Threats to society from cybercrime are bigger than ever. So what are we doing about it?
While debating issues of terrorism with colleagues recently, it was suggested that the best way to cripple an Australian city would be to poison its water supply.
I argued that attacking the computer systems of Australia's banks and telecommunications companies would be far more effective and could be achieved from anywhere in the world, without the terrorists having to physically travel to Australia.
Fortunately, our governments are also aware of the potential vulnerability of critical information infrastructure and are moving to shore up our defences.
The challenge for Australia is that 90 percent of our essential information systems belong to private companies engaged in activities like finance, telecommunications, utilities, transport, and health services, rather than to the Government itself. This raises questions about responsibility in relation to national security and who should bear the cost.
If Australia faced a physical threat, such as that posed by the events of September 11 or the subsequent Bali bombings, this would clearly fall under the ambit of the Commonwealth and its various defence and policing services.
An attack on our banking networks, while clearly not as life-threatening, could certainly undermine our ability to engage in commerce and trade, and, by restricting access to finance and cash, could create widespread panic and even riots.
Likewise, attacks that bring down our power stations, electricity generators and communications networks would threaten the very fabric of our society.
Thus, it's not surprising that security experts have called for Government to provide financial incentives to those corporations responsible for systems that qualify as being critical information infrastructure.
According to Leif Gamertsfelder of law firm Deacons, the Government should consider a tax incentive scheme similar to the 175 percent concessional rate available for R&D investments. He believes such a scheme would encourage companies to invest more heavily in security measures by helping to defray the cost across all taxpayers.
| The Australian Federal Police recently revealed the number of cybercrime attacks in Australia jumped from 1765 in 1998 to 31,334 in 2001. |
The increase in Internet fraud and other forms of computer crime in recent years has been alarming, with new figures showing Australia has the third highest incidence of complaints in the world, behind America and Canada, with losses climbing from $28 million in 2001 to almost $89 million last year. Similarly, the Australian Federal Police (AFP) recently revealed the number of cybercrime attacks in Australia jumped from 1765 in 1998 to 31,334 in 2001, although a spokesperson said this was only the tip of the iceberg, since computer crime is greatly under-reported.
The AFP's general manager for counter-terrorism, Ben McDevitt, told last month's National Critical Information Infrastructure Security conference that they planned to build closer relationships with business to help counter the growing number of computer crime attacks.
He highlighted the importance of companies reporting incidents of computer crime and working with authorities to remove vulnerabilities in their systems and bring criminals to justice.
A recent example of successful partnering between business and the law came late last year when NSW Fraud Squad detectives enlisted the help of the major banks to track down and arrest a Malaysian national who allegedly used a pinhole camera and data capture device to collect customer numbers from ATMs.
The Government is hoping for more successes like this one through the establishment of the High Tech Crime Centre, which oversees all technology-related investigations and intelligence for the AFP and the Australian Crime Commission.
This requires greater cooperation and coordination between authorities, government agencies, and private enterprise, and the commitment of greater resources from all parties to these efforts.
Richard Hogg is National president of the Australian Computer Society (ACS). The ACS is the recognised association for Information Technology (IT) professionals, attracting a membership (over 16,000) from all levels of the IT industry and providing a wide range of services. A member of the Australian Council of Professions, the ACS is the guardian of professional ethics and standards in the IT industry, with a commitment to the wider community to ensure the beneficial use of IT.
Visit this page for other ACS articles published by ZDNet Australia.
Subscribe now to Australian Technology & Business magazine.
