The security settings associated with the National Broadband Network (NBN) are increasing the level of risk and potential for damage, according to the head of the Australian Internet Industry Association (IIA).
“Clearly, the faster the broadband connection, the greater the potential for damage. The bad news is more bandwidth equals more risk,” IIA chief executive, Peter Coroneos, said.
Speaking at a briefing in Sydney, Coroneos addressed security challenges associated with the NBN, along with today’s top challenges facing the security industry.
“We have suggested to Senator Conroy that he should commit two per cent of the NBN spend to securing it, to making sure it has end-to-end security built into the network. That would be the ideal outcome, but whether or not that fits within the NBN charter is another matter.”
Coroneos said the advent of cloud computing has increased security woes faced by the industry.
“For the first time, you’ve really got truly integrated and transparent access to your information: when you want it, where you want it, from whatever device. That has always been the promise, but now it’s actually happening. That’s the good news. The bad news is there as some inherent issues with cloud services that we really need to get on top of as an industry.”
He said the cloud security alliance has identified 15 areas of concern with cloud security – public enemy No 1. is data protection.
“How do you protect the data that you are now entrusting to some third party virtual organisation that may not even be within jurisdiction? There is a very strong trust dimension to this that we need to secure if we are going to underpin future cloud services.”
Other challenges include managing individual identities to ensure that the right people are getting access to the cloud services.
“How do you ensure the business continuity that these services are going to always be there when we need them? How do you know that the applications that you’re using, which are being hosted in the cloud, are self-secure and not susceptible to external attack? How do you ensure that the privacy of personal information that’s being held in cloud services is conforming with Australian law?”
“There are no harmonious, harmonised international standards around any of those things. Then you’ve got issues of legal compliance.”
On the whole, vendors need to intervene at the network level, providing an integrated, multiple layered approach in order to deal with the sophisticated threats.
“The threats are so advanced that the solutions have to be much more sophisticated. And you can’t rely on any single measure,” he said.
“We cannot move forward as a digital economy until, and unless, we get this security question right – and that’s the bare-naked truth of it. We cannot advance.”