Australia needs ‘Internet Tsunami’ to lift cyber security standards: AFP

It may take a major event, such as the undermining of one of Australia’s big four banks or an attack on the country’s national information infrastructure, before the Federal Government dedicates the resources needed to combat cyber security, according to the Australian Federal Police (AFP).

Speaking at a cyber security roundtable hosted by F-Secure in Sydney, Neil Gaughan, manager high tech and child protection operations at the AFP, said it would take a “catastrophic event” until resources get were pointed in the right direction.

“When the twin towers were hit in the US, we saw a significant worldwide resourcing placed on [fighting] terrorism,” he said. “As a result of activity happening in Northern Australia, resourcing is being put in place [to fight] people smuggling activity. We need to have a Tsunami on the Internet before the mindset will change.”

According to Gaughan, the lack of focus on cybercrime is due largely to a lack of demand from the public, who should be putting more pressure on the government to combat Internet-based crime. Similarly, Gaughan also said police priorities were not geared toward combating online crime.

“We recently had 300 people involved in cheque and currency fraud activity, and local law enforcement activity involved [in the case] was pretty minimal,” he said. “However, if you had a bomb go off in the middle of the CBD everyone would be involved very quickly.”

“Until the point where the community feels it is being impacted by [cybercrime] there is not going to be an expectation placed on government to do anything about it,” he added.

Along with legislation not keeping pace with the rate of change online, law enforcement agencies are also burdened by processes that hinder cooperation between agencies, both here and overseas, Gaughan said.

On the one hand, individual law enforcement officers had to make use of any informal contacts they had in overseas agencies — a “who knows who in the zoo” approach, according to Gaughan — or via a “mutual assistance request”.

“It is very slow, extremely cumbersome and to be blunt, does not service us in our needs in the current environment,” Gaughan said.

“[However] there is a significant amount of work being done in the Attorneys General’s department in negotiating with governments overseas to actually change the treaty regime we have in place to enable us to obtain information in real time as that is what we need to do.”

To encourage greater interaction between all state and federal governments on cybercrime, and to better co-ordinate responses to individual cybercrime incidents, the AFP’s Assistant Commissioners Crime Forum had just launched the e-Crime Practitioners Working Group.

Gaughan said the AFP was also working on developing mitigation and prevention strategies through greater collaboration between itself and AusCERT, the judiciary, academia and the IT industry.

“It’s about the attitude of the consumer,” he said. “You wouldn’t walk down Pitt Street with your ABN and bank details on a t-shirt, but we are quite happy to have those bank account details on an insecure computer.”