidt said
> in an interview. Internet service providers, he
> added, can help "make sure our systems are
> cleaned up if they're infected and keep them clean."
>
> But officials are stopping short of advocating an
> option in the Australian plan that allows
> internet providers to wall off or limit online
> usage by customers who fail to clean their
> infected computers, saying this would be
> technically difficult and likely run into opposition.
>
> "In my view, the United States is probably going
> to be well behind other nations in stepping into
> a lot of these new areas," said Prescott Winter,
> former chief technology officer for the National
> Security Agency, who is now at the
> California-based cybersecurity firm, ArcSight.
>
> In the US, he said, the internet is viewed as a
> technological wild west that should remain
> unfenced and unfettered. But he said this open
> range isn't secure, so "we need to take steps to
> make it safe, reliable and resilient."
>
> "I think that, quite frankly, there will be other
> governments who will finally say, at least for
> their parts of the internet, as the Australians
> have apparently done, we think we can do better."
>
> Cybersecurity expert James Lewis, a senior fellow
> at the Center for Strategic and International
> Studies, said that internet providers are nervous
> about any increase in regulations, and they worry
> about consumer reaction to monitoring or other security controls.
>
> Online customers, he said, may not want their
> service provider to cut off their internet access
> if their computer is infected. And they may baulk
> at being forced to keep their computers free of botnets or infections.
>
> But they may be amenable to having their internet
> provider warn them of cyber attacks and help them
> clear the malicious software off their computers
> by providing instructions, patches or anti-virus programs.
>
> They may even be willing to pay a small price
> each month for the service - much like telephone
> customers used to pay a minimal monthly charge to cover repairs.
>
> Lewis, who has been studying the issue for CSIS,
> said it is inevitable that one day carriers will
> play a role in defending online customers from computer attack.
>
> Comcast Corp is already expanding a Denver pilot
> program that alerts customers whose computers are
> controlled through a botnet. The carrier provides
> free antivirus software and other assistance to
> clean the malware off the machine, said Cathy
> Avgirls, senior vice president at Comcast.
>
> The program does not require customers to fix
> their computers or limit the online usage of
> people who refuse to do the repairs.
>
> Avgrils said that the program will roll out
> across the country over the next three months.
> "We don't want to panic customers. We want to
> make sure they are comfortable. Beyond that, I
> hope that we pave the way for others to take these steps."
>
> Voluntary programs will not be enough, said Dale
> Meyerrose, vice president and general manager of
> Cyber Integrated Solutions at Harris Corporation.
>
> "There are people starting to make the point that
> we've gone about as far as we can with voluntary
> kinds of things, we need to have things that have
> more teeth in them, like standards," said Meyerrose.
>
> For example, he said, coffee shops or airports
> might limit their wireless services to laptops
> equipped with certain protective technology.
> Internet providers might qualify for specific tax
> benefits if they put cyber protection programs in place, he said.
>
> Unfortunately, he said, it may take a serious
> cyber attack before the government or industry
> impose such standards and programs.
>
> In Australia, internet providers will be able to
> take a range of actions to limit the damage from
> infected computers, from issuing warnings to
> restricting outbound email. They could also
> temporarily quarantine compromised machines while
> providing customers with links to help fix the problem.
>
> Online:
>
> Homeland Security Department/Cybersecurity:
> http://www.dhs.gov/files/cybersecurity.shtm
>
> White House Cybersecurity:
> http://www.whitehouse.gov/administration/eop/nsc/cybersecurity
>
> © 2010
> <http://news.theage.com.au/action/displayCopyrightNotice?sourceOrganisation=AP>AP
>
>
>
> Melbourne, Victoria, Australia
> jwhit at janwhitaker.com
> blog: http://janwhitaker.com/jansblog/
> business: http://www.janwhitaker.com
>
> Our truest response to the irrationality of the
> world is to paint or sing or write, for only in such response do we find truth.
> ~Madeline L'Engle, writer
>
> _ __________________ _
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>





More information about the Link mailing list