5 Zugangspunkte. 1 Lösung.

Panel Transcript "Securing the Future: Preventing Cybercrime"

Panel Debate

Host: David Koch (Channel 7 Sunrise)

Panel:

  • Peter Sykora – High Tech Crime Operations, Federal Police
  • Detective Superintendent Brian Hay – Queensland Police
  • Alastair MacGibbon – Managing Partner, Surete Group
  • Peter Coroneos – Chief Executive – Internet Industry Association
  • Darren Kane – Director of Corporate Security and Investigations, Telstra
  • Dave DeWalt – President & CEO, McAfee, Inc

 

David: Well good morning, ladies and gentleman. My name is David Koch from Channel 7 Sunrise program, and I have the terrific honour of hosting today’s panel. Now we’ve gathered a panel together to talk about the realities of cybercrime in Australia – what’s happening, what’s going to happen, what should we be doing about it, a bit of crystal ball-gazing, a bit of an insight into the future; although whenever I talk about forecasting, I remember I’m a finance nerd, and come from that sort of background. I always remember the very sage advice I received from an old economist mate of mine; and he said, “Kochie, if you’re ever going to forecast, you do it one of two ways: you either forecast regularly so you can keep changing your mind, or forecast so far into the future when people get there, they’ve forgotten what you’ve said anyhow.” So our panel’s going to give you an insight into 2025; and it’s going to be a ... going to be a crossroads. No, it’ll be a lot closer than that. Look, we’ve got a lot to get through in the next hour or so; you are going to find it absolutely fascinating, I guarantee it. So let’s introduce our panel.

And our first panel member is Peter Sikora. Peter is a federal agent with the high-tech crime operations; he’s responsible for the investigative arm of that agency, predominantly online banking fraud and national information infrastructure investigations. Give Peter a warm welcome.

Sitting next to him, one of his old buddies, who is the McAfee cybercrime fighter award winner, Brian Hay. Brian is a Detective Superintendent with the Queensland Police Service; he’s revelling in the State of Origin Win the other night. He has responsibility for managing the state’s Fraud and Corporate Crime Squad. Despite all that, he’s a very nice bloke. Welcome him.

Alistair McGibbon is often referred to as Australia’s former top cybercop, and that’s how he still refers to himself as. Alistair is a highly acclaimed authority on high-tech crime, including Internet fraud and consumer victimisation. He’s the first bloke that we get on our show when we want to talk about this area. Would you welcome Alistair.

Peter Coroneos, of course, you all know as the Chief Executive of the Internet Industry Association. He’s currently overseeing the development and implementation of Industry Codes of Practice as the industry’s response to core issues ranging from cybercrime to online privacy. Peter, welcome to you.

Darren Cain is the Director of Corporate Security Investigations and the Officer of Internet Trust and Safety for Telstra. Darren brings us an industry and ISP perspective. Darren, welcome to you.

Finally, our host for today, the big boss himself, the President and Chief Executive of McAfee Incorporated, Dave DeWalt. He was ... Dave was recently voted one of the 25 most influential executives in high technology; he’s a frequent commentator on Bloomberg TV, CNBC, CNN, and Fox Business. Would you welcome Dave DeWalt.

Gentlemen, welcome. Dave DeWalt, I’ll start with you. What on earth are you doing wearing a Queensland pin on your lapel in New South Wales?

Dave: I’m on the side of law enforcement. See, you notice Brian gave it to me today. Has it been four years in a row? Is that what it is now?

David: Oh, we don’t need reminding, thanks very much. Goodness me. You’ve got to get with the program here. Dave, I will open the serious questions with you first-up. In ... in your keynote, you talked about new technologies opening doors to new threats. It was a bit scary. What the ... give us one thing that you lose sleep about at night in that area?

Dave: Oh, what do I lose sleep at night ... I think I mentioned this a little. I mean, just making sure we’re protecting McAfee. I mean, it feels like that ... I don’t know if you ever had that dream when you were in college, like you missed the exam or, you know, you forgot the test, or you missed class; it’s sometimes you think about missing a threat. And at least for McAfee, our job is to protect the world, consumers, corporations, my own company; and sometimes it’s all about just staying up at night, and hopefully for others to be able to sleep as well; but, you know, this is a never-ending battle with the threats that we see. I mean, some of the samples that I showed you earlier, statistics – it’s crazy to watch how much has been elevated, what the threat landscape looks like right now; and it just seems like one of those bad recurring dreams sometimes that keeps you up at night, just watching crime or terrorism, and it’s crazy. And a lot of the Panel’s noticed too.

David: Absolutely. Well ... well Peter Sikora, I was going to ask you, one of the big issues at the moment – been in the paper a bit as well – a lot of allegations whether the Chinese having blueprints for the American power group, you know. Cyberterrorism in terms of critical infrastructure, that ... that’s gotta keep you awake at night?

Peter S: It does. And I guess I’m in a very unique position, working very closely with the intelligence community and seeing these attacks occur; and if I can just say, David, too, that, you know, we have to differentiate between what the cybercriminal is doing, and also what cyberterrorism actually is, and what is the definition of cyberterrorism.
State-sponsored attacks really do not justify cyberterrorism, but they are happening; issue-motivated groups are attacking not only our government – they are attacking our military, they’re also attacking our corporate businesses throughout Australia and internationally. And this is probably one of the most significant threats that we’re actually seeing; and also in saying to the audience, it’s something that we really cannot discuss as a law enforcement agency, because it’s held at the ... the top-secret levels of government, and how we mitigate these attacks.

David: Okay. We’re not going to tell anyone, so you can talk about it with us. But ... ’cause, I suppose the general public thinks that, “Oh, it’s the ... these pimply-faced hackers that are getting on and having fun.” But it’s not anymore.

Peter S: It’s ... it’s not anymore. Maybe 20 years ago, that was the case, where we were looking at ... you know, hackers doing what they did for the good of the Internet as it was being born, and it was for notoriety as well. Increasingly now, we’re seeing for financial reason, as Dave said before; it’s all about the money. It’s all about getting personal details, corporate details, military details, for the sake of either a country or for the sake of financial gain.

David: Brian Hay, you deal with cybercrime on a daily basis. We talk to you a lot on Sunrise as well. You hear complaints from ... from Queenslanders specifically. Your experience of the ... who are the most vulnerable groups on the Internet at the moment? And how do we get the message across to them, that they’ve got to ... they’ve gotta look a bit deeper?

