IT security lessons that Australia can teach us.

Author:Kenyan, Paul
Position:VEIWPOINT - Geographic overview

The Australian economy - under the respected guidance of its 27th Prime Minister Julia Gillard and her federal team - is carving out a name for itself in the IT security arena.

Whilst this may sound surprising, it comes against the background of Australia's (as a country) relative youth and the fact that the country has around 22 million citizens: big enough to make its weight felt in international terms, but small enough to be flexible in the modern world of IT matters.

A key example of this is the country's Defence Signals Directorate (DSD) - Australia's equivalent to the US Department of Homeland Security - which has analysed some of the attack techniques used by cybercriminals and come up with four main methods of blocking them.

And the Australian government - moving swiftly in response - has started rolling out these techniques across its government IT infrastructre, reportedly to great effect.

The 3rd and 4th techniques centre on the idea of whitelisting, that is, forcing public sector computer users to install only approved (whitelisted) applications and only allowing similarly approved - and risk analysed - emails to be viewed.

This means that, on their office computers, government employees can only access their corporate email and browse a limited number of Web sites, which, in turn--means they have a far less chance of infecting their PCs than 'civilian' Internet users.

Alongside its controlled software and Internet usage approach to IT, the Australian government has also been highly pro-active in quickly patching high-risk security vulnerabilities in both the operating systems and software that its many computers run.

Based on an analysis of its Internet usage during 2010, in fact, the Australian DSD concluded that at least 85 per cent of the targeted cyber intrusions that it responded to during the year could have been prevented by following these four main mitigation strategies.

These four strategies are just part of a 35-point strategy report - Strategies to Mitigate Targeted Cyber intrusions ( - which found that, although resistance to the idea of patching operating systems and software was low, the costs involved on the financial and staff training side of things were still quite high.

That's not to say that staff response to the report's recommendations - which included the control over both portable and data devices - was entirely positive. The report's authors found there was a high degree of staff...

To continue reading