15 September 2011

Cyber White Paper

The Australian Government has released a 38 page public discussion paper [PDF] as part of development of the Cyber White Paper.

That White Paper will
look at how Governments, businesses and individuals can realise the full benefits of cyberspace while at the same time ensuring current and emerging risks can be managed. ... The Cyber White Paper will cover a broad range of areas including consumer protection, cyber safety, cyber crime, cyber security and cyber defence.
The discussion paper "invites submissions on a range of issues regarding the importance of cyberspace to Australia's social well-being, economic prosperity and broader national interests".
The Public Discussion Paper is your opportunity to tell the Government what you think are the key opportunities, priorities and challenges in cyberspace. The Discussion Paper is intended as a 'conversation starter', designed to allow all Australians to participate in an open discussion on how we can jointly develop a vision that optimises Australia's digital future and allows Australians to connect with confidence.
The White Paper exercise is promoted with the statement -
With the rollout of the NBN gaining pace, Australians will become even more connected with the benefits of cyberspace.

Given the importance of the internet to Australia's economic prosperity, we must ensure people continue to embrace the tremendous opportunities cyberspace offers.

Globally, cybercrime has already overtaken the drug trade as the most profitable form of all crimes.

Cyberspace is a shared domain and no single nation can address the security challenges alone.

The White Paper will allow us to provide an even stronger input into international efforts to fight cybercrime and ensure cyber security across borders.

The Department of the Prime Minister & Cabinet is leading development of the Cyber White Paper, which is expected to be released in the first half of 2012.
Submissions will be open until cob 14 November.

Overall the discussion paper is bland. In relation to "privacy and identity security" it states -
How we think about the online environment has clear implications for our understanding of the levels of privacy we are afforded when online. Many of us consider that because we might use an Internet-connected device in the privacy of our own home, then we are also afforded that same privacy online. However, in reality any information stored on an Internet-connected system is vulnerable to a broad range of malicious parties including cyber criminals. Further, the storage of citizens’ private information is now often outsourced to third parties by traditional holders of information, such as doctors’ surgeries and banks.

Consequently, the confidentiality of an individual’s information is contingent not only on the security practices of the individual, but also on the security practices and awareness of the institutions holding their data. This further highlights the shared responsibility governments, businesses, NFPs and individuals have in ensuring a secure and trusted online environment.

In an era where our online identity is central to accessing information and services, ensuring the integrity of that identity is increasingly important. The loss or compromise of our online identity can have wide-ranging implications, including financial loss, emotional distress and reputational damage.
The paper offers a series of "key issues and questions" -
Issue: A growing portion of our lives and civic experience is conducted in the online environment. This environment has a unique set of characteristics, including anonymity, and allows people to interact socially unhindered by geographic distance.
• Question: How can we promote a concept of digital citizenship, reach agreement on acceptable online behaviour and encourage people to assume greater responsibility for that behaviour?

Issue: The online environment can create a sense of dislocation from our actions; the ability to act anonymously online can embolden bullies and sometimes abusive, offensive or illegal behaviour can go unchecked.
• Question: How can governments, the private sector, the NFP sector and the broader Australian community work together to promote responsible and accountable digital citizenship and reduce harassing and malicious online behaviour?

Issue: Children and young adults are prolific users of social networking sites and as a result can be exposed to a range of online risks, including abusive behaviour.
• Question: How can we help carers and parents to appropriately supervise young people and minimise these online risks?
• Question: How can we promote social responsibility and encourage young people to protect themselves and each other by speaking out against cyberbullying?

Issue: Social networking sites are almost entirely facilitated by the private sector. Although many of the larger sites have some capacity to monitor and limit abusive behaviour, some others do not.
• Question: How can the owners of social networking sites be more engaged in meeting community expectations that their platforms will not be used for abusive or illegal activities?

Issue: Social networking sites and increased social connectivity provide increased opportunities for people to collaborate, share ideas and produce socially valuable outcomes.
• Question: What new and innovative opportunities do social networking tools provide to improve the social wellbeing of Australians?
• Question: How can NFPs ensure the security of online fundraising activities conducted through social networking sites?

Issue: Governments are progressively implementing online services in response to community expectations. However, many individuals do not trust their private data will be appropriately managed.
• Question: How can governments improve citizens’ and businesses’ trust that their private data will be secured and only used for agreed purposes?

Issue: The digital economy presents both wide-ranging opportunities for increased productivity and innovation across the Australian economy and the risk of the loss of sensitive commercial data.
• Question: How can small business awareness of commercial online opportunities be balanced with awareness of potential online risks and mitigation strategies?
• Question: How can governments, industry, NFPs and consumer groups boost consumers’ confidence to engage in e-commerce?

Issue: Industry and governments need to strike the right balance between improving awareness of and protecting against cyber threats, while also encouraging consumers to take advantage of the benefits of the digital economy.
• Question: How can governments and the private sector continue to build and maintain confidence in the digital economy while also raising awareness among consumers and small businesses of the nature of cyber threats?
• Question: How can we improve and encourage the reporting of data breaches in Australia?
• Question: How can e-businesses more effectively work together to develop a self regulatory feedback system that provides a way of sharing their experiences with other online traders?

