National Broadband Network will leave Australia 'woefully unprepared' for cyber attacks

Padang businesses and infrastructure are woefully unprepared for cyber attacks like the Stuxnet virus, and the Federal Government’s National Broadband Network could open us up to even greater risks.

The discovery of the Stuxnet virus - which allegedly targeted an Iranian nuclear plant among countless other energy companies around the world - has shown the sophisticated levels that malware has reached.

Software security experts are warning that that this sort of attack on governments and nations is becoming more frequent and may successfully hit Australian targets through the NBN.

A survey released today by Symantec has found that small firms are the most unprepared of all businesses, and the industry sector which is the least prepared for an attack on critical infrastructure is, ironically, communications.

This has significant consequences for the National Broadband Network currently being rolled out across the country.

Craig Scroggie, vice president and managing director of Symantec Corporation, told that there were risks involved in the building of the “extraordinary piece of infrastructure”.

Mr Scroggie said that despite the economic and community benefits the NBN will bring, “the dangers that come of it are very large”.

According to Mr Scroggie the NBN will make broad ranging attacks, such as Direct Denial of Service (DDoS) attacks, much easier.

“Imagine you’ve got the entire country on high speed broadband ... you don’t need as large a botnet to do as much damage.”

'Critical Infrastructure attacks are real'

Mr Scroggie also said that there was a shift in motivations behind cyber attacks away from the strictly financial to politically minded attacks on public infrastructure that we hadn’t seen in previous years.

“Think of 9/11, if the actual support infrastructure had been attacked. Imagine if the electricity grid or traffic system was able to be compromised,” Mr Scroggie said.

“The one thing that we know about the critical infrastructure attacks is that they are real. In the past people thought they were conspiracy theories.”

“Cyber criminals are motivated financially and attacks on critical infrastructure can be sold to the highest bidder.”

Stuxnet 'disturbingly complex'

While the motives behind it are as yet unknown, the Stuxnet virus is an advanced example of a critical infrastructure attack that Mr Scroggie described as being disturbing in its complexity.

While he said he did not like to guess where it originated from, there were key indicators.

“What we do know, just by the significant volume of resources to perpetrate a fraud (of this size) is it would have to be a private organisation or a government-backed country or organisation.”

And according to the Symantec survey, businesses and infrastructure are at far greater risk than they should be of falling victim to a similar attack in the future.

It found that a majority of businesses and critical infrastructure providers had experienced an attack which they believed had a specific political goal in mind, with one-third of the attacks attempting to manipulate physical equipment.

Three in five of these attacks were considered effective and cost an average of $850,000 each.

One-third of the respondents did not believe they were prepared for an attack in the future.

The 1580 enterprises surveyed ranged from all over the globe, and were varying sizes from 10 employees to 10,000.

Mr Scroggie said that businesses and governments were working together to prepare for cyber attacks adequately.

He said Symantec recommended that businesses establish 24-hour security and protection policies and that governments put forth more resources to establish critical infrastructure programs.



Find It