Parliament of Australia
Parliamentary Library

Parliament Home Library Home Index Search Site Map What's New end

Research Paper 18 1997-98


Thinking about the Unthinkable: Australian Vulnerabilities to High-Tech Risks

Dr Adam Cobb
Foreign Affairs, Defence and Trade Group
29 June 1998


Contents

Major Issue Summary

Introduction

Information Warfare and National Security

The National Information Infrastructure (NII)

Vulnerabilities in the National Information Infrastructure

Energy

Telecommunications

Finance

Defence Information Infrastructure

Risk Assessment and Sources of Unintentional Risk

Year 2000 Bug

Sources of Intentional Risk

Terrorism

Sydney 2000 Olympics

Crime

Military Information Operations

What action has the Australian Government taken to date?

By comparison, what action has the United States taken?

What more can be done?

Conclusion

Endnotes

Appendix 1 - The Law and Possible Legislative Action

Applicable law

Suggested Legislative Changes

Appendix 2 - Y2K checklist of Systems at Risk

Glossary

 


Hackers Attack NZ & Aust for Joining Gulf Taskforce

AZP London: A hacker group calling themselves the 'Anti-Christ Doom Squad' was involved in attacks against New Zealand and Australia just days after Wellington and Canberra announced troop deployments to the latest Gulf Crisis.

In a secret UK Government Communications Headquarters (GCHQ) report leaked today, the Auckland blackouts that crippled the city for weeks earlier in the year, were traced to electronic attacks on New Zealand's electricity distribution network, launched by computers in Amsterdam over the Internet. A senior government source in the Australian equivalent to GCHQ, the Defence Signals Directorate (DSD), confirmed that the widespread blackouts across the Australian state of Queensland were also traced to the same source.

The 'Anti-Christ' hackers traversed computer systems worldwide using 'spoofed' user-names and stolen passwords to try to conceal their identity. Once inside the New Zealand power companies' supercomputer, the hackers accessed a control system commonly used in energy distributions systems to launch their attack. The Supervisory Control and Data Acquisition (SCADA) system controls switches and flows across most modern power distribution networks.

The 'Anti Christ Doom Squad' then concentrated on manipulating one key choke-point on the outskirts of Auckland. It was the location where all five main powerlines converged before entering the city. The 'Doom Squad' altered the temperature within the gas-encased power lines thereby crippling them within minutes. The whole operation was launched and conducted from a drug café in Amsterdam using a lap-top and a modem.

Simultaneous widespread blackouts across the Australian state of Queensland disrupted businesses, schools and emergency services. However, the DSD refused to comment on whether any other critical Australian infrastructures were affected.

Because the attacks passed through computers in over 10 countries and legal jurisdictions, it will be almost impossible to bring the hackers to justice, the GCHQ report notes.

The government of Iraq denies any connection with the blackouts.

 

Major Issues Summary

The information age brings with it all manner of new and unanticipated challenges and opportunities. While the above story is fictitious, the reality is that it is entirely possible and even plausible when one considers to what extent society, both here and abroad, depends on information systems. This paper will examine some of the challenges facing Australia that result from new applications of information technologies.

Australia's infrastructure is exposed to serious risks. On the eve of both the Sydney 2000 Olympics and the arrival of the Year 2000 Bug, this paper assesses the risks arising out of vulnerabilities in Australia's critical information infrastructures, such as energy supply systems, banking and financial networks, and telecommunication systems. Each of these infrastructures is operated, monitored, and controlled by networked computers.

Vulnerabilities exist for two key reasons. First, critical choke-points exist in each infrastructure and at the interconnection between infrastructures. Second, the various infrastructure systems and their computer networks are interdependent upon one another.

Threats to infrastructure vulnerabilities range from pre-existing problems, such as Year 2000 incompatibilities, to potential future issues, like military attack.

A risk assessment juxtaposes existing vulnerabilities against likely threats to determine what is most likely to happen (e.g. worst case scenario/s). This paper's risk assessment suggests a heirachy of threats facing Australia's critical infrastructures. In descending order of probability of seriously damaging Australia's national security and wealth, they are:

The consequent policy response should seek to fix the most serious vulnerabilities arising out of the risk assessment and attempt, where possible, to ameliorate the causes underlying the identified threats. Throughout, this paper identifies specific Vulnerabilities that should be rectified. In conclusion, this paper suggests a number of policy approaches that may be undertaken to try and protect Australia from major disruptions to the provision of essential infrastructure services.

The core problem confronting policy makers regarding the risks Australia faces is that no single authority is responsible for protecting Australia's national infrastructure. Indeed, a complex matrix of organisations, both public and private, own and operate the infrastructures in question. Until now, the security imperative has not been as strong or as relevant as economic and commercial motivations in arriving at arrangements for infrastructure governance.

The principle recommendation of this paper is that the Australian Government must act to ensure protection of the country's infrastructure. Specifically, a National Infrastructure Protection Agency should be established within the Department of Prime Minister and Cabinet. It should be comprised of a Council, Warning Centre, and Secretariat. The Council's role should be to oversee the work of the Agency and to make recommendations to Cabinet to ensure the security and proper functioning of the national infrastructure. Membership should be open to Government Ministers and senior representatives of the corporations that operate the infrastructures concerned. The Warning Centre, the core of the organisation, should be a nation-wide government and non-government voluntary monitoring system that can detect and trace any irregularities in the operation of the infrastructure, once system-wide benchmarking has taken place. It is envisaged that the Secretariat should have a very small staff, drawn from existing agencies with a contribution to make in infrastructure protection.

Introduction

There are risks as well as benefits associated with information technology. For example, the use of networked computers for criminal purposes is a significant and growing phenomena which is already costing Australia millions of dollars. A 1997 Australian Government law enforcement survey reported significant increases in both the sophistication and number of external attacks on Australian companies in the past 18 months:

Financial systems and confidential corporate data were the two most frequently attacked information types.... a number of respondents... expressed concern as to the vulnerability of their financial systems to attack.(1)

Regrettably, the risks are not limited to crime. They span the spectrum from the unintentional accident to a malicious attack. Unintentional risks include natural disaster, accident, unanticipated problems (such as the Year 2000 Bug or Y2K problem), technical faults, and user error. Intentional risks include, dis-information, hate/revenge (personal or work-related), crime, commercial or military espionage, state and non-state based terrorism, and information warfare.

In early 1998, both Queensland and Auckland, New Zealand, were afflicted with severe blackouts as key choke-points (or nodes) in the electricity distribution networks collapsed(2). As the Auckland crisis proved, contemporary cities quickly grind to a halt when electricity, telecommunications and financial networks are out of action. But think of the consequences of nation-wide computer breakdowns that could happen on 1 January 2000. Everything from your family video and microwave, the world wide Global Positioning Satellite (GPS) system, and nuclear powerplants in the former Soviet Union are at risk. The Australian Government Minister responsible for fixing the Year 2000 bug estimates the cost of fixing government mission-critical systems alone at $600 million(3).

Being an advanced economy, with a well educated workforce, extensive infrastructure, a strong and growing service sector, and high levels of overseas trade and finance, Australia provides a good example of the opportunities and problems faced by a typical OECD country in the information age. This paper takes Australia as a case study and asks specifically where, how, and why Australia's critical infrastructure might be at risk. By examining the core elements of the National Information Infrastructure (NII), such as power distributions systems, telecommunications and financial networks, it is possible to gauge whether the system is vulnerable. The evident vulnerabilities are then juxtaposed against a selection of threats, thereby creating a risk assessment.

Consideration will then be given to initiatives undertaken by the Federal Government to address the risks and vulnerabilities identified in the risk assessment. A comparison will be made with information infrastructure policies enacted by the US Government. The paper will end with suggestions as to future policy options available to the Australian Government.

It should be noted however that this paper does not claim to provide an exhaustive survey of either vulnerabilities or threats. The criteria for selection was focused on the most serious threats and vulnerabilities that were evident in the open source literature at the time.

The potential for critical information infrastructure systems failure is a matter for a joint private sector and whole-of-government approach-as it spans all those aspects of national life that depend upon interlinked information systems. It would therefore be prudent to attempt to anticipate the risks of both accidental and malicious system failures and plan for protecting the National Information Infrastructure.

Information Warfare and National Security

Much of the literature on information infrastructure vulnerabilities arises out of a new subject area in strategic studies-'information warfare'. It is a new and highly contested field of enquiry and in one variant refers to the ability of a military force to protect its own information systems while at the same time attacking those of an adversary. While a concern with infrastructure is nothing new to the military strategist, new technologies have changed the way infrastructures operate, thereby demanding their re-examination in the strategic context. The same can be said of traditional approaches to military technology.

Information warfare (IW) has also been associated with the so called 'Revolution in Military Affairs' (RMA). In some respects IW is a sub-set of the RMA, which is also concerned with the military application of new technologies to the 'battlespace'(4), such as stealth, precision guided munitions, and advanced surveillance capabilities. The RMA is also concerned with developing new organisational structures to assist in optimising new technologies, and in this respect has been referred to as a Revolution in Management Affairs(5).

This development comes at a time when three other trends are converging. First, warfare increasingly concentrates on civilian targets. The focus of war since the last century has shifted from being the preserve of governments and the armed forces to involve entire civilian populations. Likewise, the spectre of terrorism concentrates on 'soft' targets. Second, out of desperation, revolutionary powers have often used new technologies in innovative ways that have given them, initially at least, a decisive advantage in war. This century has observed incredible changes in technology for war-fighting purposes, from horse-drawn artillery to nuclear intercontinental ballistic missiles. As a rule, revolutionary powers have been much more imaginative than status quo powers in their development of doctrine and organisational structures coupled with new technologies. Prior to the outbreak of WWII, General Douglas Haig, the British architect of trench-warfare in WWI, stated emphatically that the coming war would be quickly won at its outset by a decisive cavalry charge. 'Blitzkrieg' combined the tank with radio, airpower, and mobile infantry, in military formations (Panzer Divisions) using new doctrine unthought of by Haig and his contemporaries(6).

Third, the end of the Cold War, like the end of WWI, has created a period of strategic uncertainty. With high levels of unemployment, disillusionment with traditional forms of politics and deepening divisions along racial and ethnic lines, growth of anti-immigration movements, widespread job insecurity, high levels of financial speculation and an inability of conventional policy prescriptions to address any of these issues, the international political economy in some mature economies is beginning to demonstrate parallels with the inter-war years. As E. H. Carr convincingly argued of the period 1919-1939, the failure of the democracies to understand and overcome the destructive excesses of the policies that led to the Great Depression, left a policy vacuum that the totalitarian powers eagerly filled(7). There are also parallels in the military-strategic context. Like the inter-war period, new technology currently exists in the form of 'information weapons' but, as yet, no one has formulated the comprehensive doctrine or organisational structure necessary to bring 'info-blitzkrieg' into being. As the economic outlook continues to decline for many mature economies, which also happen to be status quo powers, the chances are that revolutionary powers will seek to champion their alternative either by demonstration, or worse, by force.

There is a Revolution in Military Affairs (RMA) in so much as traditional military weapons, platforms and sensors will become increasingly irrelevant in proportion to the growing centrality of the information dependence of civil society. This development is ushering in a new era where protection of critical infrastructure will be the key to economic success and national security. History shows that at turning points in the past, unsatisfied powers have seized the initiative-commercial, military or ideological. In the turbulence of contemporary global politics and economics, those that seek new alternatives to old dilemmas will gain a decisive advantage. The RMA's of the past have involved new weapons, strategies and organisations. The revolutionary concept of the 21st century will bypass traditional weapons and focus conflict on the heart of civil life-the information systems upon which societies depend.