Brian: Look, I think we’re certainly seeing that the seniors within the community are the most vulnerable. Getting the message through sometimes is extremely challenging. When people have lost money through online fraud, they commit a part of their soul and their emotion to the process; and getting them to say, “Hey, sorry, don’t send any more money” ... we’ve had certain losses where 76% of people continue to send money. There are intelligent, articulate people. So we’re looking at the ... the seniors within the community, because we know that they are a target; they’re the one with the ... they’re the ones with the money, you know. Self-managed superannuation funds, you know. Getting into retirement. Their whole lives are being destroyed, because they’re sending hundreds of thousands of dollars overseas to online fraudsters. We’re commissioning some research at the moment to try and unlock why are people in this age group falling victim. I think one of the ... the things you’ve got to understand is that they’re not used to the technology; they’re not used to the cybercrime environment. Many people think it’s regulated by government, therefore it’s safe. These big, glossy ... you know, Websites, very professionally done; the whole process evolves ... has evolved by the crook to socially engineer these people. But how do we reverse that social engineering process? And we’re trying to unlock the keys. It’s not easy.

David: Do you think the industry ... as I’ve said before, I come from a finance background; and I think one of the ... the biggest mistakes of the financial services industry is that they talk above the consumer and almost expect them to have an expert knowledge to deal with issues. Do you think it’s the same in this industry as well?

 

Brian: Look, I ... I think so. I think we’ve all got a lot to learn. I think that because we’ve grown up and evolved in different silos of society within the community, industry, government – we always looked at our own background, you know. We sat on the borders in Queensland and said, “Right, we’re going to fight crime in Queensland.” And we’re not worrying about what happens in New South Wales – except for the football matches. But when we ... when we ... now we’ve got to change. Cybercrime has turned that completely on its head. We’ve got to take a responsibility to combat crime in Queensland, but contribute to the law enforcement and industry efforts to combat ... combat cybercrime globally. And I think that’s the paradigm shift that we’ve got to ... that’s a challenge for us.

David: Alistair McGibbon, you looked after millions of consumers on eBay. Online transactions: Do you reckon the message is getting through to Australians, that they ... they do need to take care?

Alistair: Yes. I’d pick up on the point that you just asked Brian about, about the messaging and the simplicity. You know, when you deal with consumers, you need to be giving them a simple message regularly. You know, there might be 50 things that people need to ... to do to clear up 98% of the ... the risk. But there might be three things that they can do to clear up 60% of it. And what we need to be doing as ... as an industry, is getting them to clear up the 60% first. You know, whether it’s ... you know, changing their password, making it more complex, having AV – all of those things are really important. The more technical and the more hysterical we are about the threats, the harder it is for us to get any message through; there’s no ... no cut-through, because the average consumer just says, “Well it’s too hard for me. I’ll leave it to the pointy-headed people.” And nothing gets done. So I think we saw consumers feel safer, the more experienced they are. So the more they actually behave online and get away with doing whatever they do, the more message we can get to them about being safe. So it’s experiential.

David: ’Cause I suppose there’s a fine line between educating the public and scaring them just enough to be careful, and not too much where they say, “Stuff it. I’m going to go back to bricks and mortar.” You know ...

Alistair: Which is the last thing any of us really want.

David: Yeah. That’s right. How do you tread that line?

Alistair: Yeah, well, so we need to raise the threat, there’s no doubt. I ... I’ve been advocating most recently for public health-style campaigns – just like we have with “quit smoking”, or ... or, you know, breast cancer campaigns. We need to be doing a similar thing on a national level; repeat messaging to people about, not necessarily what the risks are, but what the safe behaviours are. I don’t think we need to scare them too much more; I just think we need to be saying, “Look, David – change your password; make sure you install ... you know, security software on your systems; and be careful what information you put online,” for example. Simple stuff.

Brian: Just on that point, I don’t think there is one key message. I think that the message has to be targeted, and that’s what we’re finding.
You cannot deliver the same message to a 14 year old putting all their details on Facebook, to a member of the senior’s community going online for the first time in this thing called ‘cyberworld’ and they think it’s safe; and the perception is completely different. So we have to develop key messages for different multiple levels within the community.

David: At the time of us.

Male Speaker: Yep.

Alistair: So as ... relevant messaging at the relevant time is important.

Peter S: The question is obviously, it’s about education; it’s about awareness, and raising that across sectors as well. One of the things we’re seeing ... particularly when you’re looking at the legal fraternity in the judiciary. When you’re handing out sentences of good behaviour bonds and, you know, a few thousand dollar fines, for someone who is trying to sell 56,000 credit card details on the Internet and the ... the magistrate doesn’t understand, the jury doesn’t understand, the severity; that there is actually a victim behind the offence.

David: This was this Perth company, was it?

Peter S: It’s the Perth individual that was ... that was charged.

David: Yeah.

Peter S: That’s correct, yes.

David: Yeah, yeah. 50,000 names ...

Peter S: And 100 ...

David: ... one at $100,000, and gets a good behaviour bond, and $150 fine.

Peter S: On top of that, he was trying to sell 110,000 domain names as well, authentication codes, user names, and passwords, and ... you know, that ... that kind of sentence is handed down. The public sees this, and they think ... and the criminal sees this, and says, “Well this is a fantastic opportunity for us to ... to keep exploiting this; because if it’s a first-time offence, I will not go to gaol.” And then we’ve just go to continue to keep getting that message out there, and educate the public; our children, the seniors, and ourselves, to say, “Listen, the Internet is a safe place. Computers are safe. It’s the cybercriminal and the users who are presenting the problem.”

David: Well that ... that needs a whole-of-industry approach. And Peter Coroneos, you ... that’s your mantle. And you have ... I want to focus on ISPs. They’re important members of your industry body. And to me, they seem to have had this view that they’re like the postal service: “We’ll provide the product, we’ll deliver it; all care, no responsibility.” Should they be taking responsibility now? Should they be doing more?

