Web 2.0
Web 2.0 is the term given to the second generation of internet technology. Where web 1.0 was limited to online broadcast and point-to-point communication, web 2.0 enables interactive communication and collaboration with an emphasis on social interaction.
Multimedia utilising web 2.0 technology has been adopted for use in a variety of circumstances, including use by governments to enhance engagement with citizens and by digital economies as a new marketing platform.
The latest social networking trend, Twitter, has been hailed for its benefits to business, eg from encouraging involvement with customers to building an online presence and protecting brands. Twitter is also used by journalists, politicians and the public, and has become a serious tool for researchers. However, the increasing reliance by web 2.0 on personalised data and personal interactions has given cyber-crime economies a new operating platform from which to conduct their extensive identity theft and fraud networks.
Cyber crime and associated risk
The Report draws on a number of Australian and international reports and submissions concerning cyber security. Some of the cyber crime scenarios and risks identified include:
- phishing: fraudulent emails used to gain access to personal information for illegal purposes;
- social networking sites: such as instant messaging, peer-2-peer and web 2.0; eg the harvesting of personal information shared for use in identity fraud;
- denial-of-service (DoS) attacks: on corporate or government systems causing loss of productivity and critical data;
- malicious software (malware) and viruses: computer programs designed to cause undesirable effects on computer systems (eg DoS attacks). Malware is often combined with social engineering techniques, aimed at convincing users to do things they otherwise would not (eg Facebook applications);
- smartphones and multimedia messages: eg advanced capabilities such as Bluetooth increase the risk of infections from malware or viruses and for personal information to be stolen for unlawful purposes; and
- bots and bot neworks (botnets): mechanisms used by hackers to infect and remotely command multiple computers for a wide variety of purposes, eg to launch attacks on high-profile websites. Social networking sites such as Facebook and Twitter have been used to command 'botnet' armies of infected computers.
Statistics show that half of online Australians have no up-to-date online security mechanisms, such as firewalls or anti-virus protection. This is of particular concern considering the ever-increasing interconnectedness found in the age of high-speed broadband, that is the convergence between the personal and home security of individuals and the security of major institutions and processes, such as financial institutions and government.
Intending vendors of the National Broadband Network should be particularly aware of the high-level of risk these conditions present. Centralised computer systems also face attack and are vulnerable to online terrorist attacks. This deems cyber security a growing national concern, considering the threats posed to Australia's economic interests, integrity of public information and systems and the wellbeing of the public.
E-security policies
Commentators argue that the growth in cyber crime techniques have not seen corresponding security actions. Furthermore, the ability of law enforcement to investigate and prosecute individuals involved is made difficult by the trans-national nature of the technologies used to commit cyber crime.
Australia announced new e-security arrangements in 2009 to tackle online security threats. The Cyber Security Strategy created a new Computer Emergency Response Team (CERT) to provide cyber security information and advice to all Australians. The strategy also brought together a number of Australian Government agencies to perform various roles, including the Attorney-General's Department (AGD) as the lead policy agency for e-security and the Australian Communications and Media Authority to gather evidence and ensure ISPs and carriers are meeting their regulatory obligations.
The Report also briefly considers the development of cyber security policy in the US, UK and Europe. It comments that UK government capabilities and policy developments are more in line with Australia than in the US (with the UK program of work almost identical to that in the AGD).
Policy outlook
The Report states the need to balance ICT security, performance and privacy when formulating e-security policies. This should be achieved by engaging all stakeholders, not merely policy makers. Online security is largely a technical issue, in that the various techniques of risk analysis used in security assessment have weaknesses and vulnerabilities that may not always be apparent to policy makers. As such, technical considerations will need to be addressed in addition to jurisdictional boundaries, identification aspects and policy linkages.
There have been calls for Government to require ISPs to act to protect users in the same manner as a bank would when protecting accounts and personal details. Policies must also recognise events overseas, given the global and instant nature of the internet.
The ultimate message appears to be that the hype surrounding the adoption of web 2.0 by Australian industry, government agencies and the general populace has not been tempered with appropriate e-security measures, and as such more efforts are required to "assuage the twitter risk".
---
Autor(en)/Author(s): Emma Carroll, David Wenck
Quelle/Source: Lexology, 30.04.2010
Bitte besuchen Sie/Please visit:
