The local security industry must improve its engage with government and defence agencies if it is to help prevent the growing level of cybercrime attacks against Australia, industry experts argue.
Speaking at a roundtable event in Sydney, Stratsec chief executive officer, Tim Scully, said fragmentation of the security industry, coupled with a lack of government collaboration, were added problems.
"You’ve got some [security] companies who have very strong capabilities in some areas such as Stratsec but they are a niche capabilities," he said. "They don’t have the weight or resources in the market to go beyond what they do now which is security advice, governance and network penetration."
Scully added that government security networks such as intelligence agency Defence Signals Directorate (DSD), CERT Australia and the Department of Broadband, Communications and the Digital Economy did not have the resources to help end users in the community.
"This means the security industry has to take up that mantle," Scully said. "Industry has to engage with government to do that because there are ways to source information on cybersecurity."
For example, Scully said large vendors such as McAfee and Symantec had a "fantastic" source of information by which they could analyse trends and patterns.
In addition, companies like BAE Systems, which owns Stratsec, were now providing managed security services to all sectors and were collecting cybersecurity data as well.
"There has to be some information to coordinate the analysis of that data because we need some high level of coordination [from the government]," he said.
Scully added that the use of the term cyberwarfare was a problem, because it made cybercrime sound like a military problem.
"It's a societal problem because every person who uses their computer is affected by cybersecurity threats," he said. "It needs a whole of government approach and coordination of all the stakeholders, such as the police, the IT industry and defence, is needed."
He also called for the security industry to educate its end user consumers as the depth of awareness across the general community for cyber awareness was low.
Sourcefire APJ security engineering manager, Kelvin Rundle, agreed with Scully and added that state police were facing a challenge due to their defensive position.
“If you have ever played defence you will know that you are perpetually behind the eight ball, because the attacks we are talking about are fundamentally simple computer generated attacks. The challenge we have as a country is that we’re still playing a legacy defence game," he said.
"If we look at how those [cyber] threats propagate, we are talking about mums and dads who unintentionally are having their central processing unit [CPU] taken away from them to support these organised crime syndicates. Cybercrime is much easier to commit because I believe that state police do not have the resources available to prevent these overseas attacks."
The call for greater collaboration with government follows comments by federal Justice Minister, Brendan O'Connor, that he was looking at ways of mitigating cybercrime, adding that local victims of attacks were usually too embarrassed to come forward.
The comments follow similar calls from Queensland Police Service officer, Brian Hays, who said officers were behind the eight ball when it came to cybercrime because they were not "at the coal face" of security.
Speaking at AusCERT 2011, Hay said a lack of communication and collaboration between policing entities was hindering the fight against cybercrime, with a lack of crimes being reported to members of police.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU