A report into cybercrime by the Australian House of Representatives Standing Committee on Communications titled, "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime," has recommended that Australians "be unable to access the Internet without having anti-virus and firewall programs installed and a virus-free machine," says a story in the Sydney Morning Herald.
The 260-plus page report goes on to state, among its 34 recommendations, that there is:
- an obligation by an Internet Service Provider (ISP) to provide basic security advice when an account is set up to assist the end user to protect themselves from hacking and malware infections;
- a mandatory obligation to inform end users when their IP address has been identified as linked to an infected machine(s);
- a clear policy on graduated access restrictions and, if necessary, disconnection until the infected machine is remediated;
- the provision of basic advice and referral for technical assistance for remediation; and
- a requirement that acceptable use policies include contractual obligations that require a subscriber to (a) install anti-virus software and firewalls before the Internet connection is activated; (b) endeavour to keep e-security software protections up to date; and (c) take reasonable steps to remediate their computer(s) when notified of suspected malware compromise.
Needless to say, the report's recommendations have sparked controversy, with some questioning the legal authority of the government to determine the terms of ISP contracts with their customers; others questioning whether only certain anti-virus software will be acceptable and who decides that; and still others questioning how corporate networks would be policed.
I'd be interested in hearing from Risk Factor readers how they would feel about not being allowed to connect to the Internet unless you have up-to-date anti-virus software installed or if you have an infected machine.
What about the feasibility of the scheme?
Finally, would you voluntarily sign up with an ISP that followed the recommendations listed above?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.