New industry standard in Australia: fighting botnets or helping a big brother?
The Internet Industry Association (IIA) of Australia has released an interesting document called the internet industry code of practice (icode). The document is positioned as an industry standard, designed primarily to increase the security of the local segment from cybercrime. The document was developed by companies from the field of information technology in close contact with government agencies. The standard is voluntary. But, obviously, if it seems its viability and efficiency, it can be adopted in the industry on a mandatory basis.
The main measure to counter cybercriminals is to detect the threat and isolate a computer used by hackers. In particular, if it is detected that a computer is used as part of a botnet, the infected computer should be partially isolated “within a certain space with a set of resources that will help restore the safety of the machine”. If the computer starts sending spam, the provider will block the mail channel.
At the same time, the document explicitly indicates the relationship with law enforcement agencies. Actually, the law enforcement agencies' affiliation with communications providers is no secret to anyone, but in this case, an open statement about this deserves attention. When a provider detects an attack on its own infrastructure or user devices, it is reported to the local police station. If the computer attacks the “critical facilities” of the country, the provider will report this to the federal police. The critically important objects include financial institutions, control systems of electrical networks, water supply systems, telecommunications infrastructure in general, and the Internet in particular. After this listing, the plot of Die Hard 4 is immediately recalled. Probably, the future has already arrived -)
As you can see, the range of information provided indicates purely good goals, the fight against criminals. However, there are probably other types of data that providers can share with law enforcement. The document authorizes the interception of data as such.
In general, the initiative to combat cybercrime at the provider level deserves close attention. Not only because the idea is in line with the nowadays cloud and SaaS concepts. With proper implementation, an additional level of protection can significantly increase the security of end users and reduce malicious activity in networks. However, it is still too early to abandon protection at the workstation level.
The main measure to counter cybercriminals is to detect the threat and isolate a computer used by hackers. In particular, if it is detected that a computer is used as part of a botnet, the infected computer should be partially isolated “within a certain space with a set of resources that will help restore the safety of the machine”. If the computer starts sending spam, the provider will block the mail channel.
At the same time, the document explicitly indicates the relationship with law enforcement agencies. Actually, the law enforcement agencies' affiliation with communications providers is no secret to anyone, but in this case, an open statement about this deserves attention. When a provider detects an attack on its own infrastructure or user devices, it is reported to the local police station. If the computer attacks the “critical facilities” of the country, the provider will report this to the federal police. The critically important objects include financial institutions, control systems of electrical networks, water supply systems, telecommunications infrastructure in general, and the Internet in particular. After this listing, the plot of Die Hard 4 is immediately recalled. Probably, the future has already arrived -)
As you can see, the range of information provided indicates purely good goals, the fight against criminals. However, there are probably other types of data that providers can share with law enforcement. The document authorizes the interception of data as such.
In general, the initiative to combat cybercrime at the provider level deserves close attention. Not only because the idea is in line with the nowadays cloud and SaaS concepts. With proper implementation, an additional level of protection can significantly increase the security of end users and reduce malicious activity in networks. However, it is still too early to abandon protection at the workstation level.
')
Source: https://habr.com/ru/post/96565/
All Articles