Peter C: It is a complex question, David; and I think part of the issue for the ISP is, that they see themselves not as the gatekeeper for everyone’s online activity, but as conduits. But I have to say, in the area of security, we see a different attitude, where in fact there is a coming-together of the interests of the ISP and the end user. Let me give you an example. In ... over the last couple of years, the ISPs – there’s about 68 of them now participating in a scheme with ACMA, the regulator on identification of zombie computers on their networks. And the issue there is that you’ve got home users, for the reasons that my colleagues have mentioned, either through ignorance or carelessness, have allowed their computers to become compromised. And the problem is in many cases, they don’t know that this has happened. We’ve got some great forensic tools that are now available, and the ISPs are actually actively participating in notifying the customer that their computers have been compromised. Why? Because it’s not only a threat to the end user, it’s also a threat to the stability and the integrity of the network. The ISP ... the last thing an ISP wants is to have a spambot running amok on their network, because there are consequences for the ISP if that happens. They get blacklisted; there are issues with costs; there’s a lot more bandwidth being consumed because these people are being inadvertently used as spam engines. So there’s a lot of engagement happening; and in fact, a month ago we launched a new program; as an industry, we’re writing an Industry Code of Practice for ISPs in Australia, to try and create some standardised messages and some good protocols to get that message out to users, and importantly also, to remediate the computer. We’ve got companies that are on the ground, going to homes, getting the spyware off the computer. So we’re trying ... by the end of the year, we’ll have this Code in place; and I think that’s an important contribution that ... that we’re making.

David: Darren is looking to you a bit, for a bit of support here, so you’d better give him some.

Darren: I ... I actually ... well, Telstra sits on the steering committee of the voluntary security code that he’s speaking about. So I’m familiar with that. To pick up on the point ... look, educational awareness will be a really common theme around the debate. It’s so important that the small to medium enterprises, and particularly the retail mums and dad users of the Net, online, understand the risks. But I’d like to also make sure we balance that ... that process of education and awareness. I think what the Internet’s brought to Australia, particularly with our challenges geographically, is an incredible advantage around education and health and commerce. And we ... what we don’t want to do through some of the stories and some of the messages we push out, is to ... to scare people away from the Net. They ... they should really get value from that online experience. So the first point would be whatever we do, we’ve got to make sure it’s balanced. And the second point is that where appropriate, the government can’t sort-of push it back to law enforcement, and they can’t sort-of push it back to the ISP. They’ve also got to actively collaborate with us. And I must say, I ... in my experience, in the role I had with Telstra, is that there is a lot going on; it’s a little bit like the duck on the pond. There’s ... there’s a lot going on under the surface, and I think that with what’s in the future for us is ... is ... is these campaigns and these awareness programs, and we’re ... we’re formulating them as we speak.

David: And also making them approachable to the public. It’s no different to the security measures you take in securing your house, or your car. You know, you lock your car when you go to the cash register to pay for your petrol, you know. It’s simple things like that.

Darren: The best example of that, David, would be ... I took the advantage of spending some time with Professor Stephen Heppell in Australia here in February; a really interesting character who pretty much coined the acronym “ICT”. And he basically said that, you know, idle thumbs do the devil’s work. So there’s a simple message to make sure that when people are engaged online, they’re engaged doing something effective and interesting, instead of allowing them just to ... to play online.

Brian: Just ... I think, during the whole evolution of the cybercrime environment, if you like, to use those terms – it’s become almost a response is to blame somebody; it’s government’s fault, it’s the ISP’s fault, it’s the law enforcement’s fault, it’s the AFP’s fault, it’s ... you know, your fault. But no-one’s saying ... using that word “responsibility”. And I think that part of the education process must concentrate on responsibility. You know, if you want to go on the Internet, you’ve got be responsible. You’ve got a responsibility to ensure the safety of it. It may not be a legal responsibility, but certainly a moral or ethical responsibility. Because, as we heard, right at the beginning, you’ve got to protect your family. If your family go on the Internet, take responsibility for protecting. As you said, you lock up your house when you go out. Take those steps of security onto your home PC.

David: Yeah. You don’t leave your kids at home by themselves, so why leave them on the computer? Dave ... we talked a lot about responsibility of ISPs, industry, that sort of stuff. What about business? Because I think we all agree with Darren it has revolutionised the business model. It has revolutionised distribution networks for so many businesses around the world. It’s built profits on the cost side; it has just been fantastic for business globally. What’s their responsibility to fight cybercrime?

Dave: I have to say, you know, this is ... you’re watching a panel here that I think is just amazing, you know, for ... it’s one of the first times I’ve ever watched government come together with telecommunications come together with security vendor. This is one of the biggest requirements that we have to create and interlock between all of us on this stage; the ISPs, the telecommunications, the banking, the government, together with vendor. This has to happen. We will never solve it just in (20:40). And I know Brian, you know this ... you know this as well; we all have to work together, and this is one of the most critical things. And hardly anywhere in the world do you see this kind of activity occurring; it doesn’t happen. The government has its track, and security vendors have its track, and the businesses have its track. And coming to your question, you know, the businesses really have to work. We need private public interlock. This has to occur. We have to figure out ways to data-share together, and that’s a tricky one. There’s this little privacy challenge, compliance challenge, motivation profit-oriented things. But we have to figure this out, because it’s a global challenge, and it’s beyond borders here; it’s beyond borders anywhere, and it’s becoming one of the most critical things for us to figure out, I think, as a society, is somehow make this work together; and businesses have clear responsibility. But it’s a two-way street, or even a triangle amongst all of us here.

David: You ...

 

Peter S: Can I just add onto that to, and to Brian’s comment. Brian was exactly right; this is a shared responsibility. For us as law enforcement, it’s no longer about traditional policing anymore. It’s about engaging. It’s not also about having a prosecution or a person before the court; it’s about mitigation and prevention, and forming those partnerships with the private sector and various other agencies, government and the like. And Dave, you’re exactly right; it’s about having trust and confidence in each other to share information, getting beyond current legislation in regards to privacy, you know, how we’re storing data and things like that, and start talking ... working towards it. Because, trust me – and this is one of my bugbears – for two years now we’ve been talking about ... you know, legislation issues, particularly the mutual assistance processes in passing information overseas in criminal matters. We’re still nowhere, you know. We really need to expedite that process. Because what ... it’s not about Australia, you know. It’s not about America. It’s a ... it’s a truly global thing, and we need to share information.

David: Dave, you travelled the world. Okay. Who does it best? Are there particular countries that we should be going and saying, “Hey, you know, gee, they’ve got the model right. They’ve ... they’ve actually got something, or somebody, who takes responsibility that the whole industry can go to, in a sense of leadership”?

Dave: I’ll be really honest, I haven’t seen anybody do it very well. And it’s sad ...

David: See, that’s a bit scary in itself, isn’t it?

Dave: It’s a sad state. I mean, I’m really encouraged by the passionate people that we have here; you can just feel the energy that’s in this room. I had a chance to go to the White House just a couple of weeks ago, and I met with President Obama. He had a conference, a ... a press conference ...

David: Now, that ... that is name-dropping! That’s ... that’s a beauty! You know, I ... I can drop a few names, like Cameron Diaz, but Obama or Bruno? Not Obama, let me tell you.

