Sydney has been the host city for recent discussions between the OECD expert group on global information security, Australia's Internet Industry Association and the US Internet Industry Association on how the new security environment will impact the Internet in Australia, and how our information infrastructure can be made more secure from terrorist attacks.

During three days of meetings, the Internet Industry Association (IIA)and the USIIA created a Draft Joint Statement of Principles, to broadly outline the direction that needs to be taken. The first guideline is to promote the partnership of governments and industry in matters of security.

-The solution to global crime and terror is no longer the province of governments alone. With the large interconnected networks of companies, you cannot combat cybercrime without private sector cooperation," said IIA chief executive, Peter Coroneos.

Justin Milne, chair of the IIA Cybercrime Virtual Taskforce, sees the main issue being cooperation between law enforcement agencies (LEAs) and businesses. The taskforce has drafted a code of conduct, which is expected to be endorsed in about six months.

-What the code of conduct will provide is a protocol so that when there is an incident where a law enforcement agency has been approached, there will be legislation in place and everyone will be clear on what needs to be done," Milne said.

-Everyone needs to be legislatively protected so ISPs know if they are handed a warrant they can give the information without breaching anyone's rights and getting sued," Milne added. In Europe, he said, they call this a "culture of security".

The USIAA believes new legislation is unnecessary, saying that both Australia and the US already have legislation in place for this. -We believe new legislation is not needed, but we may need to clarify and extend existing legislation," said USIIA president, David McClure.

Another focus of the Joint Statement is the education of SMEs and individuals about cybercrime, and how to guard against it. -We think a large part of the security problem is not just the responsibility of the enterprises involved in the Net, but increasingly of the end users as well," Coroneos said.

-For example, a broadband connection at home with no firewall can be used as a launching site to attack companies, and become a weapon."

In addition to cybercrime, cyberterrorism and cyberfraud, the meetings discussed the issue of spam. Excessive spam can shut down a server, amounting to a denial of service attack.

"We view spam to be one of the more difficult problems because in the US there is a tacit understanding that businesses have a right to communicate to their customers, and they have a right to communicate with future customers," McClure said. -We know what e-mail means, but from a legislative standpoint we don't have a clue what unsolicited or commercial means."

-There certainly is a class of unsolicited e-mail that we can deal with right away, that is e-mail that comes from a false address, has no unsubscribe details, and is usual of a fraudulent nature to begin with. We can deal with that now, we don't need new legislation for that."

When questioned on the role of September 11 in the new security environment, McClure said: -It gave us a lens on which to focus our efforts on Internet security."

-Internet security and our emphasis on Internet security is not a product of September 11," he emphasised. -What happened after September 11 is we developed a mechanism under which we could begin to look at the Internet security issues under a larger context of national security."

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.