As the Internet industry presents challenges to our members, consumers and Government, the IIA responds. Emerging issues are work shopped and virtual task forces are convened, constituted by individuals drawn from our corporate membership base.
This year the IIA will mount a renewed national push to help empower
Australia's internet using public and SMEs against the ever increasing
cyberthreats we face.
approach will contain a number of key elements which we will implement
as industry and where appropriate in conjunction with Government.
The IIA's 2010 eSecurity Program will comprise the following measures:
1. icode - Implementation of the eSecurity Code of Practice
Code aims to provide a uniform response to addressing the problem of
zombied computers on Australian networks. As far as we are aware this
is the most comprehensive national response yet undertaken to the
problem, and builds on the successful AISI initiative that ACMA has
been running in recent years. The scheme will allow for an escalated
response culminating in potential short term 'quarantining' of zombied
Users whose computers are suspected of being
compromised will be provided with access to information, resources and
software. IIA member security vendors will be given the opportunity to
participate in the scheme and will be represented on the resource page
that all ISPs will be required to direct users to under the voluntary
code of practice. To date, some 68 ISPs representing over 90% market
share of the online
population are part of the AISI and are
expected to sign on to the code once formally launched. The Code
drafting committee has a target date of 5 June for Code finalisation,
and we aim to have the Minister formally launch the Code during Cyber
Security Awareness Week together with other measures as outlined below.
As well as limiting the ability of zombies to operate in Australia the
intiative will be positioned as a pro
privacy measure to the
extent that will address the potential for identify theft to occur via
zombied systems. Vendors and government also appreciate the larger
national security implications arising from the botnet phenomenon,
another issue the program hopes to help address.
2. Engagement with router manufacturers to address the issue of compromised passwords on router devices
year saw the first brute force attack on consumer grade routers via the
Psyb0t worm. This pernicious exploit takes advantage of preconfigured
login controls (username and passwords) on consumer edge devices
resulting in firmware changes to the device to enable unauthorised
remote access. So far some 30 makes and models have been affected. This
is a very serious problem which can neutralise theprotection that PC
based solutions currently offer and is therefore being addressed by the
IIA as a priority. Government is supportive of this effort and we are
working towards a major announcement during eSecurity awareness week in
3. Launch of a national '@Home' service to provide on
the ground assistance to remediate compromised home computers and
harden security on home computers.
Following the release of the National Principles for the Fair Handling of Personal Information in February 1998 Australian industry was called upon to implement adequate privacy measures for their respective industry sectors.
The IIA has responded to this by incorporating the Principles into its draft Privacy Code of Practice which is currently before the Federal Privacy Commissioner for registration.
The IIA Privacy VT has addressed areas including the monitoring of our privacy performance as an industry and recommend reforms to ensure that our obligations either comprise or are consistent with international best practice, and that realistic obligations delivering real benefits for end users can be achieved. In the context of Australia's privacy legislation, the Privacy VT is now charged with shepherding the IIA's code through registration with the Federal Privacy Commission and will assist IIA members in their compliance with best practice principles contained in the Code. Importantly, the Code has been designed to give IIA members compliance with the EU Privacy Directive once safe harbour has been negotiated with the EU Data Protection Commission.
The taskforce is Chaired by Duncan Giles, Special Counsel at Freehills.
The IIA has pioneered work in Australia in the online content regulatory arena. Our Online Content Virtual Taskforce has developed and had registered four industry codes of practice with the Australian Broadcasting Authority. The VT is currently chaired by Mary Jane Salier, General Counsel of OzEmail. The Mobile Content subgroup, on which all five Australian mobile carriers are represented, is co-chaired by Mark Britt, General Counsel at ninemsn.
Our work in this area demonstrates a recognition that the internet industry has a role to play in helping end users assume more control for the kind of content accessible in the home, particularly by children. The VT is currently redrafting the current Content Codes of Practice in the light of developments in the area of content delivery, and is now addressing internet content accessible via mobile phones and related devices. See the news release Internet Industry Association Tackles Mobile Internet Content
8 March 2004.