[AusNOG] Telecommunications Sector Security Reforms

Fri Sep 29 11:22:06 EST 2017

I would suggest anyone interested in either the framework the government is
creating to manage cyber strategy, or would like to contribute, take a
closer look at the Federal Government's Joint Cyber Security Centre
initiative. I would imagine the intent is down the track that the JCSC will
form policy, and may make recommendations to government for how powers to
compel security measures be adopted will be exercised. They already have a
fair representation of the big players on board, and doubtless more will
follow as centre's other than Queensland are rolled out.

*JCSC Statement of Intent
<https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Documents/JCSC-statement-of-intent.pdf>The
JCSC's mission:*
Strengthen Australia’s cyber security capability and resilience through
effective partnership and collaboration.

*VISION:*
A more resilient Australia able to safely and securely benefit from the
opportunities offered in a digital world.

*STRATEGIC OBJECTIVES*
Sensitive information, including actionable cyber threat intelligence, is
shared quickly between and among
partners.
•
Solutions to cyber security risks and issues are developed through
collaboration and without commercial
bias.
•
A common understanding of the cyber security environment and optimal
mitigation options is achieved
through sharing and analysis of incidents, threats and risks.
•
Organisations
– at all levels –
have access to practical tools and resources to improve their cyber
security.
•
Consistent education and awareness messages are promoted with and among
partners.

On 20 September 2017 at 08:40, Burt Mascareigne <Burt at stormnetwork.com.au>
wrote:

> This is actually a good point.
>
>
>
> We trust in SSL, etc,  PKI in general.
>
>
>
> This has always been an arms race, this latest Apache “OptionsBleed” for
> example.  Seriously, who would have guessed a .htaccess typo can cause a
> memory leak showing bits and pieces of memory to anyone.
>
>
>
> RE: the restaurant analogy, if the supplier gives you food with maggots
> in it,  is that now your fault in the Govt’s eye? You sold the dish with
> maggots, here’s a bill.
>
>
>
> Same, Apache has a bug, you got hacked because of it.  You get the fine?
> Can we forward that fine to Apache? Is it really their fault?  Let’s not
> even mention Windows.. in general.  Because you use these products.. are
> you, “shonky”?
>
>
>
> I know it is more nuisance than this, I just found Mark’s comment
> pertinent.
>
>
>
>
>
>
>
> Regards,
>
>
>
>
>
>
> *Burt Mascareigne Mobile* 0414 450 962   *Office* (02) 9965 5422
> *Address* Level 19, 1 O’Connell Street, Sydney NSW 2000
> *Web* http://www.stormnetwork.com.au
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Mark
> Smith
> *Sent:* Tuesday, 19 September 2017 6:34 PM
> *To:* Paul Wilkins <paulwilkins369 at gmail.com>
> *Cc:* <ausnog at lists.ausnog.net> <ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] Telecommunications Sector Security Reforms
>
>
>
>
>
>
>
> On 19 Sep. 2017 5:36 pm, "Paul Wilkins" <paulwilkins369 at gmail.com> wrote:
>
> "you just have to try your best" goes only as far as the provider's
> internal network and systems. There's no provision for protection of the
> data plane or services delivered to third parties.
>
>
>
>
>
> Yes there is, and most of it is around 20 years old c.f.
> HTTPS/SSL/TLS/IPsec.
>
>
>
>
>
>
>
>
>
> Kind regards
>
> Paul Wilkins
>
>
>
> On 19 September 2017 at 17:25, Eric Pinkerton <misterpink at gmail.com>
> wrote:
>
> >The State/Taxpayer has never once picked up the bill for a network
> security incident.
>
> The bill for these things is mostly paid for by the blood sweat and tears
> of those affected. Anyone who had had their identity stolen for example
> will tell you just how painful and costly it is.
>
> Regardless the language of this law is pretty woolly, you just have to try
> your best, and if you get caught doing something shonky you well get asked
> to stop.
>
> It's not much different to a restaurant with poor hygiene standards
> getting fined for making people sick IMHO.
>
>
>
>
>
>
> Sent from my iPhone
>
>
> > On 19 Sep 2017, at 5:02 pm, Mark Newton <newton at atdot.dotat.org> wrote:
> >
> > The State/Taxpayer has never once picked up the bill for a network
> security incident.
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170929/08f0130b/attachment.html>