Male Speaker: I’m talking with David Koch.

David: No ... yeah, yeah. “Met with President Obama.” Alright. Sorry.

Dave: The point of it was that for the first time, at least in America, we saw the leader of the country come out pretty actively and say, “Wow, this is a problem. This is keeping me up at night. I’m going to try to put forth some sort of architecture organisationally within my presidency to come up with ways to eradicate these problems.” And he even realised, and even admitted, that this was a huge challenge. I don’t know if ... how many of you saw this, but even during the press conference, Obama came out and said, “Listen, you know, this is becoming a large problem. Even during my own presidential campaign, I got hacked into.” And he goes, you know, “I didn’t lose anything really important, but I lost most of my confidential launch materials; I lost a lot of data around what I was doing strategically, what were my message platforms.” And this was hacked into during the democratic conventions, and he came out and literally talked about this; and of course when he used words like “bots” and “botnets” and “Trojans”, I was like, “Wow, this is what we need, is leadership like that, who can recognise some of the challenges.”
But, you know, we are at a real infant stage; America’s done a little bit, I’m watching it happen here, the UK is naming a cyberczar. We need leadership in government who can come together and be the force, at least to enact policy, legal frameworks, begin to start that; but nobody’s done it real well.

David: Our Prime ... our Prime Minister talks about bots and stuff like that. It’s in Mandarin though, which we have a problem translating. I’m sure he’s doing that, though. But guys – is this a challenge for Kevin ’07? Obama used technology amazingly well; it’s become a case study – business case study – on campaigning using new technology. Kevin ’07 did it to a much lesser degree, but does he really understand that we need leadership like Obama’s?

Alistair: I was going to make the observation, David, that I think the businesses ... business uptake of ICT and consumer uptake has far outstripped government capacity. It’s outstripped law enforcement capacity, with due respect for my law enforcement colleagues, in every country in the world. And, you know, I’ve ... I’ve dealt a lot with the UK and the US agencies in particular over time; and what I’d say is, there’s an increasing gap between what the actual need is, in terms of how much business is written now on the Net, and even if you’re not on the Net, selling business – how much you rely upon computers and communications technologies at the back end. And the simple fact is, there is nowhere you can go in Australia as a consumer or as a business to make a complaint today when something goes wrong that that ... apart from a ... a start in Queensland, where it doesn’t matter what the jurisdiction is, where the offender is, if that makes sense. Because it all comes down to where is the offender? Where’s the evidence in relation to the offence, and where can I aggregate those victims? There is nothing in this country that allows a person to make that type of complaint; and there’s not the capacity at the back end to then investigate those matters. Now that’s not being critical; it’s merely saying that governments talk an awful lot about, “We want e ... e-government; we want e-business; we want consumers to have smart houses and smart power grids.” All fantastic things. But governments do need to financially, and in a human sense, support that infrastructure. And I actually don’t see that happening. Not on scale.

David: Alright. I’ll ... I’ll do a quick around the grounds of the Panel here. I’m Kevin ’07. If there’s one thing I can do for you to solve this – only one, don’t give me sort-of any more – just one quick thing that will make a huge difference to your issue now, what would it be?

Peter S: This just proves that I wasn’t given the questions beforehand, so ...

David: This actually isn’t on the list. I’m sorry.

Peter S: You know, there are so many issues that are burning, and these are the things that keep me up at night as well. And I guess it’s ... it’s the resources that I need to do my job, and do it well. Because it’s ... it’s the future of policing; it’s ... everything now we do from traditional policing to what we’re seeing with high-tech crime investigations, has technology involved in it. I need the skilled personnel to investigate, to use the tools.

David: Okay, by how much? Double your budget, or double your staff, or ... ? Come on, be specific.

Peter S: Oh, I mean, I ...

David: And then give me a KPI.

Peter S: Oh, I ... you know, I could ... actually, what I would like is, I would like to see us unified as a whole of law enforcement approach to this in Australia. That’s ... that would be the ultimate aim, ’cause we can leverage off each and other’s resources.

David: Okay. Okay. So the federalism thing, the state thing ...

Peter S: Yes.

David: ... is an issue for you. Brian?

Brian: First question is, law enforcement and politicians shouldn’t mix, but ... for my own safety, if anyone gets wind of this, but I think ... I can’t disagree with what Peter said. If I said, “Well okay, give me one thing,” I’d say, “The strata should sign up to the European Convention on Cybercrime.”

David: What would that do?

Brian: Well straightaway, we would have a greater capacity to share intelligence with other law enforcement in ... across Europe. Which is in a more timely fashion.

David: Agree?

Peter S: Once ... once again, that ... that’s a good point, and ... and it’s a continual discussion about a session and being a signatory to this convention. Unfortunately, our Telephone Interceptions Act has some very specific provisions in it, which is back into the legislation realm, which then will prohibit us becoming a full signatory to it.

David: Sounds like ... sounds like a lot of bureaucrats involved in here, which needs someone to kick a head or two, and so ...

Peter S: We ... we’re already meeting a lot of ... of the ... the convention points, I guess, for want of a better term; it’s just that there’s some real sticking points within our legislation.

David: Alright.

Brian: But I think sometimes we think we focus on the ... on what stops us, rather than on ... focus on how do we make it happen.

David: Right. Good point. Neither of you mentioned increase in penalties, so obviously that’s a bit further down. Alistair, what’s your one?

Alistair: Single point: To be able to collect whole of nation picture of what the actual incidence of crime is. Because until you can counter ... until you can actually say how many compromised computers, what data is lost, whether it’s corporate or personal data ...

David: Well, we don’t share that at the moment.

Alistair: Yeah, we don’t. You know, corporates don’t share it with government, and governments don’t share it with each other. You know ... you know, it takes about a year for the Institute of Criminology each year, David, to work out the murder rates in Australia, because each of the police services record unlawful deaths differently; so they’ve got to de-dupe some things. You know, I would have thought it’d be pretty simple; guy’s got a knife in the back, he’s dead, it’s a murder. You start taking ... you start taking, you know ...

David: Alistair used to be a counsellor – crimes counsellor. Of course, victims counsellor, but ... yep.

Alistair: So you start taking computer crimes, and all the new words we keep creating for them, and I’d say that for every computer crime and all the different words we use, there’s a ... there’s an offline offence we should just be calling it, right. But let’s just forget that. So really, what we need to be doing is counting this stuff. Because until we count it, and actually work out what impact it has, human and financial, you don’t get the resources, you don’t get the right type of political leverage to start changing ...

