Académique Documents
Professionnel Documents
Culture Documents
AND CANADA
JOÃO MANUEL ASSIS BARBAS INTRODUCTION and whenever possible identify trends and common
Coronel de Artilharia. Assessor de Estudos do IDN Globalization and information and communication elements.
technologies are two inseparable drivers of modern Australian Cybersecurity Strategy
societies. Initially, the establishment of internet
facilitated the integration of business networks On December 4th 2008, the Australian Prime Minis-
with equipment from multiple vendors, facilitating ter, Kevin Rudd, on his first National Security State-
internal communication, improving efficiency and ment to Parliament, recognized publicly Australia’s
productivity. Later and progressively, as internet dependency on information technology making her
became the global communications network, busi- potentially vulnerable to cyber-attacks by terrorists,
ness, industries, cities and countries became also exploiting internet to “operate beyond the law.” He
global, and easily accessible through a device with a also stressed that the country should be prepared
simple browser. to “respond to new and emerging threats” and that
As the use of technology expanded and facilitated partnerships between industry, governments and the
globalization, information and technology also community were vital to the national security policy
became global and more exposed to security (Rudd, 2008)
breaches, easily explored by states or non-state The Australian Cybersecurity Strategy articulates
actors. the aim and objectives of the Government’s cyber
Over the last years, especially since the cyber-at- security policy, identifies the strategic priorities to
tacks to Estonia (2007) and Georgia (2008), many achieve these objectives and describes key actions
countries published their National Cybersecurity to be undertaken.
Strategies, reflecting a progressive concern and un- The document recognises:
derstanding of the potential consequences of cyber
- Security, economic prosperity and social wellbe-
incidents on their economies and social tissue.
ing depend of information and communications
These documents express principles and values, set
technologies;
strategic objectives and lines of action, driving their
national approaches to cybersecurity. The purpose - The high risk of computer intrusion and the use
of this first article is to analyse the Cybersecurity of malicious code by organised crime, in special on
strategies of two non-European countries - Australia financial and commercial transactions and personal
and Canada - looking at their main building blocks data;
junho 2015
P 14
- Threat Actors1 are changing; security and resilience of web environment. and private sectors, nationally and internationally,
- The attribution of the source of attacks is - “Australian businesses operate secure and resil- to facilitate situational awareness and threat
hindered, due to internet’s nature; ient information and communications technologies response;
to protect the integrity of their own operations and • Development of a cybersecurity crisis manage-
- The need to balance between risks and civil liber- ment plan;
ties, promoting efficiency and innovation; the identity and privacy of their customers”.
• Implementation of a cybersecurity programme
- Online protection is not limited to the computer Considering the majority of the national critical of exercises.
security but also depends of personal practices. systems are owned by private sector, it is
recognized the need to influence their policies - “Cultural change: Educate and empower all
Aim and practices and identify those most critical to Australians with the information, confidence and
the national interest2, based on a risk assess- practical tools to protect themselves online.”
The aim of the Australian Cybersecurity policy is
“the maintenance of a secure, resilient and trusted ment. This requires the cooperation between This priority includes education and awareness
electronic operating environment that supports Government and the owners and operators of raising activities such as:
Australia’s national security and maximises the critical systems and is capitalized through trusted • Cyber security information for home users and
benefits of the digital economy”. Though its focus information exchange mechanisms with mutual small business (www.staysmartonline.gov.au );
is on the “availability, integrity and confidentiality of benefits. • Dissemination of information on cyber security
Australia’s ICT [Information and Communications - “The Australian Government ensures its informa- threats, vulnerabilities and protection measures
Technology]” it should be articulated with other tion and communications technologies are secure released by CERT;
related policies, such as: cyber safety, identity secu- and resilient”. • Dissemination of anti-spam practical tools and
rity and privacy (Australian Government, 2009). procedures;
Governmental ICT and associated information are • Promotion of an Internet service provider (ISP)
Principles considered a strategic national asset thus requir- Code of Practice to deal with cyber security
In accordance with the “enduring principles” of the ing security and resilience. A proactive approach issues;
National Security Statement the guiding principles identifying threats and vulnerabilities, developing • Implementation of cyber security education
of the Cyber Security Policy are: national leadership, mitigations strategies and creating an integrated modules for primary and secondary education;
shared responsibilities, partnerships, active interna- framework3 is to be developed by Government. • Analyses of alternatives to ”inform and educate”
tional engagement, risk management and protecting Strategic Priorities people on common cyber risks;
Australian values (Australian Government, 2009).
To pursue these objectives the following mutually - “Business-government partnerships: Partner
Objectives supporting strategic priorities are identified: with business to promote security and resilience
The strategy establishes the following key objec- in infrastructure, networks, products and services.”