National security involves much more than military defence. At a minimum, it is fundamentally about the survival of society. Pushing the definition a little further, it is concerned with the creation of the necessary political, economic, social, and environmental conditions within which society might flourish(8). Clearly, an attack on the non-military NII, upon which economically developed societies so heavily depend, will be an attack on the security of that society. Indeed, in some respects, such an attack could be far more harmful to the stability and capacity of a society to function, than an attack on the armed forces of the state, because it disrupts or destroys the most fundamental infrastructural elements upon which modern society depend. It is the electronic equivalent of total war. Consequently, the spectre of information-based conflict is the most significant threat to national security since the development of nuclear weapons over fifty years ago. Like nuclear weapons, information-based weapons relocate the strategic centre of gravity from military forces to direct attacks on civilian targets. While the use of nuclear weapons post-1945 came to be considered unthinkable, it is very conceivable that information-based weapons will be used to target and destroy information dependent nations.

Information-based conflict foreshadows a new kind of conflict, where the overt, physical assault is replaced by ubiquitous, anonymous, and ambiguous subversion of society. No longer a matter of clearly defined spatial limits where an 'enemy' is clearly an outsider, such subversion can come from within or without. An information assault on the diverse and complex roots of society cannot simply be addressed by a compartmentalised bureaucracy designed to address the nineteenth century problems of gunboats and cavalry-divisions. While few ever realised it in the past, security has always been indivisible. It will be ever more so in the future, especially in the context of securing the information and infrastructure systems upon which society, domestic and international, depend.

While a new concern for infrastructure security may have been born out of the RMA, it is not and should not be the preserve of the military strategist. As this paper seeks to demonstrate, warfare is just one of a number of potential risks Australia faces in the late 20th Century.

The National Information Infrastructure (NII)

What is the National Information Infrastructure?(9) For the purposes of this paper, the NII is defined as the physical and virtual backbone of an information society and includes, at a minimum, all of the following:

With respect to information based vulnerabilities, one might separate vital information-dependent governance systems into three distinct groupings:

The NII runs on the telecommunications network, and is linked to the Global Information Infrastructure (GII) via submarine cable and satellite. It is also dependent on a constant supply of energy and thus elements of the NII are interdependent upon one another. Many of these systems are also dependent on support systems. In the harsh Australian summer many of these vital computer systems will depend upon air-conditioning and related environmental-control devices to function. A specific system may be very secure from information attack, but highly sensitive to changes in temperature or humidity for example. In the next section a detailed examination of vulnerabilities in select NII systems is presented before examining the potential threats against these systems.

Vulnerabilites in the National Information Infrastructure

Energy

Energy distribution in the state of New South Wales (NSW) is the responsibility of TransGrid(10). 'TransGrid's high voltage electricity transmission network is large by world standards, involving approximately 11 500 km of transmission lines and 73 substations... [and six area headquarters at] Tamworth, Newcastle, Orange, Metropolitan Sydney, Yass and Wagga'(11):

Information systems and communication links [are] also required to enable TransGrid to manage its market operation responsibilities. The real time nature of electricity delivery involves continuous changes to achieve balance between supply and demand. Accordingly, prices, generation dispatch instructions, market information and other matters are determined each half hour leading to the need to frequently update and communicate a large amount of data. In short, the market in its present form could not operate without computerised information systems and communication links(12) [emphasis added].

Figure 1: Electricity Distribution in NSW

This figure shows the main high voltage electricity transmission network of TransGrid. The shaded area indicates the power generation facilities of the Snowy Mountains Authority.

The entire NSW power grid(13), including generators, distribution and the six area headquarters are controlled from the System Control Centre at Carlingford, a Sydney suburb. There are two central power sources feeding the state. One is the coal-powered Hunter Valley system, situated north of Sydney. The other is the Snowy Mountains Hydro Scheme, situated just outside Canberra and south to the boarder with Victoria, and comprising six main power stations located at dams in the region. The power generated from this region is channelled through one key point, Yass, before it can reach Sydney. The Hunter system does, however, provide an alternate supply, with additional diversity of routes into Sydney. Nevertheless, with the Snowy Scheme out of action, the subsequent pressures on the Hunter would probably overwhelm the system.

Figure 2: Electricity Distribution in the ACT

This figure shows the main high voltage distribution system in the ACT superimposed on the suburbs of Canberra.

The National Capital, Canberra, is serviced by one main substation. That station is in turn connected to only two other substations, located at Yass and Cooma. Within Canberra, most major government agencies are dependent on two smaller substations located in the city (City East zone and Kingston zone) and there are precious few transformers available in reserve to service the city. The computers operating the power grid can be accessed via a number of routes, including the direct dial-in diagnostic system used by technicians to monitor, detect and fix problems across the breadth of the grid. From the point of view of security, these are serious vulnerabilities. Few sections within even the Department of Defence, for example, have an alternate energy supply to the city grids. Similarly, the joint force commanders are all located in Sydney and aside from limited reserves, rely on Sydney's power supply as well as public communication links between themselves and HQADF in Canberra.

Australia's major cities are serviced by two or three natural gas fields via extremely long pipelines that are computer controlled. Two key pipelines feeding both Sydney and Adelaide originate from the Moomba (SA) oil and gas fields. Similarly, Perth is fed from the far north west of WA by two lines, Brisbane is dependent on one line, while Melbourne relies on lines emanating from the Bass Strait platforms. In all cases, the pipelines span thousands of kilometres over uninhabited sections of the outback or under the ocean. The lines are policed in terms of physical protection. For example, one of the roles of the RAN's patrol boat flotilla is to very publicly patrol the Bass Strait oil rigs. However, the pipelines and the systems that drive them, i.e., the Supervisory Control and Data Acquisition (SCADA) system, are designed to be remotely accessed, monitored and operated from a distance. With vast systems spanning thousands of kilometres operated by computers that are remotely accessed, the possibility of an electronic intrusion could become a real threat. What if the system controlling the Moomba gas lines to Sydney and Adelaide were closed down?

Figure 3: Oil and Gas Pipelines in Australia

Computers cannot operate without power. Nor can telecommunications, the financial network, or defence communications-all areas prone to information attack and discussed below. Moreover, the interdependency of these parts of the NII complicate efforts to defend them. Growing complexity and interdependence, especially in the energy and communications infra-structures, create an increased possibility that a rather minor and routine disturbance could cascade into a regional outage. Technical complexity may also permit interdependencies and vulnerabilities to go unrecognised until a major failure occurs.

Telecommunications

There are two major telecommunication service providers in Australia, Optus and Telstra (formerly Telecom). Optus began operations in January 1992 and currently holds approximately 10-15 per cent market share across all systems. Aside from a mobile phone net in most major cities and along major highways (covering 86 per cent of the population at 30 June 1996)(14), it has installed a fibre optic line from Brisbane to Perth. Each major city also has a CBD fibre optic ring (providing direct access to corporate clients) and a switching centre. The whole Optus system is based on a synchronous digital hierarchy platform.

Telstra operates an extensive network of coaxial cable, microwave radio, optical fibre, digital radio concentrators, mobile phone cells, submarine cables and submarine fibre cables(15). There are dedicated trunk switches in every capital city in a static hierarchy configuration. Routes are tested in a routine order, with the most direct route selected first. It is possible for calls between cities to bypass major hubs only if all lines through the hub are in use. Each hub is linked with other capital cities by two geographical routes and each capital city trunk switching centre should have access to the other capital cities without physically routing via a common building in the city.

While there is some redundancy on the eastern seaboard, there are also a number of important choke-points. For example, the exchanges in Katherine (NT), Woomera (SA), and Ceduna (SA), link central and western Australia to the east. Both microwave and fibre lines pass through these exchanges. If these critical nodes were attacked all terrestrial communications between the west and east would be severed. Add the exchange at Camooweal (QLD), and the entire centre of the continent would be severed from the outside except for direct satellite links and HF radio. With the exchanges gone, these remaining systems would be overwhelmed by the demands of regular telephonic and data traffic that daily cross the continent.

Figure 4: The Telstra Fibre-optic Telecommunications Network

This figure shows the Australian fibre-optic network, major exchange centres and the submarine cable exit points.

All major cities in the Telstra network depend upon between 2-5 central exchanges connecting the city and the city to the outside world. In Canberra, the national capital, the exchanges at Civic, Barton and Deakin service all the major bureaucracies and link Canberra to the outside world. Black Mountain Tower is a critical microwave node with a fibre optic interchange with cables from the Deakin and Civic exchanges. It also provides one of a number of microwave links between Sydney to Melbourne. The tower services the NASA space centre at Tidbinbilla with a high volume microwave link, as does the Deakin exchange (with a low volume direct microwave link). The Deakin exchange is a critical link between the space centre at Tidbinbilla and mission control centres in the USA(16). The Department of Defence has a direct fibre optic cable to the Civic exchange (and thence onto the Tower) and some limited microwave capacity. Other departments of the federal government all use either the Deakin or Civic exchange and a very few (like the AFP and ATO) have direct microwave links to Black Mountain Tower.

Australia's marine links to the outside world depend on a handful of critical nodes in the Asia-Pacific region. Submerged fibre optic cables and older submarine cables connect Australia to the world via Port Hedland (WA) (to Indonesia), Perth (WA) (Gnangara to Indonesia), Cairns (QLD) (to PNG) and Sydney (NSW) (Oxford Falls and Paddington to Hawaii and NZ respectively). Calls in and out of Australia on all these lines are processed through two buildings in Sydney: the Paddington exchange and the Telstra facility at Oxford Falls. Similarly, the location of specific cable entry-points into Australia are well known.

Figure 5: Australia's Links to the International Submarine Cable Telecommunications Network

Australia is also a critical node in the international fibre network. Aside from Australia, there are three critical nodes in Asia: Japan, Hong Kong and Singapore. All South East and North East Asia connect onto this submarine fibre corridor. Links to the outside world pass from Japan to the US, and from Singapore to India and onwards to Europe via Suez. The only other separate submarine fibre links to the US and Europe pass through Australia. Within the Asian submarine cable corridor, between the two key nodes of Japan and Singapore, Hong Kong is a critical node. If it were disabled, Asia would be isolated on the north-south axis. Were Singapore and Japan taken out of service the only remaining international links pass via Australia. Consequently, Australia is a vital international node.

The satellite communication network is comprised of two core systems, one international (INTELSAT)(17) and one domestic (Optus satellites)(18). Australia was a founding member of the INTELSAT consortium which was established in 1964 to provide a worldwide satellite system. INTELSAT is a majority American-owned consortium which places satellites into space and then leases capacity on them to telecommunications carriers around the world. Currently Australia is the fifth largest shareholder in INTELSAT which owns and operates over 20 spacecraft located over the Indian, Atlantic and Pacific oceans. Both Optus and Telstra operate separate INTELSAT gateways at Oxford Falls in Sydney, part of an international network of nearly 400 earthstations in over 150 countries. In addition, Optus operates an INTELSAT earthstation at Lockridge in Perth, as does Telstra at Gnangarra in WA. The Telstra facility is also a major link in the international satellite control network.

