National security strategies 'flawed': AusCERT

A national approach to internet security, such as Australia's Cyber Security Strategy, is "flawed", according to the chief security officer of Amsterdam internet service provider XS4ALL, Scott McIntyre.

The Australian Federal Government launched its in-depth Cyber Security Strategy for the nation in November last year, supported by a new Computer Emergency Response Team to rival existing AusCERT.

"I believe that any national approach to internet security ... is flawed," McIntyre said at the AusCERT 2010 security conference in Queensland on the Gold Coast.

"The internet is a success because it doesn't give a flying toss about a nation."

"If you really believe that the internet starts and stops with an imaginary line in the sand ... that's not how the internet works, and it's not how the bad guys see things either."

Companies had to look to their own security instead of looking to be helped via a national approach, according to McIntyre.

"I think that we need to accept that the internet is pwned. I think that if you haven't already accepted that, you're really in the wrong line of work. You have to adjust your expectations about what the internet is, and what it can't be, and the fact that not everything that happens is a major crisis," he said.

"You don't need to have war rooms for everything. You don't need to build these huge cyber bunkers because there's a war on the corporate network. Get used to it. This should be your daily routine by now."

As well as being the chief security officer of XS4ALL, McIntyre is one of the five kernel-team security officers for KPN-CERT. KPN is a telecommunications and ICT service provider for the Netherlands.

Ben Grubb is attending AusCERT 2010 on the Gold Coast as a guest of AusCERT.