dsd and e security
Download
Skip this Video
Download Presentation
DSD and E-Security

Loading in 2 Seconds...

play fullscreen
1 / 23

DSD and E-Security - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on

DSD and E-Security. Tim Burmeister Information Security Policy Defence Signals Directorate [email protected] E-security in Government Today. Risk Management Greater prevalence of mixed environments Service delivery vs. secure operating environments. The Future ….

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'DSD and E-Security' - perry


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
dsd and e security

DSD and E-Security

Tim Burmeister

Information Security Policy

Defence Signals Directorate

[email protected]

e security in government today
E-security in Government Today
  • Risk Management
  • Greater prevalence of mixed environments
  • Service delivery vs. secure operating environments
the information security business
The Information Security Business
  • DSD has been doing it for over 50 years
  • But we no longer have a monopoly
  • Government used to provide its own solutions
  • Now everyone seems to be in on the act
costs
Costs
  • Melissa: $80 million damage
  • I Love You: $10 billion damage
  • Software piracy: $ 7.5 billion
diverse sources of attack
Diverse Sources of ‘Attack’
  • Chernobyl: June 1998, Taiwan
  • Melissa: March 1999, US
  • I love You: May 2000, The Philippines
  • Kournikova: Feb 2001, The Netherlands
infrastructure attacks
Infrastructure Attacks
  • 1996 - 911 Services, Florida
  • 1997 - regional airport disruption, US
  • 1999 - threat to power supplies, Belgium
computer hacker caused sewage overflows police say
Computer Hacker Caused Sewage Overflows, Police Say

An alleged computer hacker caused raw sewage to overflow on Queensland\'s Sunshine Coast by using radio transmissions to alter council sewage pump stations, police said today. The charges include stealing, computer hacking and using radio communications equipment without authority. Police will allege the man caused the overflows of sewage into Maroochy Shire waterways late last year and early this year using radio transmissions to alter council sewage pump stations.

(Australian Associated Press, 23/5/2000)

more coordinated attacks

More Coordinated Attacks

The so-called Israeli/Palestinian Cyberwar

infrastructure attacks1

Infrastructure Attacks

But what don’t we know about?

we re in trouble
‘We’re in Trouble…’

Sources: attrition, alldas

or maybe not
‘Or maybe not…’

Sources: attrition, alldas

dsd s functions
DSD’s Functions

From the 1986 government directive:

  • Provide material, advice and assistance to Commonwealth Government Departments and authorities and the Defence Force on matters relevant to the security and integrity of official information, and or loss or compromise of which could adversely affect National Security; and
  • Provide advice on request to Commonwealth Government Departments and authorities in relation to other sensitive official information unrelated to National Security.
functions of dsd
Functions of DSD

7 …

(c) to provide material, advice and other assistance to Commonwealth and State authorities on matters relating to the security and integrity of information that is processed, stored or communicated by electronic or similar means; and

(d) to provide assistance to Commonwealth and State authorities in relation to cryptography and communications technologies.

Intelligence Services Bill, 2001

dsd and e security1
DSD and E-Security
  • The Australasian Information Security Evaluation Program (AISEP)
  • Advice and Assistance
  • Computer Network Vulnerability Team
  • Protection of the National Information Infrastructure
aisep evaluation
AISEP Evaluation
  • Evaluation is the thorough examination of a product’s security claims using a defined criteria.
  • Australia uses two evaluation criteria
    • Common Criteria
    • ITSEC
  • Common Criteria is the more recent evaluation criteria
    • Broad scope of mutual recognition internationally
concept of assurance
Concept of Assurance
  • Assurance is:
    • The degree of confidence in the claimed security features of a product or system.
    • Defined by a Security Target.
the epl
The EPL
  • DSD lists products that have completed evaluation on the EPL (certified)
    • Certification Reports available
    • Use in conjunction with the published Security Target
  • Products that are ‘In-Evaluation’ are also listed on the EPL
    • Buyer beware
    • Can not provide the same level of assurance
and this is good because
And this is good because …
  • there are products available which are known to perform appropriately
  • not just for government use
    • use in the private sector can help to promote a more secure IT environment
advice and assistance
establishing IT security policy guidance on setting up IT networks

providing assistance to departments in securing their IT systems

performing internet gateway certifications for government

whole of Government infrastructure

Gatekeeper (a public key infrastructure)

Fedlink (secure network connecting all departments)

Advice and Assistance
computer network vulnerability team
keep abreast of known vulnerabilities in software and equipment

research, test software and equipment for potential new problems

perform security audits on client\'s systems and networks

incident response capability

Computer Network Vulnerability Team
national information infrastructure
two broad roles

intelligence (threat and vulnerability assessments, other products)

incident response, together with ASIO and the AFP

incident reporting scheme for commonwealth government agencies

ISIDRAS currently

Onsecure Website, in concert with NOIE

National Information Infrastructure
conclusion
Known threats and unknown threats

DSD helps government prepare itself for both

Conclusion
ad