The Australian Government initiated a national satellite system in 1983 when it formed AUSSAT (Australian Satellite system). The first of the fleet of three geostationary Hughes HS367 AUSSAT-A satellites entered service in late 1985 (two remain in service with one of these to be decommissioned in 1998). The satellite fleet was sold to Optus communications as an integral part of the Optus licence bought from the federal government in January 1992 for $800 million. The fleet is being replaced by the Hughes HS601 Optus-B satellites. The first was launched on 14 August 1992(19). The primary Optus satellite operations control facility is located at Belrose, a northern suburb of Sydney, with a backup facility in the Perth suburb of Lockridge. A broadcast operations centre and satellite network services centre are also co-located at the Belrose facility. From Belrose, the satellites can have their position in orbit or their direction altered (as is necessary to maintain geostationary position with antennas pointed in the right direction). It is also possible to access and manipulate the signals sent and received via the Optus satellites from Belrose, and to monitor the traffic that passes through all Optus spacecraft. There is no encryption on the control channel of the two A series. Anyone with the proper equipment could easily put the A's out of action. Clearly, Belrose is a highly critical node, with redundancy provided at only one other well-known location in Perth.

In terms of general satellite communications (SATCOM's) to and from both the Optus and international satellites (i.e. excluding control stations), there are a wide diversity of nodes. This diversity makes it near impossible to successfully attack enough communication transmission earthstations to seriously disrupt civilian SATCOM's. Each capital city as well as Canberra and Darwin have major earthstations. In addition, most major TV stations and a number of businesses (in total about 350) possess a similar system and there is a plethora of smaller systems, mostly receive-only for TV and radio, scattered across the country(20). Satellite users can either provide their own equipment or route through the Optus earthstations. Transmission to the Optus earthstations is most frequently through microwave. Belrose for example, is 15 kms in direct line of sight from Sydney CBD. The key sensitivity in civilian SATCOM's is the mass media. If, as part of a campaign, terrorists were to attack SATCOM's key TV and Radio facilities it would seriously impair the ability of the media to communicate to all Australians. If attacked, the media would attempt to route its SATCOM traffic via landlines to alternate earthstations, but the likelihood would be that in that kind of attack the other systems would already be near full-capacity due to the number of systems switching to main SATCOM routes. Switching to alternate earthstations would also require that the main telephone exchanges be intact.

'Although they are hidden from view, Optus' satellites are a surprisingly common part of the day to day lives of Australians and Australian businesses'(21). In the same publication, Optus states that their satellites carry the following types of information:

Intelsat carries similar services. However, under international agreements, the military component can only be for UN approved activities. A discussion of military uses of satellite communications will be presented below in an examination of the Defence Information Infrastructure (DII).

What becomes clear from this investigation is that while there is considerable redundancy in earthstations with full transmit/receive capacity, this is not the case with the central control, transmission, and monitoring system for the domestic satellites, nor is it the case with mass media SATCOM access. As noted above, additional SATCOM redundancy is provided by Intelsat and Imarsat. Yet these are not safe either. Both have critical control earthstations in Sydney and Perth. In the global context, these international satellite control facilities might make Australia a target in a global campaign of information war- the weaker these nodes are believed to be the greater the chance that they will be targeted, even if the terror is not aimed at Australia per se.

Finance

The central bank, the Reserve Bank of Australia (RBA), is responsible for the overall stability of the financial system. It is banker to the banks, and the main banker to the Commonwealth Government, and some state governments. As well as supervision of banks(23) the RBA is responsible for the accounts used for 'settlement of interbank obligations arising in the payments system'(24). In other words, clearance of its customers cheques and electronic funds transfers are the RBA's responsibility. The RBA operates the Reserve Bank Information Transfer System (RITS) which is 'an electronic transfer and settlement system for Commonwealth Government securities. It allows real time recording and settlement of transactions'(25). RITS has recently been expanded to act as a real time gross settlement system for all accounts held by the bank. A range of associated organisations work with the RBA to ensure the smooth running of interbank, securities, equity, futures, and options, clearance and settlements. The RBA is either a shareholder or has representatives on these bodies. The clearance process involves consolidation of information on debts and credits and establishment of the net position between institutions. Settlement refers to 'payment or receipt of value of net obligations established in the clearing process'(26).

The clearance process is managed by the Australian Payments Clearing Association (Ltd), which is a limited liability company. Shareholders are the Reserve Bank, trading banks and the industry bodies of building societies and credit unions. Clearance of payment instructions is being organised into four functional groups:

'Net obligations arising from the clearing of instruments in each of these systems are settled across accounts at the Reserve Bank of Australia'(28). APCA have outsourced their operation to the Society for World Wide Interbank Financial Telecommunication (SWIFT), based in Brussels (further discussion of SWIFT below). This means that every day Australian banks clear their netted position with one another via a computer in Brussels which then transmits the final result to the Reserve Bank computer in Sydney for settlement on the accounts held by APCA members (e.g. Australian banks). The RBA computer is located at Head Office (at Martin Place, Sydney), and is linked on-line with the Reserve Bank's state branches in each capital city (except Darwin). There is one main computer at Head Office which is supported by a mirror system on site and one further backup on the outskirts of Sydney which, the bank claims, is served by a separate telephone and power grid to the two computers at Martin Place. However, as the discussion of energy supply to metropolitan Sydney demonstrate, Sydney and surrounding NSW is only supplied from either Yass or one other node in the Hunter, making the bank's claims with respect to sustainable power suspect.

The banks have just 45 minutes for the clearance and settlement process-from 0800hrs to 0845hrs on each day of trading. The remaining 15 minutes before 0900 allows the RBA to intervene, if necessary, as banker of last resort in cases where a bank cannot honour its commitments arising out of the clearance process. Forty five minutes is not much time to act if something goes wrong. The domestic banking system could not survive more than a few days if this delicate system were disrupted.

Many other significant transactions pass through the RBA's computer. For example, the Government Direct Entry Service is owned and operated by the RBA. The system electronically disperses government payments to over 600 financial institutions, which in turn distribute government payments into the accounts of millions of Australians-which include, inter alia, public servants, those on social security benefits and members of the armed forces. In 1993, this system conducted up to 3 million transactions a day(29).

This is a key weakness in the system. If, for example, in the lead-up to major conflict, an adversary could disrupt government payments to the armed forces and their families, it would seriously affect the morale of the forces and society generally. This kind of disruption has been foreshadowed in the past with grave political consequences. The 1975 Federal Budget crisis which threatened Supply, quickly turned into a constitutional crisis, in part because of the fact that the incumbent Government was facing a hostile Senate that could have prevented the Government from paying the armed forces (and others). With all of the government's payments passing through just one computer, the financial security of millions of Australians as well as national political and economic stability is seriously threatened.

Large-scale interbank transfers and settlements worth $10 000 or more are processed through the Bank Interchange and Transfer System (BITS). It is owned and operated by the four major national banks and one State bank. In 1994 $20 billion per day went through the system (nearly a 100 per cent increase from 1991). 'BITS payments are irrevocable and deliver immediate clear funds to the account of the recipient'(30), although they take 24 hours to be netted with positions settled across central bank accounts. Both the RBA and the four other members operate BITS computers, which are in turn, all linked to the main RBA computer.

Australian government securities are electronically processed in real time by the Reserve Bank Information and Transfer System (RITS). In 1994 the system held around $65 billion worth of government securities with an average daily turnover of $15 billion. In 1993 RITS serviced 95 members. It is not a trading system, but rather transfers and settles the transactions-i.e. it is where the money changes hands electronically. 'Transactions on RITS are initiated by the two parties to the deal inputting trade details from computer terminals in their offices. The system then matches these details and confirms the deal'(31). Austraclear provides a similar service for private securities transactions. Similar arrangements exist for equity, futures and options trading.

As with the domestic system, the bulk of large-scale international transfers from either BITS, RITS, or Austraclear are 'now done using Electronic Funds Transfer [EFT] technology rather than paper-based instruments'(32). The Australian banking system is linked to a number of international systems, including CHAPS in the UK(33) and CHIPS in the US(34), using the SWIFT protocol(35)-a standardised encrypted transmission service for international financial messages owned and managed by about 1800 member banks and financial institutions, including the Reserve Bank(36). Using a common architecture and system may facilitate communication, but it exposes the banks due to the fact that a common system needs only one vulnerability for the whole system to be penetrated or attacked. If just one of these systems were accessed either illegally, by accident, or by a disgruntled employee, there would be grave consequences for the security of the system. If one of these terminals was stolen-and computer security consultants walk out of offices on a daily basis with whole laptops filled with classified data under their arms(37)-the entire system's integrity would be in question.

SWIFT was established in 1977 by a cooperative of 239 international banks to facilitate operational messaging between member financial institutions (funds are not transferred, only messages ordering money transfers). Currently, 4300 member banks in over 100 countries use SWIFT to send over two million messages a day-equating to daily transactions of around US$2.5 trillion(38). SWIFT's electronic data interchange system has become the global standard protocol used by banks in Australia and overseas. SWIFT is run by Unisys mainframes at three data centres sending and receiving messages via leased lines and the public-switch telecommunications network. The primary facility is located at La Hulpe (Belgium), with a backup computer in Holland, and one in Culpeper, Virginia, USA. A security audit of SWIFT performed in 1995 by Price Waterhouse and reproduced in the SWIFT Annual Report stated that:

Certain security control weaknesses were identified relating to the systems directly supporting SWIFT... Although we believe that these weaknesses cannot be exploited to compromise the confidentiality or integrity of message data passing through SWIFT systems, these weaknesses can be exploited to create a situation in which SWIFT cannot manage, operate or monitor the [SWIFT] application. This in turn creates the potential for intentional or unintentional disruption to the availability of the [SWIFT] services(39).

In many cases with domestic personal banking electronic transactions, network members agree their net obligations bilaterally and notify their positions to the Reserve Bank. Consequently, all major banks have central data processing centres connected to one another and the main system at the Reserve Bank. Similarly, all ATMs and EFTPOS systems are linked by one of two national networks using common systems architecture(40). Notably, for reasons of 'efficiency' the central data processing centres are few in number. Problems have already been recorded where such centralisation has caused major disruption. For example, in the early 1990s, the Melbourne ANZ bank data centre was disabled when the electricity line from a tram came into contact with the bank's tin roof as a consequence of a road accident(41).

The RBA is not alone in having a fairly basic information infrastructure. The Australian Stock Exchange (ASX) is situated in the Macquarie Bank building at 20 Bond Street, in the Sydney CBD. On 29 September, 1995, there were 17 717 transactions totalling $1 395 697 766.71 in value. There are also stock exchanges in Brisbane, Melbourne, Perth and Adelaide that act as 'shop fronts' for the central exchange in Sydney with on-line networking to the Sydney exchange. The ASX introduced electronic trading in 1987. The ASX use VAX computers and have two sites servicing the Sydney exchange, one on site at Bond Street, and another at Bondi in Sydney's eastern suburbs. The two sites operate in one cluster with the Bond Street site running the trading and clearing systems. The Bondi operation is for daily operations of employees of the ASX and acts as a shadow to Bond Street. As information is processed at Bond Street it is simultaneously written to a duplicate disk at Bondi. Until recently the two sites were linked by two microwave telecommunication towers (the second is a backup).

The Sydney exchange is linked to the other state exchanges by Optus fibre optic cable(42). Should that system fail the ASX switches to Telstra fibre optic (via a different exchange) or microwave and occasionally satellite transmission. There is also a major relocation of ASX systems currently planned. A brand new facility is proposed for a site at North Ryde, a Sydney suburb, which will be an EMP hardened, dedicated data centre and will takeover the current Bond Street operation. A new facility is also planned for the Bondi operation. The ASX have undertaken some extensive disaster recovery measures, in addition to security features in their new data centres, bearing in mind the vital public focus on the exchange given the damage an attack or disaster could do to business confidence. The chief disaster recovery officer of the ASX has stated that while they had received information attacks in the past, it had been possible to quickly redress what little damage had been done(43). Nevertheless, it is interesting to note that the ASX found it necessary, or at least prudent to relocate their backup facilities and build them from scratch with information attack in mind.

Trillions of dollars in funds and securities are transferred daily by electronic communication mechanisms. With the Reserve Bank at the centre of this frenzy of electronic financial interaction relying on one central computing facility (with only one backup), a question might be asked as to how secure such a system can be? Commenting on financial systems in general, a leading computer security expert observed that we face severe risks from 'accidental or deliberate alteration, substitution, or destruction of data. The risk is compounded by interconnected networks and the increased number and sophistication of malicious adversaries'(44).

Banks calculate that the risk of the system being attacked is not significant enough to warrant more costly redundancy being put in place. However, this calculation should be reviewed in light of the glaring inadequacy of extant systems to cope with a moderately serious and calculated information attack. The problem is compounded by virtue of the fact that the idea of info-terrorism is so new and attacks have so far been quite mercifully few. Just because it has not happened with much frequency to date does not mean it is not going to be a significant and growing problem in the future. It is perhaps ironic that just as information attack capabilities have increased, large systems are being cut back for reasons of efficiency. If they are too simple in design, then they will be that much easier to attack. Only having one backup may not be enough and certainly not when its location is known. Similarly, moving towards a global protocol (as in the case with SWIFT) exposes all parties in the system in the event that someone works out how to crack the single system upon which global banking operates. Likewise, the potential for trouble generated by those on the inside with access to these systems, in these times of down-sizing, cannot be ignored.

Defence Information Infrastructure

The 1987 Defence White paper and subsequent policy papers, identifies the most likely Area of Operations (AO) for the Australian Defence Force (ADF) as the top end of Australia and the sea-air gap to the north(45). In a detailed study of the defence communications infrastructure, Colonel Danny O'Neill observes that 'the ADF's terrestrial communications systems are...limited and there are not sufficient resources to provide quality wide-band links through large areas of the AO'. He also notes that in the AO the civilian infrastructure is little more than an 'inflexible and vulnerable linear capability'(46). As in the AO, in the south of the country, or Support Area (SA), 'the civil communications infrastructure plays a large part in support of the ADF'(47). Supply, logistic and administrative support are vital to modern combat effectiveness and deterioration of these civilian-dependent communication systems could have a major effect on the ability of the ADF to conduct operations in the AO. Aside from the extant civilian infrastructure, the ADF operates what is known as the Defence Integrated Secure Communications Network (DISCON) which 'provides a basic defence owned and operated message (telex) capability between capital cities, anchor stations for mobile and transportable HF stations, and connections to the Allies communication systems'(48). However, for reasons of efficiency ADF HF radio facilities have been scaled-back to reduce 'unnecessary duplication' between civilian and military systems. HF radio is also limited in carrying capacity(49). This is problematic in an age where there are increasing demands on military systems to carry a range of data (voice, text, and imagery) in addition to the high-demands of automated information systems. While mobile fibre optic cable is also used between commanders over short distances in the AO, considerable dependency on civilian information infrastructure exists-'it has been Army doctrine since 1981 to use civil facilities whenever possible'(50).

Since 1992, the ADF has leased Ku-Band(51) transponders aboard the Optus-B domestic satellites and owns 16 associated mobile transceivers. But this system also has limitations, not the least of which is as Colonel O'Neill points out 'the dependence of SATCOM systems on vulnerable control stations', which is a reference to the Optus Belrose facility (discussed above)(52). Since October 1996 the ADF has used a modified L-Band mobilesat service to 'provide a tactical narrow band system within the Optus footprint'(53). In December 1997 the Australian Government decided that future Optus-C satellites, the first due to be launched in 2000, will carry 'operational UHF and X-Band systems and a developmental Ka-Band system'(54). The Department of Defence is also currently investigating other satellite applications and platforms, such as indigenous Low Earth Orbiting satellites.

The ADF has access to Intelsat and Inmarsat systems which, unlike the domestic SATCOM system, can reach outside of littoral Australia. Both international satellite systems enable mobile SATCOMs, however as recent research by Des Ball has shown, these systems are limited in that they still require switching via national telecommunications carriers for the purposes of caller ID and billing(55). The international satellites also have strict limitations on their use for belligerent purposes. Currently the ADF has only 3 C-Band transportable terminals for use with Intelsat(56).

The ADF has limited use of Allied SATCOM facilities, such as the RAN's use of the USN's FLTSATCOM system, although these systems may not be the best solution for ADF users(57). For example, if the United States disagreed with Australian military objectives in a case where Australia was acting alone, would the US allow Australia to use its satellite capacity? If there was a shooting war involving both the US and Australia as allies, would the US devote scarce SATCOM resources to Australia? Bearing in mind that SATCOM resources were overloaded to such an extent in the Gulf War (1991) that the US military had to resort to civilian systems for a significant amount of their traffic, it would be safe to say that Australian access to US capacity may not be automatic. As noted above, Australia could not independently use the international satellite system for belligerent purposes other than those approved by the UN Security Council. Consequently, Australian defence SATCOM resources are both quite limited and vulnerable because they rely on the Belrose facility and cannot project past littoral Australia. At the same time, Australian access to international or allied systems is not assured in the case of a military conflict.

As the above discussion has shown, defence communications rely significantly on various civilian systems. For example, one of the key terrestrial nodes in the defence network is a fibre-optic cable direct from ADF HQ to the Civic telephone exchange in Canberra. Like the Belrose satellite control station, the Civic exchange in Canberra is a critical node in the defence communications network. If so much of the DII depends on the NII, especially in the AO, and the latter is vulnerable, as has been shown above, then the DII is itself vulnerable. In the past the requirement of defence communications to use civilian systems as much as possible may have made good economic sense. However in the context of information operations, 'economic efficiency' cannot be the sole criterion upon which to base the DII. Ironically, the drive to efficiency proposed by the Wrigley report(58) and discussed in Colonel O'Neill's excellent paper, may have created significant vulnerability by reducing redundancy.

Risk Assessment and Sources of Unintentional Risk

A risk assessment juxtaposes existing vulnerabilities against likely threats to determine what is most likely to happen (e.g. worst case scenario/s). Like most OECD countries, Australian NII vulnerabilities are confronted by a range of dangers, both unintentional and intentional. Unintentional risks include natural disaster, accident, unanticipated problems (such as the Year 2000 Bug or Y2K problem), technical faults and user error. Intentional risks include dis-information, hate/revenge (personal or work-related), crime, commercial or military espionage, state and non-state based terrorism and information warfare.

Of all these problems, some are more significant than others, depending on the probability and the consequences of a threat materialising. Intentional threats, such as terrorism, are not necessarily more dangerous than unintentional threats, if the likelihood of a terrorist act actually occurring (other things being equal) is very low. In some cases, the probability of an event occurring is remote but the consequences so grave that such a threat must be given a high priority.

Two points must be emphasised here. The consequences of a failure of the NII would be very severe indeed. Therefore, action is required regardless of any threat probability assessments. Once probability is added in-it will be clear which risks will require the most urgent action. Second, in some instances in the Australian context, there exists a combination of high levels of vulnerability, a high probability of an event occurring and associated severe consequences. A threat hierarchy exists where these three factors overlap.

This paper's risk assessment suggests a heirachy of threats facing Australia's critical infrastructures. In descending order of probability and consequence of seriously damaging Australia's national security, wealth, and international image, they are:

Year 2000 Bug

The greatest risk regarding Australia's NII appears to emanate from an unintentional but nevertheless ubiquitous 'threat'. The Year 2000 computer incompatibility problem effects all computers everywhere, as well as embedded chips. Not only would Y2K failures affect individual computers and networks, their effects would concentrate on the same critical choke-points in the NII identified above, just as would any malicious attack. Similarly, a cascading effect would occur-spreading out from problem systems into the general network community-threatening systems that have been Y2K 'immunised'.

Not only would Y2K 'attack' all the vulnerabilities identified in the NII simultaneously, the probability of a Y2K event is guaranteed in spite of what are expected to be exte4nsive precautions taken in the public and private sector to prevent it. Come 1 January 2000 it is a certainty that some kind of crisis will develop-the only question concerns the extent of the ensuing dilemma (for a checklist of the kinds of systems at risk see Annex 2). The unintended or unimagined consequences of multiple interdependent systems collapse would cripple the nation more swiftly and comprehensively than any military attack ever could.

In essence, the problem is that most hard/software has been programmed in a shorthand that only uses a two digit year reference e.g. DD/MM/YY. These two-digit dates exist on millions of data files, in millions of applications, and in a wide variety of operating codes and hardware systems. In 2000, computers will not be able to decipher whether it is 1800 or 2200, thereby sending all manner of code, programs, applications and calculations haywire. The problem affects most computers and software embedded in electronic equipment. Correction requires the inspection, evaluation, alteration and testing of literally millions of lines of computer code-it is complex, time consuming and costly.

A great part of the danger lies in the timing and magnitude of the problem. On 01/01/00 every computer system that has not been fixed will experience some difficulty. Indeed, when it comes to interdependent computers and networks, it will only take one non-Y2K compliant link to threaten the entire chain. There is a very high risk that critical infrastructures that rely on networked computers will face serious, if not catastrophic, failure. Because it will all happen at the same time right across the country (and indeed internationally within 24 hours), it is impossible to predict the scope of the impact. Its scale however, will be unprecedented.

Not only are key civilian infrastructures dependent on computers and networks, so are nuclear warheads, missiles and reactors, for example. At a recent conference in Canberra(59), the author asked the Chief of the United States Air Force, General Michael Ryan, whether US strategic nuclear forces were fully protected from Y2K. He gave reassurances that all required 'patches' have been put in place. 'The USAF will fly on the 1st of January 2000' he said. However, media reports cast doubt on the ability of Russian and former-Soviet strategic nuclear forces to keep up with Y2K threats. For example, The Sunday Times recently reported that western intelligence sources have warned political leaders that there could be 'a giant Chernobyl' if Y2K issues are not addressed within both military and civilian nuclear systems in the former Soviet Union(60). The same paper reported President Clinton's new Y2K Tzar, John Koskinen, who suggested even US systems were not as safe as General Ryan claimed. Mr Koskinen is quoted as saying that 'it needs to be worried about... if the data doesn't function... they [US warheads and missiles] actually [could] go off'(61).

The military is not the only concerned group. The Australian Stock Exchange revealed it has spent '$12.5 million already to safeguard its systems from the millennium bug'. It is asking Australian companies to 'outline how much exposure the company has, what measures have or are being taken and the overall cost of addressing the problem'. The ASX says the objective for its own critical computer systems is 'to meet with British Standards Institution's Year 2000 compliance rules as described in DISC PD2000-1'(62).

The responses to the ASX letter inquiring into Y2K compliance makes interesting reading, especially with regard to critical infrastructure systems. The ASX Managing Director, Richard Humphry, said that 'I haven't yet received from any State government any assurance written or verbal, that [the] utilities will be okay by 2000'(63). Indeed, the Chairman of the ASX, Maurice Newman, who was recently appointed by the Australian Prime Minister to chair the Federal Government's Year 2000 steering committee, has predicted a global recession in 2000(64). He has also highlighted problems with staging the Olympics and the risk of major failures in critical infrastructures(65).