- “Threat awareness and response: Improve the
tives: detection, analysis, mitigation and response to This priority recognises that government and private
- “All Australians are aware of cyber risks, secure sophisticated cyber threats, with a focus on gov- sector must cooperate for the provision of secure
their computers and take steps to protect their ernment, critical infrastructure and other systems products and services and maintenance of ICT
identities, privacy and finances online”. of national interest.” infrastructures to secure customer information. It
stresses the vulnerabilities in critical infrastructure
This objective focus on the promotion of a This priority encompasses initiatives to monitor
and other systems of national interest covering
“robust” cyber security culture to increase aware- threats, including:
initiatives to enable greater situational awareness.
ness and confidence, essential to optimise the • Establish of a Cyber Security Operations Centre
benefits and minimise the risks of the digital (CSOC); The following actions are included:
economy; reduce cyber-crime impact; mitigate • Setup a new national Computer Emergency • Strengthen trusted partnerships with the private
threats to national critical systems; and improve Response Team (CERT); sector to support cyber information sharing;
• Information sharing within and between public
• Reinforce engagement with the commercial • Participation on international organisations; • Setting annual priorities for Research and
Internet industry to raise awareness on cyber • Development of an international engagement Development to inform science and innovation
risks, threats and vulnerabilities; strategy; community;
• Promotion of business continuous improve- The attachment A to the Australian Cybersecurity
ment to cyber security and critical infrastructure - “Legal and law enforcement: Maintain an effec-
tive legal framework and enforcement capabilities Strategy includes additional information about
protection; the CERT Australia, the Cyber Security Operations
• Creation of a Critical Infrastructure Protection to target and prosecute cyber-crime.”
Centre and Government Agencies which will have
Modelling and Analysis (CIPMA) program; As economy and society are affected by cyber- an important role in the strategy’s implementation.
• Promotion of education and training opportuni- crime, several issues are addressed, including the
ties for industry representatives; consolidation of the legal framework, the inves- Canada’s Cyber Security Strategy
- “Government systems: Model best practice tigation and law enforcement capabilities and a The Cyber Security Strategy recognizes that
in the protection of government ICT systems, “technically-aware” legal system, involving a wide Canadian economy heavily depends on the Internet.
including the systems of those transacting with range of measures such as: Federal Government offers many online services
government online.” • Enhance operational cyber capabilities of and businesses are adopting most of the modern
security and law enforcement agencies; digital technologies and appliances. Cyberspace5
This priority addresses the protection of governmen- is considered one of the “greatest national assets”
tal and interconnected government systems and the • Improve cooperation between cyber security and
law enforcement through; (Government of Canada, 2010) requiring the protec-
reforms to the procurement of ICT and includes: tion of cyber systems – a extremely challenging
• Analysis of alternatives to reduce governmental • Maintenance of the criminal and civil legal
framework in accordance with the evolution of the task due to the difficulty to detect, identify and re-
internet gateways; cover from attacks that have no “physical evidence”
• Establishment of minimum security standards technology and the conduct of criminals;
• Improve law administration though the provision (Government of Canada, 2010).
across government; The strategy identify power grids, water treatment
• Centralization of the procurement and manage- of access to information and resources to legal
professionals; plants and telecommunications networks as poten-
ment of ICT products and services; tial targets of sophisticated attackers, that may also
• Risk assessment of major ICT projects; • Harmonization of the legal framework to smooth
sharing of information and improve law enforce- affect the production and distribution of basic goods
• Promotion of security of governmental systems; and services and undermine privacy. To address
• Revision of the Australian Government’s Protec- ment cooperation.
these threats Canadian Government is working with
tive Security Manual for adoption of commercial - “Knowledge, skills and innovation: Promote the provinces6, territories7 and the private sector, having
standards and best practices; development of a skilled cyber security workforce in mind that 86% of the Canadian organizations
- “International engagement: Promote a secure, with access to research and development to already suffered cyber-attack resulting in increasing
resilient and trusted global electronic operating develop innovative solutions.” loss of intellectual property (Government of Canada,
environment that supports Australia’s national It is recognized the need of technically qualified 2010).
interests.” human resources supported by innovative research Cyber Threats
International cooperation4 is considered essential to and development to deal with future threats. This
The strategy assumes four common characteristics
improve networks security, develop standards, raise priority involves a set of initiatives to develop and
retain that expertise within government and to of cyber-attacks:
international legal system’s ability to combat cyber-
crime, and disseminate best practices through a set mobilize the research community, such as: - They are inexpensive, as many tools can be
of initiatives that include: • Setup of new recruitment and retention ap- purchased or downloaded from Internet;
proaches; - They are easy to perform, as hackers with basic
• Establishment of bilateral or multilateral agree- skills can cause extensive damage;
ments with “key allies”; • Funding of specific cyber security research and
development activities; - They are very effective as minor attacks may
• Regional capacity building initiatives;
junho 2015
P 16
junho 2015