David: There’s actually got to be votes in it.

Alistair: There have to be votes in it.

David: Yeah.

Alistair: Absolutely. And ... and votes come with, well, how much is this ...

David: The data.

Alistair: Countless stuff.

David: Your one, Peter?

Peter C: David, the NBN, the National Broadband Network, is the biggest funding commitment; not of just within the Internet industry, but within any industry in Australia’s history. It’s a $43 billion funding commitment that will revolutionise the Internet in Australia, and catapult Australia to the forefront of international competitiveness. We need to build into that security. Our ... our pitch will be ...

David: That’s a really good point, because politicians ...

Peter C: $43 billion; if you could make a billion of that hardening a network ... you see, the Internet, as everyone here knows, was never designed to be secure. We’ve got great companies like McAfee that are now trying to retrofit security back into something that was always done between Universities and Defence organisations within a trusted framework.

Now what we know 30 years later is, that if we were going to build a new Internet today, we would make it far more secure than the historical Internet. Here’s the big opportunity; if we could allocate 2% of that NBN spend to ensuring that it was built secure – there’ll be consulting fees in this for you, too, Alistair ...

Alistair: And something for McAfee, too.

Peter C: Just 2%, that would be ... that would be our number one priority. If ... build it ... if you’re going to build it again, you’d build it right.

David: Gee, and that’s an easy sell to the public. That’s an easy way to get votes. $43 billion, and two of that is going to make sure it’s safe, and you can sleep at night.

Peter C: 2%. One billion would be enough. More than enough.

David: Darren?

Darren: It’s always tough when you’re sort-of last in line here. I’m glad I didn’t raise the NBN.

Dave: Don’t mention the war.

Male Speaker: (32:40), it’s alright now.

Darren: What I’d like to see is ... is a mass market media campaign supported by government funding that actually gets the message across, and I ... I sit on the consultative working group for cybersafety to the federal government; and we’re talking about that recently, and a really good idea came up round viral videos. Because that seems to be really popular, and really delivers a message. So we’re looking at the “Chk Chk Boom” type approach.

David: Oh, yeah.

Darren: Where we can, you know ...

David: What, “Click Click Beep” or whatever?

Darren: But it would certainly deliver the message, and put ... put the message of safety and security online right at the forefront of all users, so that we can prove their online experience. That and perhaps some safe harbour legislation for ISPs who are using best endeavours to support law enforcement and government with this issue, where we ... we actually take action to ... to do something; we’d like to make sure there’s legislation to ... to cover us for that.

David: Okay. Righto. You’re not going to use the “Chk Chk Boom” chick, though, are you?

Darren: Well, not at this stage.

David: That’d be a great ... that’d be a great story. I’ll take a note of that. Dave, you were saying there was no country model that we should be basing ourselves on – no-one’s got it quite right; but what about ideas in different countries that  maybe we should adopt? One suggestion for our government?

Dave: I ... I really resonated with what Darren was saying. I mean, some of the best ideas I’ve heard again coming out was mass marketing education programs. I think about it ... I know in America there’s a few very successful ones; they had the Smokey the Bear, you know, fire kind of thing; the click-it-or-tick-it “use your seatbelt” kind of model. Coming out with programs that can educate the masses around the need for at least some level of security, because most of the time it’s much more of just a logical thing to do versus a technological thing to do. And for a lot of people, certainly some demographics, where it’s just a little bit of education, it’s a huge difference in whether they fall victim or not; can really change the game. And I think having government help sponsor that a little bit – there’s one thing, you know, when McAfee says it; but sometimes it looks self-serving when we say it and try to educate people. If it’s coming from government, coming from other industry, it makes a huge difference; especially if we could do it together. And probably the best proposal I’ve heard was, creating a bit of a World Health Organisation concept to security. How do we begin to think about this in a world platform, much the way we think about physical disease? Could we create a mechanism that says, “Hey, there’s been an outbreak here in Australia – watch out for this. Swine flu H1N1’s coming, or it’s (35:28), or it’s ... you know, XYZ. How do we create an alerting body that isn’t profit-driven that can give us a mechanism for education? And that’s largely what WHO does, and ... and how do we create that tangential kind of environment for the cyberworld would be, I think, a dream (35:45).

David: So there isn’t one like that?

Dave: I don’t think there’s one country; it’s a ...

David: No, no, no; a global organisation?

Dave: There’s none like that. Zero. Absolutely nothing today in that construct. And I think we need it. And it needs to come together in a more global fashion than country-by-country.

David: Mention that to Obama, next time you see him. Or Hu Jintao, or ...

Peter S: Can I just say, Dave, that in Calgary, in Alberta in Canada, they’re trying to set up a global centre for security cyberspace, where they ... they bring in not only the private sector, but also international law enforcement as well. Unfortunately, once again, it comes into a question of local politics; buying from the RCMP, and other jurisdictions as well; and it’s proving quite formative for them to actually get this up and running, not to mention that it’s minus 50 degrees in wintertime there in Calgary. So it’s not a great place, I guess, to go there for causes. But these things are being tried now, you know; people are looking at things like virtual police stations, you know – how do we have virtual police officers online, and the like; and trying to centralise some kind of central repository of what we want to see on the Internet for law enforcement. But ... but that’s ... there’s still a lot of work to do there.

David: But I’ve got a ... get a sense from Alistair and a few of the other comments that a real cultural issue here for the industry and consumers and business is, acknowledge when there has been a breach, that you have been ripped off, and not being embarrassed to tell people.

Alistair: Well even knowing that you’ve had a problem. I mean, there’s ... there’s people compromised that don’t know it. I mean, the vast bulk of compromised computers – the average punter out there doesn’t know that they’ve lost control of their computer, do they? Not ... not until they might get told by their ISP. And most people don’t know their credit card’s been ripped off, or their password’s been stolen, until maybe the crook starts using it.

Peter C: Just on the question, I thought you were going to say a point that I was about to raise; and that is, we did some work with the OECD a few years ago on creating a global standard for security within the 30 or so OECD countries. But a key concept emerged in those discussions around this idea of a culture of security; creating a culture of security, picking up on the earlier points about whose responsibility is this. The truth of the matter is, it’s everybody’s responsibility. At the enterprise level, at the law enforcement level, the Government level, the ISP level, all the way through to the consumers. Everyone has to assume the responsibility for their part of the operation. And then we need to integrate that in a way that makes sense. And in terms of the education campaign, we fully support that. But it’s not just enough to raise awareness; we think you’ve got to go the extra step. What we should be looking for here is engendering behavioural change. Without behavioural change, all the education in the world will be for nought. You’ve actually got to change the way that people are participating online, how they’re configuring their home modems and routers, all the way through to patching their operating systems.

