1 / 23

DSD and E-Security

DSD and E-Security. Tim Burmeister Information Security Policy Defence Signals Directorate Tim.Burmeister@dsd.gov.au. E-security in Government Today. Risk Management Greater prevalence of mixed environments Service delivery vs. secure operating environments. The Future ….

perry
Download Presentation

DSD and E-Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DSD and E-Security Tim Burmeister Information Security Policy Defence Signals Directorate Tim.Burmeister@dsd.gov.au

  2. E-security in Government Today • Risk Management • Greater prevalence of mixed environments • Service delivery vs. secure operating environments

  3. The Future …

  4. The Information Security Business • DSD has been doing it for over 50 years • But we no longer have a monopoly • Government used to provide its own solutions • Now everyone seems to be in on the act

  5. Costs • Melissa: $80 million damage • I Love You: $10 billion damage • Software piracy: $ 7.5 billion

  6. Diverse Sources of ‘Attack’ • Chernobyl: June 1998, Taiwan • Melissa: March 1999, US • I love You: May 2000, The Philippines • Kournikova: Feb 2001, The Netherlands

  7. Infrastructure Attacks • 1996 - 911 Services, Florida • 1997 - regional airport disruption, US • 1999 - threat to power supplies, Belgium

  8. Computer Hacker Caused Sewage Overflows, Police Say An alleged computer hacker caused raw sewage to overflow on Queensland's Sunshine Coast by using radio transmissions to alter council sewage pump stations, police said today. The charges include stealing, computer hacking and using radio communications equipment without authority. Police will allege the man caused the overflows of sewage into Maroochy Shire waterways late last year and early this year using radio transmissions to alter council sewage pump stations. (Australian Associated Press, 23/5/2000)

  9. More Coordinated Attacks The so-called Israeli/Palestinian Cyberwar

  10. Infrastructure Attacks But what don’t we know about?

  11. ‘We’re in Trouble…’ Sources: attrition, alldas

  12. ‘Or maybe not…’ Sources: attrition, alldas

  13. DSD’s Functions From the 1986 government directive: • Provide material, advice and assistance to Commonwealth Government Departments and authorities and the Defence Force on matters relevant to the security and integrity of official information, and or loss or compromise of which could adversely affect National Security; and • Provide advice on request to Commonwealth Government Departments and authorities in relation to other sensitive official information unrelated to National Security.

  14. Functions of DSD 7 … (c) to provide material, advice and other assistance to Commonwealth and State authorities on matters relating to the security and integrity of information that is processed, stored or communicated by electronic or similar means; and (d) to provide assistance to Commonwealth and State authorities in relation to cryptography and communications technologies. Intelligence Services Bill, 2001

  15. DSD and E-Security • The Australasian Information Security Evaluation Program (AISEP) • Advice and Assistance • Computer Network Vulnerability Team • Protection of the National Information Infrastructure

  16. AISEP Evaluation • Evaluation is the thorough examination of a product’s security claims using a defined criteria. • Australia uses two evaluation criteria • Common Criteria • ITSEC • Common Criteria is the more recent evaluation criteria • Broad scope of mutual recognition internationally

  17. Concept of Assurance • Assurance is: • The degree of confidence in the claimed security features of a product or system. • Defined by a Security Target.

  18. The EPL • DSD lists products that have completed evaluation on the EPL (certified) • Certification Reports available • Use in conjunction with the published Security Target • Products that are ‘In-Evaluation’ are also listed on the EPL • Buyer beware • Can not provide the same level of assurance

  19. And this is good because … • there are products available which are known to perform appropriately • not just for government use • use in the private sector can help to promote a more secure IT environment

  20. establishing IT security policy guidance on setting up IT networks providing assistance to departments in securing their IT systems performing internet gateway certifications for government whole of Government infrastructure Gatekeeper (a public key infrastructure) Fedlink (secure network connecting all departments) Advice and Assistance

  21. keep abreast of known vulnerabilities in software and equipment research, test software and equipment for potential new problems perform security audits on client's systems and networks incident response capability Computer Network Vulnerability Team

  22. two broad roles intelligence (threat and vulnerability assessments, other products) incident response, together with ASIO and the AFP incident reporting scheme for commonwealth government agencies ISIDRAS currently Onsecure Website, in concert with NOIE National Information Infrastructure

  23. Known threats and unknown threats DSD helps government prepare itself for both Conclusion

More Related