In a move that could make enterprise and remotely managed electronic security solutions more secure, the Australian Strategy Policy Institute (ASPI) report “Clean pipes: Should ISPs provide a more secure internet” is calling for ISPs to do more to mitigate cybercrime’s $A17 billion annual cost.
The report explores the concept of ‘Clean Pipes’, the idea that ISPs could provide security services to customers as a level of default security that automatically blocks malicious websites and phishing links from their customers (currently Telstra is the only provider in Australia to offer this). It also calls for the Australian Government to take leadership on this issue amidst an unprecedented escalation of cyber-attacks in the country.
According to Sean Duca, vice president and regional chief security officer of Asia Pacific & Japan, Palo Alto Networks, due to the undeniable increase in threat vectors our connected world provides, simply applying protection to an attackers target – for example, a financial institution or a small business – is no longer enough.
“ISP’s can play a role in limiting an attacker’s ability to launch attacks from their networks by enabling full threat visibility and prevention in real time,” Duca said.
“While the report talks about the reputational risk to ISPs in attempting to provide default security – for example the risk of blocking legitimate websites – we are seeing a contrary trend in other regions around the world; a reputational risk for ISPs that do not provide secure services to their customer base. And in some countries, like Singapore and Malaysia, ISPs are offering preventative clean pipe solutions as a differentiated service in their market.”
“We have seen organisations across the world announce clean pipes or similar policies. However, what is critical in developing such a policy is that cyberthreats must be detected and prevented in real time. It’s crucial that ISPs in Australia should not recognise threats only after their customers have been impacted, they need to be ahead of the game.
Duca said Palo Alto welcomed ASPI’s call that the Australian Government should articulate its position on a nation-wide clean pipes policy.
“Should the Australian Government adopt such a policy, they should work with ISPs, leading Australian companies and the cybersecurity industry on what ‘good’ looks like – leaving ISPs to decide the standard is like having (school kids) mark their own homework,” he said