David: They need to be sold safer systems.

Alistair: That’s right. I mean, we’re ... you know, we’re giving a person a box that can be configured a whole range of ways, that they just don’t need it to be configured for, right. So we ... we’re giving them this system, this Ferrari, when they want a ... a Vee Dub. And we’re wondering why it is they get ... they run off the road all the time. If this was any other infrastructure that we used – if this was rail, road, air, or anything else – we’d expect a certain level of standards. And ... and when we’ve got that level of safety and predictability, then we educate people about how to be safe within ... within guardrails. But what we have at the moment is this ... is this totally anarchic, unregulated place, and we then say to people, “Look after yourselves. Do the right thing in there.” And don’t get me wrong, I mean, I ... I ... you don’t want a huge amount of regulation; but some level of predictability; and frankly, businesses when they go online are providing a lot of services that don’t have the back end properly tied up, where they’re not necessarily protecting the data of the people that ... that are their customers; and they’re saying to the customer, “You gotta be safe as you deal with us.”

Peter C: I agree.

Alistair: And, you know, the business at the back end is letting it just go out the door.

Peter C: This is what the culture of security means, Alistair. It means that everyone plays their part.

Alistair: Absolutely. Everyone – not just the consumer.

Peter C: You’re not looking to the government. Yeah, you’re not ... we’re not just looking to the consumer; but we’re saying that the consumer must also play their part.

Brian: Yep. So the salvation of cultural change is going to be based on education and awareness. You’ve got to have a starting point. You will not change culture if you don’t educate and make it work.

Peter C: You’ve got to look at the messages as well. I mean, we’re ... I’ll give you an example. Recently in Australia, a new vulnerability has emerged in the home router, where people are not ... well, not changing the password on the router when they buy it out of the box. It comes with “Admin, admin” as the default, or something similar. We’ve had a ... an exploit called Cybot, where they’ve come in and it’s a brute force attack on the router, where they reconfigure the firmware. The malware’s not going to be sitting on the PC.

Male Speaker: It’s sitting in the ...

Peter C: So your antivirus software’s not going to work here. It’s actually on the router. And so I’ve ... I’ve been talking to our people, and we’ve been talking to router manufacturers, about, “How can we do this better?” One of the first ... the behavioural change we want is that when you unpack it out of the box, the first thing you do, is you go in and you put a strong password in there. But how do you explain that? And here’s the challenge. How do you say that in a way that the silver surfer, as Darren calls them, will actually understand, you know, that this is not too ...

David: What do you call them, Darren?

Darren: Anyone over sort-of 65 who’s learning the computer for the first time; they’re silver surfers. Well actually, we actually have ... and to pick up that point, look at Telstra. We recognise that we have a responsibility, and our reputation around making sure all of the users, and anyone associated with the company, and it includes shareholders, respect what we’re doing in this area. So the ... we’ve put a number of things in place, but to ... to pick up on Peter’s point there, I firmly believe that we really should go out interstate in Commonwealth education departments and actually ask them to consider computer security, cybersafety, as a subject. And ... and certainly the tertiary institutions around this country should really have ... have that as a stream, so that there’s more and more of these types of professionals out there who have a better understanding. Peter made the point, there are small gizmo-type companies out there now who are offering the services to retail clients to go out and fix their computers. I think we need more of those. So there’s ... there’s an easy start. I think one of the things that I found in ... in being involved with what is a large bureaucracy around this issue is that it’s very, very hard to get something started. To get some momentum going somewhere. So why don’t we pick off some easy wins and do them?

Brian: I think just on the issue of Wi-Fi security. We agree completely, especially what we’re seeing at home end user, but also very much in small business. We’re about to undertake a project, a war-driving project – we go around and we’re going to identify the insecure wireless network. We’ll pick a community; we’ll provide information to that household or that small business on how to secure yourself, let them know they’re vulnerable; go back in a month’s time, do the same exercise again and see what difference it makes. And now if it doesn’t work, we’re going to have to do it again, until we get a message that works. And as I said, it’s got to be multiple levels of communication throughout different tiers of society; there is no one panacea, no silver bullet, no quick fix; it requires a community response.

David: Okay. Is ... is there a champion of this in government? Is there a politician that sees this as a, “Right, I’m going to ... this is going to be my cause”?

Darren: I think Minister Conroy gets it, in defence of him.

David: Who ... who does?

Darren: Minister Conroy. He gets it. He understands the importance of this. He understands his votes on it. So there is a fair bit going there.

David: Well ... no, no, no, but what’s Darren’s saying, that is the reality. You know. It’s got to be votes, or they’ll ... they’ll do bugger-all. They’ll spend the money elsewhere. And they committed $42 billion for the National Broadband Network ...

Darren: It’s gone down.

David: ... so  just to say I’m going to take a percent, or 2% of that, is an easy argument to make.

Darren: And they committed a further $125M in cybersafety just after they were elected. So they have an understanding ...

David: Have they spent it yet?

Darren: There’s a number of programs in place. There was one launched on ... on Monday, down in Melbourne, the new Cybersmart Website that ACMA have put out. It’s a fabulous educational ...

David: A Website?

Darren: Yeah. But it ... they’re now putting around ... they’re now putting a campaign around to actually direct people to that site. At least they’re doing something. As I said, it’s not going to start with a bang. It’s going to be some small wins that’ll gain momentum.

Dave: What’s amazing, too, is you look at it, we talk a lot about education and awareness, but we really talk to the politicians to ... to Congress, or the Senate, or to any political group – it’s the education there too, the computer literacy that they have is astonishingly low.
It’s unbelievable at times, the conversations we’re having, and how do we educate this generation as well? Because in many cases, you know, some of us have grown up with technology, but many of the generations actually running the governments have not. And there’s a huge gap here as well. And I know in ... in a number of cases I was involved, particularly with the Cybercrime Modernisation Act, where we were trying to put forward and lobby modernisation of law in America, so that we could go after cybercriminals with the same type of prosecution as a physical crime was. And it was like pushing a boulder up a hill – they didn’t even understand the concept that we were explaining. So, so much of this awareness has to come at so many levels; and for me sometimes, the most frustrating part is just trying to educate not only government as well as consumers, but we’ve got to advance this ball; it’s critical.