The banks are also concerned. One of the most candid on the subject is Ken Pritchard of the Commonwealth Bank. 'His company has 37 000 mainframe programs that hold 32 million lines of code, all of which need to be checked. The bank also has so-called mid-range systems that have another 15 million lines of code that could be afflicted. On top of that, the bank must check its 2300 ATMs, its 63 000 EFTPOS terminals and 30 000 desktop computers'. Mr Pritchard says that Australian industry must 'collaborate' because 'this is the only way we as a country will survive'(66).

Regrettably, a domestic solution limited to local government and business interests is not an option for any country in an increasingly interconnected world. But Australia's appreciation of, and response to, the Y2K issue is indicative of the kind of action that all countries will need to take in the coming months if they are to avoid or ameliorate the effects of the bug. As the reports from top government advisers above suggest, Y2K is the greatest threat to critical civilian infrastructures. (See below, p. 28ff.)

Sources of Intentional Risk

Having established a very significant unintentional threat in the form of the Y2K problem, it is now necessary to consider the hierarchy of intentional or potential malicious threats. None of the vulnerabilities discussed above will be important if there is not a significant threat posed to Australia. It must also be remembered in identifying likely intentional threats that there must be four core elements in place: motive, opportunity, capability and the willpower to execute a decision to act.

In terms of an intentional or malicious attack, the NII can be attacked in a number of ways(67). There is a lot of animated talk of 'electronic Pearl Harbours' in the mainstream information warfare literature(68). Attacks on the NII are not as easy to organise as such comments suggest, but they are a lot easier than one might imagine. It all depends on the target and the scale of attack envisaged.

Mass attack on the NII where all core systems are totally incapacitated will not be possible without detailed planning, intelligence, and highly-skilled personnel, mostly available only to advanced states. The fact is that, the foregoing notwithstanding, the incredible array of systems and their myriad interlinkages that comprise the NII provide a form of security in their very diversity. It would not be possible to completely disable these systems without detailed knowledge of their weaknesses and the location of critical nodes within and between them. Then only a well timed and coordinated strike might have a total effect.

As discussed below, the consequences of attack may increase where system redundancy has been degraded due to commercial imperatives to cut operating costs, centralise critical nodes, minimise maintenance schedules, and use common 'off the shelf' hard/software solutions. Nevertheless, mass attack is unlikely. If significant intelligence and planning assets were deployed for the purposes of mass information attack it would certainly be by a state and only in conjunction with other more traditional forms of organised violence. Consequently, existing intelligence and other defence assets should detect and give warning of an impending attack. However, in the event of military action, attacking core NII sites and information nerve centres would greatly aid strategic surprise and the aims of conventional warfare.

This does not mean that Australia is invulnerable. On the contrary, an attack on critical nodes could set off a chain-reaction that could have devastating effects for society. The most likely attack would focus on disruption of one or two key systems. Even small scale disruption of key systems, without adequate recovery plans and established information hierarchies in the event of attack, could severely affect government, commerce or society. Aside from physical attack, the easiest form of attack would be a denial of service attack. This does not require penetration of information systems (which requires password, systems, or source code cracking), but rather overloads key nodes from the outside. It is a form of data overload that overwhelms the systems' capabilities to respond, thereby affecting its internal operations as well.

 

The Tools of Info-terrorism

The most sophisticated (and consequently most difficult) form of attack is a systems penetration attack. Gaining access to systems can be a difficult and time consuming process and most high-security systems, such as those used by the military and the banks, are either 'air-gapped'(69) from external systems or are protected by technological security solutions such as firewalls. Unless one is an insider, has chipped the soft or hardware being used, or can crack or get around the firewall (and all of these have been done), it is difficult to access these systems from the outside. By de-linking systems however, one loses all the advantages of advanced networked computing, such as speedy multi-user connectivity. For some that cost is too high. Consequently, in a surprising number of cases, critically important infrastructure systems are interlinked with other systems that can be penetrated from the outside. Indeed some are specifically designed to be remotely accessed, such as the SCADA system (Supervisory Control and Data Acquisition) which are typically used in energy distribution networks, such as oil and gas pipelines.

Terrorism

These questions are further complicated in the case of info-terrorism, the second source of threat to Australia's NII after the Y2K problem. The interests of terrorists are well served by information technologies. Low entry costs, difficulties in identifying an attack and its origins (anonymity and ambiguity) and the potential for extreme chaos throughout governments, corporations and society in general, all offer rich opportunities to terrorists.

Terrorists will also be attracted to the fact that conventional notions of deterrence will be increasingly irrelevant in the context of IO as counter-targeting becomes difficult when an attacker launches an assault via a number of different national or international jurisdictions, using an anonymous or spoofed ID, and from a mobile laptop-possibly from within the country the terrorist is targeting.

Sydney 2000 Olympics

The other key opening for a terrorist act in the near future is the Sydney Olympics in 2000. A number of past Olympiads have experienced terrorism, Munich and Atlanta being just two examples. While law enforcement organisations are concentrating on physical security they do not appear to have canvassed cybersecurity issues. An attack could be mounted against Australia or more likely against another country participating in the globally televised sports extravaganza. A wide range of targets and opportunities present themselves in the Olympic context. With the world looking on and with the year 2000 computer 'bug' providing 'cover', one single large-scale act could ruin the games and profoundly damage Australia's reputation. Remember also that Australia's relatively safe past may have conditioned people to discount some more extreme scenarios and that even a small scale attack could have a lasting effect both domestically and internationally. What if a 747's Global Positioning System (GPS) and Instrument Landing System (ILS) systems were infiltrated to cause it to crash at Sydney's already limited capacity international airport? The political and psychological effect of an act of that kind in the Australian context could be catastrophic.

The Unabomber(70)

An interesting example of a highly educated, motivated, dedicated and ruthless terrorist who could have used new information technologies to great effect is the 'Unabomber'. With adequate resources to fund acquisition of a computer and modem and a profound grudge against society-a Unabomber-type terrorist could wreak all kinds of damage. Certainly they would have a motive, could seek an opportunity, easily obtain a capability, whilst already possessing the will to act. If they go undiscovered as the original Unabomber was able to do for so long, the potential implications for the society the terrorist loves to hate could be major. Such a terrorist would be capable of researching critical nodes (freely available in open sources as this paper has demonstrated) and mis-representing themselves to gain access to codes and passwords (human engineering), thereby gaining access to vital systems used to run the society against which they hold a grudge. In the age of 'down-sizing', job insecurity, government cuts to welfare as well as a range of other services (including the Universities-remembering that the Unabomber was a Harvard mathematics whiz), the potential may well exist for Unabomber-type terrorism, especially in open societies like Australia and the US when more than ever before individuals have access to and knowledge of vital NII systems and the means to attack them. It would be all the worse if the proposed Unabomber-type terrorist also happens to be the systems manager of a critically important system.

Crime

The third significant area of information operations activity is in the realm of crime. Criminals and organised crime groups have been quick to seize the opportunity afforded by new communications technologies and their rapid spread throughout society. Indeed one expert claimed in The Australian recently that 'big crime cartels are at least two years ahead of the business world in their take-up of sophisticated technology'(71). Of the four areas of potential threat identified above, crime is currently the most common area in which to find the active utilisation of IO techniques and strategies. In information operations the techniques for attacking an air traffic control system are essentially the same as those used to attack a bank. Consequently, statistics on cybercrime are valuable indicators as hard evidence does not exist for terrorist or military information warfare. Earlier this year the Office of Strategic Crime Assessments (OSCA), within the Australian Attorney-General's Department, conducted an excellent study entitled 1997 Computer Crime and Security Survey(72). The study canvassed a number of Australia's top 500 companies, government departments and other large organisations and investigated the type, frequency and kind of information attacks these organisations have experienced in the past and fear in the future. The results make for interesting reading and suggest what might be expected in the future from terrorists and the military's competitors.

The survey notes that Australian law enforcement agencies have reported significant increases in both the sophistication and number of external attacks on Australian companies in the past 18 months, a trend that is supported by AUSCERT statistics. 'Financial systems and confidential corporate data were the two most frequently attacked information types....a number of respondents...expressed concern as to the vulnerability of their financial systems to attack'(73). The survey shows the following motivations for the attacks: extortion and terrorism (10 per cent), espionage (26 per cent), financial gain (10 per cent), malicious damage (4 per cent), and curiosity (49 per cent). While the majority of attacks came from within (employees, contractors and consultants), 'the threat from outsiders is growing at an alarming rate'(74). This Australian finding is consistent with international studies. External attackers accessed information systems via the Internet (25 per cent), remote dial-in (16 per cent) and 'other' routes (19 per cent)(75). A compliance and fraud officer of a major bank estimated the cost of information attack to their organisation alone to be 'in excess of $500 000'(76).

Military Information Operations

Currently Australia faces no threat from other states in the region(77). This premise has been the basis of strategic guidance and defence planning for quite some time and there is no immediate reason to challenge this strategic convention. However, the long term trends in the Asia-Pacific region are of some concern. A pessimistic reading would focus on the end of the golden years of East Asian prosperity, creating tensions both within states and between them that, combined with large military budgets and increasingly sophisticated military arsenals, could presage a difficult and confrontational future. Already many Asian countries have been rocked by financial and economic problems unthought of a few years ago. This possibility will be compounded if current attempts to establish lasting security regimes in the region fail. There are also fears of the consequences of the rise of China and the various disputes that country has with many of its neighbours. And, if the United States were to further withdraw from the region in response to a new isolationism at home, what might the likely response be from the major powers in the region, such as China and Japan?

Information operations (IO) offer advantages to developing states. Less dependent on information systems in their day-to-day existence, their vulnerability to an attack is reduced. With freely available information on the techniques of IO and with low entry costs, IO could no doubt be an attractive option. This is compounded when one considers the spiralling costs of conventional weapons and the requisite logistic, training and support expenses of keeping those forces in battle readiness. Because they offer anonymity, IO are also compatible with the requirements of covert operations, the effects of which are deniable in an IO context. With increasing regional tensions even the smallest, least developed countries could develop the motive, opportunity, capability and the willpower to launch an IO attack. IO could be seen to offer developing states a silver bullet to overcome the asymmetries of power between them and advanced states. Unlikely as it may now appear, who knows how things might look in 2010?

IO would be a less attractive option for peer competitor states however. The consequences of attacking the financial system of a neighbour are just as likely to rebound on the attacker as they are likely to disable the defender when significant interdependencies exist between them. In addition, the systemic unintended consequences could be great and affect all manner of systems upon which the attacker depends, as well as causing friction within alliances.

Much of the writing on IO suggests that it will be used in isolation from other forms of military action. This line of argument is suggestive of some interesting parallels between early air power theory and early information warfare texts(78). Yet what would be the point of a large-scale coordinated attack on Australia's NII if it was not as a precursor to an invasion? If a major conflict was in prospect, then IO would be an excellent tool for the aggressor. Used as the first shot in a major conflict, IW would be a key element of surprise and could seriously disable core systems of the defender. This raises a number of interesting questions regarding proportionate response and escalation control in the event of an information attack. Would an assault on a country's financial system be an act of war, presuming the attack and the attacker could be identified? How might a country respond?

What action has the Australian Government taken to date?

