This year the IIA will mount a renewed national push to help empower Australia's internet using public and SMEs against the ever increasing
cyberthreats we face.

The approach will contain a number of key elements which we will implement as industry and where appropriate in conjunction with Government.

The IIA's 2010 eSecurity Program will comprise the following measures:

1. icode - Implementation of the eSecurity Code of Practice

This Code aims to provide a uniform response to addressing the problem of zombied computers on Australian networks. As far as we are aware this is the most comprehensive national response yet undertaken to the problem, and builds on the successful AISI initiative that ACMA has been running in recent years. The scheme will allow for an escalated response culminating in potential short term 'quarantining' of zombied computers.
Users whose computers are suspected of being compromised will be provided with access to information, resources and software. IIA member security vendors will be given the opportunity to participate in the scheme and will be represented on the resource page that all ISPs will be required to direct users to under the voluntary code of practice. To date, some 68 ISPs representing over 90% market share of the online
population are part of the AISI and are expected to sign on to the code once formally launched. The Code drafting committee has a target date of 5 June for Code finalisation, and we aim to have the Minister formally launch the Code during Cyber Security Awareness Week together with other measures as outlined below. As well as limiting the ability of zombies to operate in Australia the intiative will be positioned as a pro
privacy measure to the extent that will address the potential for identify theft to occur via zombied systems. Vendors and government also appreciate the larger national security implications arising from the botnet phenomenon, another issue the program hopes to help address.

2. Engagement with router manufacturers to address the issue of compromised passwords on router devices

Last year saw the first brute force attack on consumer grade routers via the Psyb0t worm. This pernicious exploit takes advantage of preconfigured login controls (username and passwords) on consumer edge devices resulting in firmware changes to the device to enable unauthorised remote access. So far some 30 makes and models have been affected. This is a very serious problem which can neutralise theprotection that PC based solutions currently offer and is therefore being addressed by the IIA as a priority. Government is supportive of this effort and we are working towards a major announcement during eSecurity awareness week in June 2010.

3. Launch of a national '@Home' service to provide on the ground assistance to remediate compromised home computers and harden security on home computers.