Australia launches critical infrastructure security reforms Sysadmin-in-chief of Australia's telecommunications industry, Attorney-General George Brandis, has released plans to anoint himself in a similar role in other critical infrastructure sectors, starting with an ownership register. Australia's government has announced a consultation into its Security of Critical Infrastructure …
But how else do you expect them to be able to maintain their claim that they're better economic managers than "the other guys"? They gotta keep their budget in the black by selling everything, so when the cycle turns and they lose power, whoever takes up the mantle has to spend big time on infrastructure and projects to rebuild the country. That way they can keep pointing their fingers at the other guys and saying they're wasting tax payers money. WIn-Win in their eyes.
It started off sounding like a pretty good idea, until i read this sentence
"...owns, operates or has access to..."
Damn thats going to be a huge list.if it goes to the employee level. And if you dont go to that level, then there is no Point in having that Statement involved. I fail to see how that helps protect your infrastructure unless your going to be checking all of those names against various security/terrorist/no-fly lists. And if you're doing that, the privacy implications for all of those People are huge.
Knowing who owns the various bits of infrastructure and who runs them are very good for the government to know. Maybe knowing which companies are subcontracted to work at These places could be useful (but even that seems a bit of a stretch). But knowing who has Access. A waste of everyone's time and thousands of people's privacy.
"Maybe knowing which companies are subcontracted to work at These places could be useful (but even that seems a bit of a stretch). But knowing who has Access."
The thought does occur to me that, just possibly, access, in this context, might mean companies subcontracted to work there and in particular, outsourcers. Wouldn't that be a more practical interpretation as well as being essential to the plan of holding those with control responsible for security?
"Not a bad idea per se, but why is the Attorney General's department in charge?"
I suppose that as the govt's chief law officer the AG can step in if nobody else does. The scheme has the merit of being able to ensure that everything essential is covered if the relevant departments can't be bothered or, worse, have been subject to regulatory capture.
So, a big list of critical infrastructure. So the gov't can identify stuff that would cause a lot of disruption if bad guys targeted any of it.
If I were a bad guy, intent on causing disruption, how could I figure out what it would be worth my while to sabotage?
It's a good job that seriously high-security organizations like the NSA know how to protect sensitive information, like their ultra-secret hacking tools. They'll be able to advise Australia how to keep its target list from the bad guys.
Unless action is also taken to harden the targets on the list as they are identified it has the potential to do more harm than good. Nothing in the article suggested that was going to happen, they're going to compile the list first then later (perhaps) figure out what to do about items on the list.
What could possibly go wrong?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