David: Just quickly – Peter, who ... as an industry body, who do you go and see? In government. Who gets it, in government?

Male Speaker: Perth.

David: Look, just between ... Give your trade secrets away. Anyone ... any bureaucrats here? Nup. You’re safe.

Peter C: Look, I think that ... that is the challenge here, is just ... a few years ago, when we were making the arguments for broadband, we wrote national targets and we said, “Australia needs to be here by 2010 if we’re going to be competitive.” And the pitch was not to just Stephen Conroy, but we were trying to say that every government department ... this is going to revolutionise health; this is going to revolutionise education; this is going to revolutionise delivery of government services. I think the challenge now is, we go back to those people and say, “Alright, now we’re going to have this broadband network, we’ve got to make it secure.” Health records – critical new development now, I think this week there was an announcement that among COAG, information sharing between jurisdictions; so that if you’re travelling interstate ad you get sick, they pull up your record of wherever you go and ... and it’s all there. But that has to be secure; that data is highly confidential, and potentially very damaging. So I think we have to go back in and make the case. Attorney Generals, certainly, they get this; because there is a whole cyberwarfare component. We work with them for years on securing critical infrastructure. But it’s these outlying departments, if you like – the ones that don’t yet see themselves as having a role in IT, that have to really ... so that we get a whole-of-Cabinet view on this. It’s not just ... you know, Stephen Conroy being the champion. It’s the whole of Cabinet saying, “Yeah, you know what, this is a no-brainer.”

David: Yep.

Peter C: This will affect all of us.

David: Sorry, Peter, I cut you off before.

 

Peter S: No worries. Can I just say as well that under the Rudd government, he sanctioned a review last year for the E-Security Review, looking at e-security across government, big business, multimedia enterprise, and the consumer; and as most of you are aware, that there’s a parliamentary inquiry going on at the moment into cybercrime, headed up by Belinda Neal. So the outcomes of that will be forthcoming in the next couple of months. Also the Federal Police have received funding from the government under our ...

David: Belinda Neal’s doing it?

Peter S: Yes, correct. To her ...

David: No, that’s good. She’s tough and gets things.

Male Speaker: She’s a politician.

Peter S: The Federal Police has received funding through the E-Security National Agenda over a four-year period to start working with the intelligence community in government in trying to bring these processes together at that higher strategic level, as well as operationally to a certain degree.

David: Okay. Has it been put also to get the message through, you make consumers responsible for what they do anyhow? You know, no protection ... you know, if you stuff up, you’ve stuffed up? Is that a solution?

Peter C: One of the problems ...

David: To really focus the attention?

Peter C: David, it’s a bit like road safety. I mean, I know that we all drive around, we see these crosses on the side of the road. And they’re the people that died when someone’s made a ... but I think as human beings, this is an issue we raise at the consultative working group. We do have, as a species, an inbuilt propensity for risk that says that we’re going to engage in this behaviour, even if we know it’s risky. Until something bad happens to us. And part of the challenge and the barrier to this behavioural change that we’re talking about is this sense that we all have that, “It’s not going to happen to me”. And I think, unfortunately, one of the problems we’ve got is that until you get attacked, until your computer gets zombied, until you get your identity stolen, a lot of this is going to be theoretical. And I think that is the real challenge. We need behavioural psychologists working here with us – not just educators.

Dave: We ... we’ve created these ... these Webisodes, we call them; these, like, TV episodes on our Website. And it was all about sort-of victims. Some sort of heinous crime online, and if you watch these little shows, you would just be brought to tears in some of the cases that we’ve seen. And some of them are crazy scenarios where, you know, some sort of ... you know, paedophile scenario to kids, to some sort of situation where they’re wiped out entirely financially, to ... you know, some of the scenarios and ... it’s just amazing, the stories and things we’ve brought out.
But again, it was a vendor doing it, and not government, not necessarily other industries doing it; and we have to figure out how to do some education, and that cross on the road was a little bit of the example we tried to use to show some of the victims of this crime. It’s been hugely popular for education purposes, using medias like YouTube and Twitter to broadcast that kind of thing. But, you know, we need help.

Darren: And just with that, a vendor, a security vendor, pushing a horror story. What we’ve got to be careful on is that when we push the messages, that there’s balance in that. Law enforcement tend ... tend to push horror stories. Security vendors tend to push horror stories. And I think it’s appropriate that the risk issue and behaviour on ... behaviour online is ... is thrown up. But I also think there should be a balance, so that the good news around what technology, particularly the Net, have brought to us, is also rammed home. Because what we don’t want to do ...

David: We’re sort-of living the good news, though, aren’t we? We’re ...

Darren: Well, as long as that’s ... that’s continuing.

David: ... experiencing the good news until we get slammed.

Darren: Yeah. But what we don’t want to do is force people away from the Net. Well, Telstra sells access to it.

Brian: But by the same token, I actually think law enforcement by ... you know, providing some of the horror stories, finds the balance that areas like Telstra or wherever industry doesn’t want to talk about. I mean, everyone’s going to tell you, “Internet-secure”. The banks are going to say, “Online banking – great, no risk. Come on, give us your money, we’ll take care of it.” It’s only when ... when do you ever hear them come out and saying, “Oh, there have been so many victims”? I’ve never heard the banking industry come out and articulate how many victims in Australia have fallen victim to banking fraud. How much money is being lost? How many people have committed suicide because they’ve lost all their hard-earned monies? How many had their identification stolen? How many found out later on they had credit cards taken all over the world? How much is on the welfare system? How many are now receiving medication and ... and welfare treatment, and Medicare treatment? No one wants to talk about that. So it’s left up to law enforcement to highlight it – yeah, we do come out with some horror stories. But I tell you what, people listen to ’em. And should people be scared? They should be aware. I agree, we’ve got to find the balance; but at the moment, the only voice out there for the victim is law enforcement.

Male Speaker: Yeah, as long as there’s a balance.

David: But Dave DeWalt, you ... you come from a storage background as well. A lot of companies and consumers now outsource so much data and information to other ... other organisations, other people, picking up some of the earlier issues of ... is that a real danger as well? Are we getting the protection back there that we think we’re getting?

Dave: Oh, there’s some amazing advancements that we’ve seen, and these gentleman can talk to this for a long time. But building in and baking in security to the pipes, to the infrastructure, is critical.
Almost every telecommunications company I’ve met in the world has got clean pipes type initiatives; they’re thinking this thing through, they’re trying. But it has to be fit at the time you’re building out, like the National Broadband Network – how do we figure that out at time of investment, really critical type things to do? But we still have a long way to go; I mean, this isn’t something that’s completely solved. There’s much more work, clearly, to be done, and ... I don’t know, we’re ... we’re still in the 1.0 version.