In November 1997 the Secretaries Committee on National Security set up an inter-departmental committee (IDC), chaired by the Attorney-General's Department, to examine and report in late 1998 on the recommendations in a classified government report (the Dudgeon Report) on the National Information Infrastructure published in early 1997. The Committee comprises representatives from the Departments of the Prime Minister and Cabinet, Communications and the Arts, Defence, and from ASIO, DSD and the AFP. Recently Centrelink and DPIE joined as representatives of agencies which have no national security functions but are significantly involved in the delivery of programs requiring the handling of sensitive personal information. A sub-group has had discussions with private sector representatives in Sydney, Melbourne and Canberra on the setting up of a consultative forum for the exchange of information on security incidents and responses. The private sector representatives were drawn from the peak bodies representing financial sector, information and telecommunications industries and power utilities. While the level of participation of the private sector is reasonably satisfactory, according to the head of the IDC, Peter Ford, of the Attorney-General's Department, 'there is still a long way to go'. Participation is on the basis that all discussions are confidential. So too is the identity of the participants and the companies represented.(79)

To date the IDC has not made any recommendations to Government, nor have any substantive actions been taken with regard to the establishment of any protective measures, such as an information attack warning centre or response coordinating mechanism. The recommendations of the classified 1997 Dudgeon Report likewise do not appear to have been acted upon. While the IDC recognises the need to make high level policy decisions and for the Government to act to coordinate private-public sector responses, no action, either, appears to have been taken as yet to protect the NII from intentional attacks. It should be noted however that the IDC is due to make its recommendations to the Secretaries Committee on National Security by the end of 1998.

The Government has been more proactive on the Y2K issue. Two federal agencies have been charged with ensuring both government and business compliance respectively. In the case of the former, the Office of Government Information Technology (OGIT) has been charged with assisting federal government departments. In April 1998, the responsible Minister, John Fahey, stated that 'the most recent estimate of cost to the Commonwealth to ensure Year 2000 compliancy for mission critical systems alone is closer to $600 million'(80). OGIT claims that much of the $600 million will be funded by agencies through their running cost arrangements.

In the 1998 Federal Budget the Treasurer, the Hon. Peter Costello MP, announced a bold new initiative to tackle Y2K compliance. The decision allows immediate tax deductions for most costs relating to Y2K compliance. The Government will also legislate to provide immediate deductions for the costs of acquiring or rebuilding software provided the costs are incurred before 1 Jan 2000. In addition, Y2K R&D costs will attract a 125 per cent tax concession.

Cabinet had agreed the previous April to allocate $127 million to assist agencies remedy the problem within the Commonwealth and to raise awareness about it in the wider Australian business community. The decision to provide additional funding recognises that some agencies have far greater technical reliance and more business critical systems than others do. It will be used to encourage and accelerate existing remedial efforts in those agencies that deliver key government services.

The second initiative is run by the Department of Industry, Science and Tourism, and concentrates on assisting businesses become compliant. DIST's Year 2000 National Steering Committee was formed in September 1997 to provide high level advice on and take a lead role in coordinating Commonwealth, State and industry initiatives to raise business awareness and understanding of the Year 2000 computer issue and stimulate remedial and contingency planning action, especially by small and medium sized enterprises (SMEs). The Strategy is a joint effort between all levels of government and industry.

Serious concerns have been raised by the Year 2000 National Steering Committee regarding small and medium sized enterprises (SMEs). A March 1998 survey by the Australian Bankers Association found that although most SMEs had heard of the issue, there are serious misconceptions about the nature and potential impact of the problem. Over 40 per cent of SMEs did not plan to take any action as they did not acknowledge they could be affected. Only 25 per cent of respondents had taken any action to date, with most of it insufficient. This is despite 80 per cent of SMEs using at least one type of technology that could be affected by the Millennium Bug. Sixty per cent of SMEs have computer systems and software instrumental to the running of business. Significantly, many SMEs are overlooking the critical importance of their supply chain dependencies. It has been suggested that 10-20 per cent of companies will face financial ruin due to poorly planned or executed Year 2000 programs(81).

 

Strategies of the Year 2000 Office

The Year 2000 Office has adopted a strategic approach to underpin its Year 2000 activities on a whole of Government basis. The strategic approach includes the following activities:

: clarifying the Commonwealth's legal position;

: developing a Year 2000 Certification checklist for all agencies;

: clarifying the definition of compliance in conjunction with national and international Standards organisations;

: developing a standard Year 2000 clause for use in contracts;

: providing support to small departments and agencies in developing protocols and contract expertise;

: sharing best practice and organising awareness raising forums for government agencies; and

: liaising with the Department of Finance and Administration and industry on Year 2000 procurement issues.

The ASX, with the government backing via the Y2K steering committee, has also been involved in assessing compliance throughout Australian business. Nevertheless, responses to date have not been particularly promising and many industry and government representatives remain seriously concerned about meeting the deadline.

While all these initiatives are welcome, a significant problem remains that no-one can quantify the extent of the dilemma as it pertains to Australia and the office concerned, OGIT, has yet to make public current compliance levels within government departments due to legal liability concerns-which is in itself an indication of the seriousness of the problem.

By comparison, what action has the United States taken?

The United States has been a world leader with respect to protection of the NII. On 15 July 1996, President Clinton signed an Executive Order establishing a Presidential 'Commission on Critical Infrastructure Protection'. This was an unusually large commission with broad representation from federal departments and agencies and from the private sector. An Advisory Committee of industry leaders appointed by the President provided the perspective of the infrastructure owners and operators. A Steering Committee, composed of the Commission's Chairman and four top government officials, oversaw the Commission's work on behalf of the Principals Committee, which included Cabinet Officers, heads of agencies and senior White House staff members.

The Commission conducted extensive meetings with a range of professional and trade associations concerned with the infrastructures, private sector infrastructure users and providers, academia, different state and local government agencies, consumers, federal agencies, and numerous others.

A range of vulnerabilities were discovered in each sector of the NII. The Commission reported that 'our infrastructures have substantial vulnerabilities to domestic and international threats. Coping with increasingly cyber-based threats demands a new approach to the relationship between government and the private sector'.(82) Consequently, a national NII protection strategy was suggested, including Industry-Government liaison at local and national levels, an Information Sharing and Analysis Centre to begin the step-by-step process of establishing a realistic understanding of what is going on in US infrastructures and an Office of National Infrastructure Assurance as the top-level policy making office connected closely to the National Security Council and the National Economic Council.

Nothing of this scale, detail, profile or importance has been done in Australia. It is noteworthy that the Commission advocates the use of a monitoring and warning system, the importance of government leadership in a coordinating role and a combined industry and a whole of government approach to protecting the US NII.

What more can be done?

Until recently, it has been very hard to raise the profile of information security because it has been viewed as a technical issue, something computer managers should be aware of but not line managers, let alone those concerned about national security. But societal dependence on information systems demands that urgent attention be paid to information security. Because Australia possesses many advantages as an information economy, the response must be multi-faceted, concentrating on how best to exploit the opportunities presented in the 'information age' as well as seeking the best possible protection from the vagaries of informational dependence. The stronger and more secure Australia becomes as an information-base the more attractive it will be to investors seeking a safe and reliable space within which to conduct their business.

Because it is so poorly understood, infinite resources, human and otherwise, could be spent on attempts to secure the NII. Certainly, some key nodes identified in this paper could be hardened. However, there are four main proposals that could be easily adopted with minimal expense:

Encryption is a very contentious issue for governments, essentially because they do not want that technology 'falling into the wrong hands'. It offers a level of information protection to all that use it and the fear is that as it becomes more difficult to crack bigger keys the government will loose its ability to read what people are saying. Without going into that debate, suffice it to say that encryption can offer systems protection.

When one thinks of information security the immediate response is to think 'firewall'. However studies as well as expert opinion have shown that in many cases the most important safeguards start with simple security procedures in offices and homes, such as hiding passwords. What is really needed is a change in office culture that respects the gravity of information security demands. The best way to advance new thinking on corporate information security is through awareness programs and supplementation of training regimes that emphasise the implications of getting basic computer security wrong(83).

In the immediate future it is vital that corporate plans are developed to cope with an information attack contingency. For example, if the telephone exchanges upon which the Department of Defence relies for terrestrial communications were attacked, does Defence have a plan to prioritise its communication needs with the remaining available systems? What if in addition to communications, the energy supply from the Canberra grid were to collapse, putting further pressure on a wide range of defence systems? Is there a plan at HQ ADF that is practised regularly that prioritises the operations of the organisation so that it can still function when core energy and communications systems are degraded? The same question can be asked of the banks or any other vital part of the NII. Rather than having a solution to these problems imposed from above, information assurance plans are best designed at the organisation level. However, that does not preclude cooperation or coordination with others, either locally or internationally, on best practice in the event of a failure of a part(s) of the NII.

The principle recommendation of this paper is that the Australian Government must act to ensure protection of the country's infrastructure. Specifically, a National Infrastructure Protection Agency should be established within the Department of Prime Minister and Cabinet. It should be comprised of a Council, Warning Centre, and Secretariat. The Council's role should be to oversee the work of the agency and to make recommendations to Cabinet to ensure the security and proper functioning of the national infrastructure. Membership should be open to Government Ministers and senior representatives of the corporations that operate the infrastructures concerned. The Warning Centre, the core of the organisation, should be a nation-wide government and non-government voluntary monitoring system that can detect and trace any irregularities in the operation of the infrastructure, once system-wide benchmarking has taken place. It is envisaged that the Secretariat should have a very small staff, drawn from existing agencies with a contribution to make in infrastructure protection.

There is a trade-off between diversity and connectivity in information systems. Diversity in information systems equates with security, however it also complicates monitoring activity within a system and across the interconnections between systems. Because information attacks are potentially anonymous and ambiguous, a monitoring function is vitally necessary. It is proposed that a monitoring organisation be developed with the cooperation of all those involved in the NII, as the security-oriented backbone of a National Information Policy (NIP) that seeks to exploit Australia's advantages as an emerging information economy.

This core organisation would benchmark existing systems, and monitor, on an anonymous basis, any suspicious activity. On discovering a flaw in a system or the evidence of a threat, the organisation would notify users to whatever problem was encountered and develop solutions to overcome the attack. Anonymity in reporting events would be vital for commercial and military confidence to be maintained.

We stand on the threshold of a new era, where conventional approaches to new problems and opportunities are unlikely to be adequate. In this context, the response to the new era must incorporate both government and private enterprise interests and must be formed both locally and internationally.

The need for such an organisation is recognised by the officials responsible for assurance of the NII in the Attorney-General's Department, who argue that at a minimum, Australia needs:

some central repository of information on incidents that have taken place; otherwise... there would be no way of knowing whether security is adequate. Similarly, if the information remains distributed we need a mechanism for informing organisations of the latest threats and security techniques(84).

Overseeing the work of the organisation would be a committee comprised of representatives of the participating businesses and government agencies whose role it would be to develop recommendations to Government on regulatory strategies to enhance the security of the NII. The Government conduit would preferably be a Cabinet-ranking Minister. It would not be preferable, nor necessary, to create a new ministry for this purpose. Rather, the role should be delegated to an existing portfolio, such as PM&C, which would be a natural base due to its whole-of-government focus.

Likewise, the monitoring organisation need not be invented. A pre-cursor organisation already exists in the form of AusCERT (the Australian Computer Emergency Response Team). AusCERT provides a centre of expertise on network and computer security matters, it:

It would be appropriate to build on the AusCERT experience and knowledge when thinking about a government coordinated monitoring and warning agency. Indeed it may be that AusCERT could be the best organisation to perform this important function, with government backing.

