ASIO slams cyberterror 'hype'

A senior-ranking officer of the Australian Security Intelligence Organisation (ASIO) has strongly discounted the threat level of a cyberterrorism attack on Australia in a speech delivered to the annual Security in Government conference in Canberra.

The officer, whose name cannot legally be published or broadcast by the media, told an audience of police, intelligence and counter-intelligence operatives and government IT security managers that while cyberterrorism had received plenty of publicity from vendors and media, it had yet to physically materialise as a reality.

“Cyberterror has been hyped-up – overstated," the officer declared with deadpan earnestness.

"The casualty list is relatively bare. The definition of terrorism that ASIO [is bound to use is that as listed] in the Commonwealth Protective Security Manual (PSM): acts [by persons, groups of persons or organisations] involving actual or threatened use of violence against persons or property."

The officer went on to say that such a definition specifically excluded a wide range of hacking and criminal activity commonly construed as cyberterrorism.

“Spam, worms, DoS attacks and defacements are not cyberterrorism… often [acts of cyberterrorism] are more imagined than real," he said. “ASIO’s job is to assess national security threats to [national and critical] information infrastructure ... ASIO assesses the capability of those that may want to conduct an attack.”

The officer also strongly questioned the ROI of cyberterrorism, and its short shelf-life, over proven if more rudimentary terror tactics - such as conventional bombs: “While computer network attacks (CNAs) are cheap, they are not necessarily cost effective," he said. "Network targets are highly dynamic. Whereas a bomb will always explode, an attack on a network will probably not work [after a short period of time].

“Cyberterrorism places enormous restrictions on terrorist targets ... [but] there are hackers and hacking groups that are sympathetic to the views of Al Qa’eda," the ASIO officer said.

The officer refused to answer audience questions on how ASIO or the Australian government rated the threat of computer network attacks generated by foreign governments.

Earlier, ASIO director general, Dennis Richardson, warned that he would not tolerate his organisation’s focus or function being dictated or manipulated by those seeking to achieve outcomes not directly related to the interests of national security, be they political or commercial. Richardson urged anyone with any evidence of such activity to report it to the Inspector General of Intelligence and Security (IGIS), Bill Blick.

A private IT security firm contracted to undertake penetration testing was also blasted during the session by members of the Defence Signals Directorate (DSD).

DSD said that it was forced to issue a security advisory as a result of the firm having spoofed an Australian Bureau of Statistics survey for the purposes of demanding user names and passwords.

“It’s most certainly not something we condone nor encourage,” a clearly unimpressed DSD member said.

“It did prove one thing… nobody fell for it,” the DSD speaker said.

More about: ASIO, Australian Bureau of Statistics, HIS Limited
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
Multimedia Technology
Get exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
ARN Vendor Directory
Microsites

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

 

Latest News

Apr 17
Splunk exec defects to tech disruptor Elasticsearch
Apr 17
JCurve acquisition to boost telco play following $A2.5m capital raising
Apr 17
Vodafone tackles FIFA World Cup with $5 roaming in Brazil
Apr 17
Kim Dotcom says he's set to get assets back
More News
24 Apr
The China Healthcare ICT Conference 2014
05 May
CeBIT Australia 2014
06 May
Oracle Day 2014 - Across 2 Cities
06 May
Oracle Day 2014 - Across 2 Cities
View all events