FEBRUARY 21, 2006
MORE than 90 per cent of Australia's critical infrastructure was
operated by corporations that were expected to protect themselves
against e-crime as well as terrorists and overseas attacks, a
conference has heard.
The public and private sectors were interdependent and relied on
national and global networks to do business and provide day-to-day
services, a cyber-terrorism expert said.
Speaking at the Chief Information Officers City Summit in Sydney last
week, Matt Warren said a well targeted cyber-based attack could
disrupt water, power and food supplies, and bring society to a
"Government is trying to persuade corporations to increase security on
those systems," Professor Warren told The Australian.
"However, companies are not being given any extra funds to do that.
They are just asked to do it in the national interest."
While businesses had a duty of care for their own organisational
assets, they were now expected to plan for extraordinary security
risks at a national level, he said.
"The problem is they are not going to have access to the threat
information, so it is hard for them to determine the security risks
that they face."
Professor Warren, who is head of Deakin University's School of
Information Systems, said another issue was that many corporations
were not Australian-owned.
"In Victoria, there are electricity suppliers that are owned by
Singapore companies," he said.
"So there may be resistance to increase expenditure on security to
Part of the problem arose from Australia's lack of a critical
infrastructure protection centre to assist business, or a department
of homeland security, he said.
Prime Minister John Howard has rejected the idea of a department of
homeland security, which was embraced by Labor at the last election.
A single critical infrastructure protection centre could achieve
better co-ordination between business, law enforcement, intelligence
and security agencies, along with civil authorities and defence
organisations, he said.
Australia should also draw on the experience of Canada, New Zealand,
Sweden, Britain and the US, which had all established such a
co-ordination centre, he said.
"The reality is that Australia could not react to an incident in
real-time," he said.
"The number of government organisations involved creates complex
decision-making and wastes resources."
InfoSec News v2.0 - Coming Soon!