Right On, Roger, What utter BS!
Government security mavens (in the DSD) lost me when they told me something I was trying to implement was TOO SECURE (PGP based secure e-mail), they couldn’t crack it, and therefore they couldn’t approve it. But little numbers like establishing a government AusCERT, 5 or 10 years back, instead of funding the existing (and very well performed, independent local CERT in Queensland reinforced this opinion. I can imagine the rationale, “Yes, CERT is doing a great job, yes they’re experienced and have a terrific record, yes they’re pretty much on top of it with their threat matrix and advices, yes it would only cost us a fraction of what the government run alternative would, sure we have very few (read ‘none’) security experts of our own and none of them are even remotely familiar with TCP/IP and up to date threats and techniques…. but think of the Empire we’ll be able to create, the massive annual Budget allocations we’ll get. No people, we definitely need AusCERT - otherwise all that lovely moolah will go elsewhere.” An what has AusCERT since done for us? And then there was the presumed sign off by our government security mavens on the recent Census site … ‘Nuff said. Their highest state of alert seems to be 'Asleep at the Wheel’ … but their default is ‘Lying Under the Truck’ I probably have better security on my home network than anything the government has in place … and I don’t obsess about security. Just my 2 cents worth … --- > On 26 Oct. 2016, at 1:43 pm, Roger Clarke <[email protected]> wrote: > > [The cybersecurity field really is pretty farcical.] > > Public-Private cybersecurity centres > Allie Coyne > itNews > Oct 26 2016 > http://www.itnews.com.au/news/govt-defends-against-criticism-of-cyber-centres-439995 > > ... > "It came back to basic cyber security hygiene. One idea was to focus all our > effort on one thing - like one of the ASD's top four strategies to mitigate > targeted cyber intrusions - and say everyone in Australia should be > [compliant with one] by a certain time," a source who attended the meeting > said. > ... > > [The DSD/ASD's ISM identifies maybe 100 to 200 threats. > > [DSD started with 35 strategies: > http://asd.gov.au/infosec/mitigationstrategies.htm > http://asd.gov.au/infosec/top-mitigations/mitigations-2014-table.htm > > [When they couldn't get any traction with that, they tried 4: > http://asd.gov.au/publications/protect/top_4_mitigations.htm > > [That's too hard for agencies and corporations, so we're down to 1 now! > > > -- > Roger Clarke http://www.rogerclarke.com/ > > Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA > Tel: +61 2 6288 6916 http://about.me/roger.clarke > mailto:[email protected] http://www.xamax.com.au/ > > Visiting Professor in the Faculty of Law University of N.S.W. > Visiting Professor in Computer Science Australian National University > _______________________________________________ > Link mailing list > [email protected] > http://mailman.anu.edu.au/mailman/listinfo/link _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
