October 18, 2010

US Looking To Australian Program For Cyber Security Model

An Australian program that allows Internet service providers to alert customers if their computers are taken over by hackers might be making its way to the U.S.

Obama Administration officials met with industry leaders and experts to try and find better ways to increase online safety while still maintaining people's privacy and civil liberties.

Experts and U.S. officials are interested in portions of the plan, which is expected to go into effect in December in Australia.

White House cybercoordinator Howard Schmidt told The Associated Press (AP) that the U.S. has its eye on a few voluntary ways to help the public and businesses to be more protected from cyber crimes.

The Australian plan enables customers to get warnings from their Internet providers if their computer gets taken over through a botnet pogrom.

Schmidt told AP that if a company is willing to give its customers better online security, the American public will go along with that.

"Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview with the news agency. He added that Internet service providers can help "make sure our systems are cleaned up if they're infected and keep them clean."

However, officials say that Australia's plan would be technically difficult and will likely run into opposition.

"In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," Prescott Winter, former chief technology officer for the National Security Agency, told AP.

He said that the Internet is viewed as a technological wild west that should remain unfenced and unfettered.  However, he said this open range is not secure, so "we need to take steps to make it safe, reliable and resilient."

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better."

Cybersecurity expert James Lewis of the Center for Strategic and International Studies told AP that the Internet providers are nervous about increasing their regulations.

He said online customers may not want their service provider cutting off their Internet if their computer is infected. 

However, they may be more prone to the idea of having their Internet service provider warn them of cyberattacks.

Lewis said it is inevitable that carriers will eventually play a role in defending its online customers.

Comcast Corp. is expanding a Denver pilot program that alerts customers whose computers are being controlled by a botnet.  Cathy Avgiris, senior vice president of Comcast, told AP that the company provides free antivirus software and other assistance to clean the malware off a customer's computer.

She said the pogrom will become available to all U.S. customers over the next three months.

"We don't want to panic customers. We want to make sure they are comfortable. Beyond that, I hope that we pave the way for others to take these steps."

Dale Meyerrose, vice president and general manager of Cyber Integrated Solutions at Harris Corporation told AP that voluntary programs will not be enough.

"There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards," said Meyerrose.

The Australian program allows Internet providers to take necessary action to limit the damage from infected computers, from issuing warnings to restricting outbound e-mail.  They will also be allowed to temporarily quarantine compromised machines while providing customers with links to help fix the problem.