Issue: Police resources are finite and cyber crime investigations are inherently time and resource intensive. Consequently, the growth in cyber crime activity poses significant challenges to Australia’s state and territory and federal police services.
• Question: What does the Australian public expect from policing and consumer protection agencies in relation to preventing and investigating cyber crimes?

Issue: One of the primary impediments to e-commerce is consumers’ fear their financial or personal details may be at risk when conducting business online. Anonymity will remain a key part of the Internet, but trust and confidence in the digital economy may be undermined if people’s financial and personal details remain at risk of being stolen by criminals.
• Question: What options are there for increasing consumers’ trust in conducting business online?
• Question: How can consumers be encouraged to take more responsibility to protect their information?
• Question: What are the options for broadening industry’s efforts to provide customers with a greater level of trust and confidence in the security and privacy of their online transactions?
• Question: What information would help consumers and small businesses better protect themselves and enhance their trust and confidence online?

• Question: What do consumers and small businesses expect from their Internet Service Providers (ISPs), software and hardware providers and the government to assist them to maintain or enhance their confidence online?
• Question: How can governments and industry work together to make Australia a difficult place for cyber criminals to target?

Issue: Damaging criminal activities are often aided by the use of botnets, built as a result of many individuals unwittingly operating virus-infected computers. The AFP estimates that the overall risk of cyber crime to the Australian economy is more than a billion dollars a year. This is likely to grow substantially as Australia’s digital economy expands.
• Question: What are the options for limiting the collective economic and societal costs of widespread individual security lapses?
• Question: What role do individuals, businesses and, more specifically, ISPs and large online companies, have in limiting the collective harm compromised computers have on the Australian economy and to the broader wellbeing of the Australian community?

Issue: The effects of cyber crime and scams often extend beyond the immediate financial impacts. Many instances of online crime go unreported, so the full extent of the problem is not known.
• Question: How can Commonwealth and state and territory governments encourage victims to report incidences of cyber crime and scams and better assist them with support and advice?
• Question: How can Commonwealth and state and territory governments obtain the information and data required to form a more precise assessment of the extent of the economic and social harm caused by cyber crime?

Issue: Small businesses often lack access to the security controls employed by government or other larger enterprises, yet consumers expect small businesses to secure their data and transactions appropriately.
• Question: How can government, ISPs, financial institutions and small businesses collaboratively create an environment where small businesses are empowered to operate in a safe and secure manner online?

Issue: Much of the public discussion on cyber threats and risks to date has focused on national security issues. This important dimension has inadvertently hidden the reality that at its most basic level, security and safety online is reliant on the awareness of individuals. As a result, many businesses and consumers are not as mindful of cyber threats as they could be.
• Question: How can the Commonwealth, states and territories and industry effectively communicate the interdependent nature of individual and national cyber security? How can the importance of individual behaviour be highlighted in creating a secure,
trusted and resilient online environment for all Australians?
Question: How can citizens better protect themselves from cyber threats?
• Question: Are individuals adequately aware of cyber threats and the steps they should take to protect themselves? If not, why not?

Issue: The attractions of the Internet in terms of openness, access to information (of all qualities) and informal governance are also creating tensions with traditional government responses to community interests.
• Question: What model of Internet governance is in the best interests of all Australians?
• Question: How can we get the right balance between Australia’s social, economic and security needs when developing an Australian vision for the online environment?

Issue: Increasingly, policy makers have turned to discussing what agreements governing behaviour in the online environment might look like, the principles they should be based on, the boundaries they would place on behaviour and how they can be promoted. This will be a gradual and long-term process, and different stakeholders are likely to want different outcomes from any agreement.
• Question: What sort of approach should be taken to developing agreements on behaviour in the online environment?

Issue: The demand for skilled cyber professionals in both the public and private sector will continue to grow at a rapid rate and it is likely that those companies – many of which will be based overseas – offering the best financial incentives will attract the best of Australia’s ICT graduates. However, a purely market-led distribution of skilled cyber workers may not meet the broader digital needs of Australia as a nation.
• Question: What strategies should be pursued by governments, industry and academia to ensure adequate levels of domestic expertise are available to maximise the opportunities of the digital economy and address risks to Australia’s digital infrastructure?
• Question: What new forms of government-industry cooperation and dialogue are required to ensure the Australian cyber skills base is developed to meet Australia’s broader national interests?

Issue: Australians’ level of digital literacy is growing, yet many elderly and vulnerable Australians are unaware of the opportunities and risks inherent in digital technologies.
• Question: How can we ensure all sectors of the Australian community have the necessary skills and security awareness to optimise the benefits of the digital economy?

Issue: Being viewed as a world leading digital economy in the way that Singapore is in our region, is critical to attracting overseas investment, both in our ICT sector and more broadly because of the enabling role of digital technologies.
• Question: Besides rolling out the NBN, what role does the government have in promoting opportunities for individuals and businesses to compete in the global information communications technology marketplace and to increase the attractiveness of Australia as a destination for digital investment?