Govt services to face massive security challenge: CSIRO

Summary:Australians could face rolling shutdowns of public infrastructure, massive data leaks from public services and a government defrauded of billions within the next decade due to an increasing potential for online security breaches, according to a new report by the CSIRO.

A report published today by the CSIRO suggests that as Australia moves its public services infrastructure online and into the cloud, the potential for security breaches through as-yet-undetected vulnerabilities such as Heartbleed could allow online attackers to wreak digital havoc over government networks.

The report said that hackers could soon use similar vulnerabilities in computer security to shut down energy grids, disrupt public services and steal vast amounts of private data worth billions of dollars, unless institutions "take measures today to ready themselves against future Heartbleed-like threats".

The report, Enabling Australia’s Digital Future: Cyber Security Trends and Implications, looks at how a far greater number of future attackers could cause widespread disruption and financial losses by hacking into Australia's digital services and infrastructure, including public services like patient health records and taxation data.

It suggests that the damage from these cyber threats could be "immense", with the potential for the government's healthcare system to be defrauded to the tune of AU$16 billion by 2023; disabling energy grids at critical times and hacking public-sector databases to leak or sell confidential data.

"Despite recently being ranked second in the Asia-Pacific region when it comes to cyber-security capabilities, we need to recognise that our increasing reliance on digital services leaves us potentially vulnerable at unprecedented scales," said James Deverell, director of CSIRO Futures, who spoke today at the CeBIT technology conference about the report's findings.

"The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed and severity of breaches — far beyond what any single organisation can tackle on its own," he said.

According to the report, the Australian Bureau of Statistics' Personal Fraud Survey indicated that over the 12 month period from 2010-2011 Australians lost AU$1.4 billion as a result of personal fraud. The report also also highlights the recent cyber attacks against government entities.

"In 2011-2012, there were more than 400 cyber incidents against government systems requiring a significant response by the Cyber Security Operations Centre. During the same period, there were reports of 26 'serious cyber threat incidents' to inner Victorian agencies," the report said.

For Deverell, the more the Australian government moves its digital infrastructure online to drive its public services, the more exposed Australians will be to potential security threats.

"The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be,"said Deverell.

"As we begin to develop and embrace these services, it's in our national interest to ensure they're designed with simplicity and transparency in mind from the very start," he said.

The report calls on businesses, public-sector organisations and everyday Australians to embrace more open disclosure and work together when a breach occurs, work to simplify digital systems, invest in new systems to verify and protect an individual's digital identities from theft or fraud.

"As shown recently in the international response to the Heartbleed exploit, collaboration and open disclosure are essential when tackling threats that cross networks, industries and national borders," he said.

Topics: Security, Government : AU

About

Leon covers enterprise technology and start-ups from ZDNet's Sydney newsroom.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.