Superficially, one might suspect that various competitors would not be enthusiastic about participating in such a scheme. In exchanging information they could also be exposing their position. However, the initial trends suggest that most of the organisations at the heart of the NII realise that coordination will be vital to both their individual interests as well as those of the group. Indeed, never was security so mutually dependent as in the realm of information technology. As the OSCA survey demonstrates, when anonymity is assured, participants are eager to learn from each other's experiences. The OSCA research is particularly compelling as it draws on both corporate and government examples and demonstrates that the two groupings are willing to work together on this vital issue.

To date, while a number of organisations in Australia already realise the pressing importance of the security of the NII, none of them has been given the resources or the authority to do anything about the problems that already exist. Many interested government agencies are located within traditional security circles (such as DSD, ASIO, PSCC etc.), whose interest in protecting the NII tend to generate suspicion in other agencies or outside. A problem also exists in the fact that securing the NII straddles commercial-government and inter-agency responsibilities. No one can decide who should be responsible. While suspicions surround the role of the intelligence agencies, in some respects they are best placed to cope with the technical issues involved. However, as almost every expert will agree, solutions to many of the problems concerned have a human as much as a technological basis. Notwithstanding this, members of the government agencies interviewed by the author have all noted that until a major catastrophe occurs the government is unlikely to divert much attention to protecting the NII. Australia can not afford to wait for a major event, say at the 2000 Olympics, to galvanise the Government into action.

As a vital link in the GII, an approach that focuses solely on the Australian context in isolation from the international picture will be sorely inadequate in the face of global developments. Consequently, based on a robust domestic National Information Policy (NIP), Australia could take a leading role in international negotiations designed to coordinate common strategies regarding the use and abuse of new communication technologies.

As mentioned above, these security issues should be part of a comprehensive NIP that seeks to build on Australia's various advantages as a potential niche information competitor nation. Indeed, as an open society with an excellent infrastructure, an educated workforce, a stable economy, currency and polity, with strong trading and commercial relationships in the region and beyond, Australia has much to recommend itself to the world in the coming 'information era'. Security of the NII could act as a multiplier to these extant advantages. Investors and companies are bound to be attracted to places where commerce can flourish in open and secure environments.

Conclusion

As an example of a typical OECD state, Australia is vulnerable to information attack. There are many exposed critical nodes in key elements of the National Information Infrastructure (NII) that could be exploited merely by the mischievous or, more seriously, by aggressors. Interdependence between systems, such as telecommunications, energy, and financial networks, as well as a general dependency in modern life on information systems, present new challenges to a wide range of government and corporate authorities. Criminals and organised crime syndicates already utilise weaknesses in the NII at a significant and growing cost to society. There are grounds to believe that potential threats to the NII exist which are likely to increase in time as terrorists and aggressive states seek to exploit new technologies that can cripple societies while permitting a degree of anonymity to the attacker. Nevertheless, there is a range of strategies that can be adopted to protect both specific units as well as the system that comprises NII. Some are quite simple solutions, others require more coordination but they do not have to be prohibitively expensive. A comprehensive strategy for Australia which seeks to build on its strengths as an information economy, complemented by making its NII more robust, would be a good starting point to enable Australia to successfully engage in the economy and society of the new millennium.

Endnotes

  1. Office of Strategic Crime Assessments, Computer Crime and Security Survey (1997), Canberra, para. 4.09.
  2. The exact cause of each failure has not been made public as of 04/06/1998. However, as the fictitious news story was attempting to suggest, aggressive attacks are now just as plausible as technical failure.
  3. John Fahey, Press Release, 24 April 1998.
  4. 'Battlespace' replaces 'battlefield' as modern war conducted by advanced industrialised states is in 3 dimensions. The military now operates from below the sea to beside the stars and over great expanses of the earth's surface. The objective of battlespace dominance is to control not only land, sea and air, but space and cyberspace-the latter an artificial 'space' where both concepts and systems are up for grabs. It is in this sense that some RMA enthusiasts refer to warfare in 5 dimensions. One of the problems with this conceptualisation is that it is not well designed to overcome problems in asymmetric conflict-where an ill-equipped and poor adversary may not be susceptible to a computer attack because the most advanced forms of military technology they need are a machete and AK-47. The Vietnam and Afghanistan conflicts, as well as more recent events in Somalia, suggest the potential problems with over reliance on technology as a substitute for political solutions or sound security policymaking.
  5. I am grateful to Dr Jerry Everard of the Defence Intelligence Organisation for this use of the term RMA. In fact as some recent studies have shown, in past conflicts where roughly comparable technologies were available on each side, those that revolutionised their command structures and operational plans were those most likely to succeed. See A. Krepinevich, 'Cavalry to Computer: The Pattern of Military Revolutions', The National Interest, Fall, 1994.
  6. It is significant that at the outbreak of WWII the allies had roughly comparable numbers of tanks, aircraft and radios, to the Germans. However, the development of new organisations and strategies to best utilise these formations gave the Germans a decisive advantage.
  7. E. H. Carr, The Twenty Years Crisis 1919-1939, Macmillan, London, 1939. E. H. Carr, Conditions of Peace. Macmillan, London, 1942 and E. H.Carr, Nationalism and After. London, 1945.
  8. For an extended analysis see A. C. Cobb, The Evolution of the Concept of Security Since WWII Among Western International Theorists, Unpublished PhD thesis, Cambridge University, 1996. Held in Parliamentary Library, Folio No. 3768 c.1.
  9. See for a US example the 15 July 1996 US Executive Order 'Establishment of President's Commission on Critical Infrastructure Protection Commission'.
  10. TransGrid was formed as a government body on 1 February 95 under the Electricity Transmission Authority Act 1994. Its chief functions are to 'manage, operate, control and maintain the State's Electricity network' TransGrid Charter, TransGrid Annual Report 1996, Sydney.
  11. TransGrid was formed as a government body on 1 February 95 under the Electricity Transmission Authority Act 1994. Its chief functions are to 'manage, operate, control and maintain the State's Electricity network' TransGrid Charter, TransGrid Annual Report 1996, Sydney.
  12. TransGrid Annual Report 1996, Sydney, p. 20, emphasis added.
  13. This and all other maps are printed with permission and are copies of maps found in Cobb.A.C., 1997, 'Australia's Vulnerability to Information attack: Towards a National information Policy", SDSC working paper #310.
  14. Optus, Industry Development Report 1996, an Optus Communication Publication, p. 4
  15. See Telstra, Broadband Bearer Network Australia Map, 1996 produced by the National IDN Region Capacity Planning Centre in Melbourne. Optus might provide some terrestrial redundancy but to date it is quite minor compared to the Telstra operation.
  16. See D. Ball, 'The Use of the Soviet Embassy in Canberra for Signals Intelligence (SIGINT) Collection', SDSC Working Paper No 134, 1987.
  17. INMARSAT complements INTELSAT and was established in 1979 to service maritime, aviation and land-based mobile users. See Optus, Satellite Information, Optus publications, 1996.
  18. Although this will change post-July 1997 when Optus' legislated monopoly expires.
  19. Optus-B2 was destroyed at launch (21 December 1992), leaving B1 and B3 in service.
  20. See W. Hope, 'Satellite Communications in Australia', in D. Ball, and H. Wilson, Australia in Space, Canberra papers No. 94, 1992, p. 165.
  21. Optus, Satellite Information, op. cit., p. 10.
  22. ibid.
  23. Other bodies regulate the credit unions and securities, such as the Australian Financial Institutions Commission (credit unions), Australian Securities Commission (securities), and the Insurance and Superannuation Commission.
  24. Bank for International Settlements, Payments Systems in Australia, Bank for International Settlements, Basle, 1994, p. 22.
  25. ibid., p. 22.
  26. Linklater, J., 1992, Inside the Bank: The Role of the Reserve Bank of Australia in the Economic, Banking and Financial Systems, Allen and Unwin, Sydney, p. 196.
  27. Bank for International Settlements, 1994, Op cit, p. 7.
  28. ibid., p. 13.
  29. ibid., p. 10.
  30. ibid., p. 16.
  31. ibid., p. 22.
  32. ibid., p. 21.
  33. Clearing House Automated Payments System.
  34. Clearing House Interbank Payments Systems.
  35. Society for World Wide Interbank Financial Telecommunication.
  36. J. Linklater, 1992, op. cit., p. 202.
  37. See 'White Hacker', The Australian, 30 September 1997, p. 53.
  38. See F. Corr, and J. Hunter, 'Worldwide Communications and Information Systems', IEEE Communications Magazine, October 1992, p. 61; and 'SWIFT Rolls Out Security Package', Banking World, March 1994, p. 31.
  39. SWIFT Annual Report, 1995, p. 33, quoted in T. Manzi, Financial Warfare: Assessing threats to the US Financial Infrastructure, Unpublished thesis, Faculty of the US Joint Military Intelligence College, 1996.
  40. See Bank for International Settlements, 1994, Op cit, passim.
  41. Example arose in discussion with ANZ officials, 16 August 1997.
  42. The Bondi computer is the backup for all the other operations, in addition to shadowing Bond Street.
  43. Interview with author, Thursday 10 July 1997.
  44. M. B. Greenlee, 'Communications Security Standards', in J. W. Conard, ed, Communications Systems Management, Boston, Auerbach Publications, p. 213.
  45. See the Hon. Kim Beazley, The Defence of Australia 1987: A Policy Information Paper, Australian Government Publishing Service, Canberra, 1987.
  46. D. O'Neill, 'An Australian Defence Satellite Communications Capability', Australia and Space, Edited by D. Ball, and H. Wilson, Canberra Papers No. 94, SDSC, Canberra, 1992 p. 186. O'Neill now heads strategic Information Operations for the Australian Defence Force.
  47. ibid., p. 190.
  48. ibid., p. 191.
  49. Although new technologies are coming onto the military market that enable HF to be configured to carry multi-band transmissions.
  50. ibid., p. 202.
  51. The frequency spectrum is divided alphabetically and 'Ku' refers to one set of wavelengths often used in satellite transmissions.
  52. ibid., p. 213.
  53. B. Middleton, Space in Australia's Defence, Launchspace, April, 1998, pp. 44-5.
  54. ibid.
  55. Discussion with Prof D Ball, 25 September 1996.
  56. Middleton, op.cit., pp. 44-5.
  57. See D.O'Neill, 'An Australian Defence Satellite Communications Capability', op. cit., pp. 218-220.
  58. A. Wrigley, The Defence Force and the Community: A Partnership in Australia's Defence, Australian Government Publishing Service, Canberra, 1990.
  59. Royal Australian Air Force 1998 Air Power Conference, 30-31 March 1998.
  60. 'Doomwatch warns of millennium meltdown', The Sunday Times, re-printed in The Australian, 14 April 1998, p. 1.
  61. 'Millennium bug threatens to detonate or destroy nukes', The Sunday Times, re-printed in The Australian, 16 March 1998, p. 7.
  62. ' Global leaders brace for casualties', The Australian, 7 April 1998, p. 1 Y2K special section.
  63. 'The world according to Richard Humphry', The Australian, 7 April 1998, pp. 56-7.
  64. 'Computer crash', cover story, (Australian) Business Review Weekly, 23 March 1998, pp. 40-8.
  65. 'Olympics threatened by Y2K', The Sunday Telegraph, 22 March 1998, p. 1.
  66. ' Global leaders brace for casualties', The Australian, 7 April 1998, p. 1 Y2K special section.
  67. For more detail see the glossary.
  68. See for example, Winn Schwartau, Chaos on The Electronic Superhighway.
  69. Air-gapped means simply that the systems are not connected to other systems (such as the Internet).
  70. The Unabomber (Theodore Kaczynski) was notorious in the United States for 17 years for sending parcel bombs that killed a number of people. He had a manifesto published that railed against society and presented his 'reasons' for seeking to destroy it. He was finally arrested in 1996 after a tip-off from his brother.
  71. T. McIntosh, 'Forum to tackle hack attacks' The Australian, 30 September 1997, p. 33.
  72. Office of Strategic Crime Assessments, Computer Crime and Security Survey (1997), in-house publication, Canberra, footnote 5. On AUSCERT statistics see AUSCERT Security Services Newsletter 1:1, April 1997.
  73. ibid., para. 4.09.
  74. ibid., para. 4.04, see also the web page of the President's Commission on Critical Infrastructure Protection, http://www.pccip.gov/
  75. ibid., para. 4.10
  76. ibid., para. 4.14
  77. See for example, Minister of Defence, Australia's Strategic Policy, Department of Defence Monograph, 1997.
  78. See D. MacIsaac, 'Voices from the Central Blue: The Air Power Theorists', in P .Paret, ed, Makers of Modern Strategy: from Machievelli to the Nuclear Age, Princeton, PUP, 1986.
  79. Peter Ford, 'Protecting the National Information Infrastructure', Australian Defence Headquarters Symposium, 12 May 1998, Information and Security Law Division, Attorney-General's Department.
  80. Press Release, 24 April 1998.
  81. Information supplied to the author direct from the steering committee executive.
  82. Executive summary, Final Report of the President Commission on Critical Infrastructure Protection, October 1997, p. x.
  83. At an information warfare conference at the Australian Defence Force Academy, a senior defence information security expert noted that if more people practised office procedure for hiding information then a significant amount of security violations would be reduced.
  84. Peter Ford, 'Protecting the National Information Infrastructure', Australian Defence Headquarters Symposium, 12 May 1998, Information and Security Law Division, Attorney-General's Department.