David: Yeah. Peter Coroneos, the other thing I sometimes wonder about ... was interesting, we’ve just done some research of the Sunrise viewers. And on ... and we do it every two years; this is big research; we do ongoing research, big research. And one of the questions is, what do you do first up in the morning? And ... no, people are way too busy and short notice for that! But it is turn on the TV or the radio first, for company. Second is check their Facebook. Two years ago, when we did this research, Facebook didn’t even get in the top, or MySpace, into the top 20 of what they did in the morning. So habits are changing. But also, a lot of people wait to check their Facebook until they get to work, and use a work computer. You know, are ... are employers way too lax in allowing their staff access to the Net completely? To social networking groups, the whole lot? Is this a real security risk?

Peter C: This is an issue that has come up. I often get asked this, I think. That ... how does a business strike for balance between not locking down the system? There have actually been some interesting studies done on this. It turns out that if you forbid this kind of behaviour in the workplace, it can still happen. And in fact, can affect the productivity of the worker, in the sense that they feel that this is a punitive environment where they’re not allowed to exercise some degree of flexibility. I guess the parallel would be using the office phone in the old days, you know. There are going to be circumstances, particularly the longer working hours that people are using now, where, you know, they want to have access to the technology in the workplace as well. It really is a management question; when you boil it down, the real question is, okay, there’s a security dimension to this as well. But in terms of how you allow people to use social media in the workplace, we think the better way to do it is to have a policy that says, we are either going to permit or not permit the activity; if we do, these are the conditions under which we do it. You negotiate that with the workforce. Everyone understands the policy, and then you enforce it.

Darren: And to pick up on that point, again, from Heppell in ... in February was, instead of calling it an inappropriate use policy, we call it an effective use policy; and we actually drive it out to the staff, particularly the younger staff, who get innovation and creativity from access to these social networking sites to decide what goes into that effective use policy.

Alistair: And telling them what damage they can do if they give away corporate secrets, or ... I think I said last night, you know, a photo of David Koch with a plant ... a pot plant on his head at the Christmas party, maybe you don’t put that on, you know, your Facebook page of your colleagues, for example. So it’s about educating people back onto that thing of education about how to be safe and how not to damage the corporate using these things. But, you know, staff attention isn’t the biggest issue these days for companies; but I’d say any company that bans these technologies for sensible security reasons have greater difficulty in retaining staff.
And as I say, it’s probably not the biggest problem these days; but, you know, when things get good again, you want to make sure your staff have access – just understand how to use them.

Peter S: It’s a question of having good governance behind all of this, and monitoring your staff; but I don’t think it’s a question of going to be losing your staff, it’s about productivity. When your staff go to work, and for seven and a half hours a day – and trust me, it’s happened – someone’s playing Poker Stars, then that becomes an issue. When someone is just surfing YouTube for the latest clips on Morecombe & Wise and the like, that becomes an issue. But with good governance behind it and IT security monitoring that, I mean, you can ... and it has worked in the AFP; people have been called to task on it.

David: Gee, they must have been old – Morecombe & Wise.

Peter C: It was the one with André Previn.

David: You’ve got to be over 40 to know who they are, I think. Dave, I suppose a lot of people would be thinking, “God, can we make a dent in this at all? This is such a huge problem.” Can ... is there ever a solution to it?

Dave: Oh, there is. I mean, we’ve made a lot of progress, you know, so much in technology. We spent time today in the keynote. I mean, the technology exists today. I mean, we really feel like we’ve come a long way with technology, getting people to adopt a technology; getting them educated is the next step. And we always think of this as a people process and technology challenge, particularly with security; particularly cybersecurity. But the people in process side has lagged pretty dramatically. We talked a lot about education awareness, government, understanding the problems, consumers, corporations, understanding the problem. Technology exists largely today, and a lot of the technology is ... it’s free, in some cases to, the consumer. We have a lot of products you can just download for free. But in many cases, they don’t use it. Or they don’t know how to use it. So education becomes such a critical component to this, to really put a dent in it. It’s the next step. I think almost everybody was resonating with, one thing the government could do to help lock us all in, trying to do some education. That is the missing piece to all that is out there, in my opinion.

David: So to sum up – because we’re running at a bit of ... out of time here. If I can ... sort-of a handful of priorities, okay. Education, number one. Number two, everyone to co-operate with each other. Some sort of champion within government to make votes in this – to make a real difference. And ... and everyone just understanding their responsibilities with each other and not afraid to stick their hand up and say, “I’ve got a problem. You know, let’s analyse it and make sure it doesn’t happen again to anybody else.” Would that sort-of be the simplistic view? Oh, and bigger penalties for the ...

Brian: I would say, but we have to develop a culture that also is based on information sharing and willing to contribute beyond the scope and boundary of your normal organisation.

David: Yeah, no, that’s what I’m saying; you know, everyone’s sticking their hand up and saying, “Yep, we’ll share.”

Darren: And to pick up on that point, to ensure that the best endeavours of industry have legislative protection.

David: What do you mean by that?

Darren: Well, if we’re asked to do something to assist law enforcement – if we’re asked to do something to ensure consumers aren’t infected online, and we overstep the mark or understep the mark so something happens; if we show best endeavours to do that, it’s safe harbour legislation.

David: Is that fair enough?

Peter S: It’s about liability. Yes. I mean, if we ask Telstra to shut pipes, open pipes, take down sites, they want to be safe and secure in their mind, and their CEO, that what they have done is correct, legal, and for the proper use.

Darren: Opportunities ...

Male Speaker: Proper intention.

Darren: At the moment, under Telecommunications Act, there is ... there is some coverage. Perhaps that needs to be looked at, to be extended.

David: I found this really fascinating. I hope you have as well. Would you thank our panellists – the Peters, Brian, Alistair, Darren, and Dave, for joining us this afternoon. Hands up anyone who’s hungry? Oh, yes, I thought I could hear some stomach. Now lunch is available outside in the exhibition space. Stick around for the afternoon, and (1:00:57) three streams of breakouts, and we finish the day with the live hacking session. Not how to do it – it would just be a discussion. So it should be a great afternoon. Thank-you for having me today – enjoy the rest of the day; and once again, would you thank a terrific panel.

End of Panel Discussion.

Back to Presentations

All presentations are copyright McAfee, Inc and Sponsors as indicated and may not be further distributed without permission