Appendix 1

The Law and Possible Legislative Action

Applicable law

Laws prohibiting attacks against aspects of the NII include:

Suggested Legislative Changes

  1. Legislation could be amended to allow an 'approved person' to access telephone records when lawfully investigating a 'hacking type offence'. For the purpose of the legislation, an 'approved person' could be a civilian or other person who has satisfied strict ethic and criminal criteria, and who is involved in the investigation of these types of offences at a civil level. At present, only law enforcement personnel can access these records. Only a small percentage of computer hacking cases are however referred to law enforcement.

  1. Legislation be amended, at both State and Federal level, to allow the prosecution of persons who are in possession, without lawful excuse, of 'access device material'. For the purposes of this legislation, 'access device material' would include data which could be used to facilitate hacking activity, such as credit card numbers; telephone calling card numbers; company password files, etc.

This legislation could be expanded to specifically legislate against the trade in this sort of data. The aim of this legislation would be to deter those who trade in this sort of material.

3. That the current legislation at a state and federal level be amended so that the 'copying data', be included in addition to 'insertion or deletion' of data as a serious offence. At present, insertion and deletion carry a 10 year penalty, however it can be the case that copying of data (particularly commercial information) can have more serious implications. In cases were offenders have unlawfully entered a computer system, and copied commercial material, they are usually charged with a lesser unlawful access offence.

4. Legislation could be considered in relation to allowing law enforcement personnel to execute covert electronic search warrants. In effect, this would be 'lawful hacking'.

5. Consideration should be given to discussing ways in which legislation should be implemented/changed to allow the investigation of offences that are multi-jurisdictional. This is particularly important when considering the need to investigate offences that may have originated in Australia, but eventually were committed in another country. By having legislation in place, coupled with the establishment of some sort of 'working party' tasked with providing a liaison between the different jurisdictional authorities, Australia will be well placed to combat computer crime within the country, as well as those which will eventually take place in another country(1).

Appendix 2

Checklist of Systems at Risk

Air Circuit Breakers

Air Conditioning Systems

Answering Machines

Automatic Voltage Regulators

Battery Chargers

Building Management Systems

Building Security Alarms

Cash Registers

Closed Circuit TV

Communication Coupling Modules

Communications

Compressed Air Systems

Continuous Emissions Monitoring Systems

Controllers (PLCs etc)

Converters

Conveyor Control Systems

Data Acquisition Systems

Data Loggers

Data Readers for Electronic Metering

Detectors

Diagnostic Systems

Digital Read-outs

Distributed Control Systems

Electronic Control Systems

Electronic Metering

Elevator Controllers

Facilities Management Systems

Facsimile Machines

Fire Detection and Protection

Flow Meters/Systems

Fuel Card Systems

Gas Chromatographs

GAS Metering

Generation Units

Generator Condition Monitoring

Generator Protection Systems

Generator Sets

Geological Monitoring Systems

Global Positioning Systems

Governors

Governors-Generating Sets

Industrial Alarm Systems

Laboratory Analytical Equipment

Lighting Systems

Manual Handling Equipment

Medical Equipment

Meteorological Equipment

MIL Key Systems

Mobile Phones

Modems

Monitoring Systems

Motor Protection Control

Network Routers

PABX Systems

Personal Organisers

Personnel Paging Systems

Photocopiers

Photographic Equipment

Postage Franking Machines

Radio Communications

Reclosers

Recorders

SCADA

SCADA RTU

Security Monitoring Systems

Scientific Calculators

Smart Metering

Smart Transmitters/Positioners

Stacker/Reclaimer PLCs

Stock Control Systems

Street Lighting Controls

Telephones

Time Clocks/Time Recording Systems

Timers

Traffic Control Systems

Uninterruptable Power Supplies

Variable Speed Drives

Vehicle Engine Management Systems

Video Cameras/Recorders

Voicemail Systems

Voltage Regulators

Weigh Control Systems

Wind Speed and Direction Systems

Wind Turbine Controls

Word Processing Software

 

Glossary

ADF-Australian Defence Force

AO-Area of Operations

ASX-Australian Stock Exchange

ATM-Automatic Teller Machines

AUSCERT-Australian Computer Emergency Response Team

Back doors-secret access built into programs and/or systems that allow creators undetected access.

BITS-Bank Interchange and Transfer System

Cancelbots-automated search program capable of searching for certain postings and cancelling on-line assess to them.

Chipping-the production of computer chips and other components vulnerable to destruction by designing built-in weaknesses.

Cookies-tiny bits of data that track a user through the Internet monitoring destinations and time spent there. Electronic footprint.

Cryptology-encompasses both cryptography and cryptanalysis. Major issue in the US-Netscape is classed as munitions and sophisticated encryption systems are freely available.

DII-Defence Information Infrastructure

EFT-Electronic Funds Transfer

Embedded chips-independent computer chips that operate within all manner of non-computer machines and systems. For example, home video machines use embedded chips to operate their clock and operating mechanisms. Embedded chips tend to be stand-alone devices that assist or control other devices.

EMP Bombs-Electro Magnetic Pulse bomb-could burn out the electronics systems with in a certain range-similar to that experienced during a nuclear detonation. They operate under the same principle as HERF Guns; however, they are a thousand times more powerful. Imagine the bombing of the World Trade Centre in NY with an EMP bomb!

FLTSATCOM-Fleet Satellite Communications (US)

Flying Dutchman-Named for the legendary ghost-ship, a Flying Dutchman is a freeloader that manages to become effectively immortal, without paying for the resources that it uses to survive. A Flying Dutchman may move from host to host, never quite using enough resources to be killed; it may spawn a copy of itself on another host just before it is terminated, ensuring an unending gene-line.

Freeloader-A freeloader is a program that uses some system or server resources to survive and possibly benefit its creator, without paying for them. Servers may provide some minimal service free, in order to attract paying customers, or unintentionally, as an unintended effect of complex cost structures; there may be ways to arrange for some transaction charges, especially small ones, to be lost in the shuffle. A freeloader exploits these sorts of things to operate free of charge.

GII-Global Information Infrastructure

GPS-Global Positioning Satellite System

HERF Guns-High Energy Radio Frequency-direct a blast of high energy radio radiation at a pre-selected target.

HQADF-Headquarters Australian Defence Force

IDC-Interdepartmental Committee

ILS-Instrument Landing System

INTELSAT-International Satellite network

IO-Information Operations

IW-Information Warfare

Logic bombs-Virus that infiltrates a system anonymously and waits until a pre-set trigger sets it off to destroy the system.

Microbes-in the same way micro-organisms eat garbage, some Pentagon officials believe that microbes can be bread to eat electronics and computer components.

NII-National Information Infrastructure

Node-a link, terminus, or choke-point in a communication system, computer network or energy distribution system.

OSCA-Office of Strategic Crime Assessments

OGIT-Office of Government Information Technology

RAN-Royal Australian Navy

RBA-Reserve Bank of Australia

RITS-Reserve Bank Information and Transfer System

RMA-Revolution in Military Affairs, Revolution in Management Affairs

SATCOMs-Satellite Communications

SCADA-Supervisory Control and Data Acquisition System

SME's-small and medium sized enterprises

Sniffers-allows collection of sensitive data like passwords and codes to gain access to all systems without being detected.

Spoofing-similar to military techniques but designed for computer systems-(web spoofing-shadow web site 'In the worst possible case, a criminal could use a false Web site to discover passwords and account numbers, assume the victims' identities, possibly defraud them or merchants, or access or modify victims' private data' Edward Felten, Prof computing science Princeton (Australian 12-13 April 1997, pp. 1 and 6).

SWIFT-Society for Worldwide Interbank Financial Telecommunication

Trojan Horses-program that enables the user to gain entry to the system that it penetrates. Unlike a virus which multiplies itself thousands of times, as in its original sense a Trojan horse is designed to gain access to systems without detection. A Trojan horse concealed in a random game program downloaded from your favourite newsgroup can read any file you have read access to, and mail it anywhere in the world. It can erase, or just shuffle around a few bytes in, any file you can write to. It can send obscene messages to the White House, or post embarrassing things to random newsgroups.

Van Eck radiation-all electronic equipment emits radiation. Specialised receivers can intercept this radiation and tap into a wealth of data. There are effective counter-measures available.

Video morphing-Psyop technique where a video or televised image is manipulated to present something that has not happened. For example, in the film Forrest Gump, the hero is shown interacting with several past President's of the United States as if they had been filmed meeting in real life. In morphing, the characters can be made to do or say just about anything.

Viruses-programs that infect systems and cause damage. They are usually hidden within safe looking programs. Marco virus sequence of commands that, once loose within the system, can destroy it or shut it down.

Worms-Program that infests a network environment and exponentially multiplies itself thereby using larger and larger amounts of memory and disk space until it brings the system to a halt. There is no hard line between viruses and worms; in general, if the spreading entity is a self-sufficient program, it will be called a worm, whereas if it embeds itself inside other programs or boot code, it will be called a virus.

Y2K-Year 2000 (or Millennium bug)

Endnotes

  1. Legislative suggestions proposed to the author by ex-federal and state police officers dealing with IT crimes, now working at Network Security Management (Australia) Pty/Ltd.
  2. Document supplied to the author by OGIT.

 

Parliament Home Library Home Index Search Site Map What's New top


© Commonwealth of Australia