He said malware that surreptitiously turns PCs into “zombies” that can be remotely directed by hackers to attack targets was “now recognised as the most pressing and concerning aspect of cyber crime to emerge in the last decade”. The measures are set to go live on December 1 but Coroneos said 78 Australian ISPs were already partly or fully compliant. “In some cases the governments are clearly condoning this behaviour, clearly benefiting from it in some ways, and there needs to be a message not just to the guys who are writing this code and shipping it around but to the government,” Dr Winter, in Sydney this week, said in a phone interview. “The sooner you can isolate infected machines and get them cleaned out and back online the better it is for the internet and for the user,” he said. “We levy sanctions on countries for terrorist issues, we levy sanctions on countries for other kinds of misbehaviour, so why not levy sanctions on countries for this kind of misbehaviour.”

Winter compared it to the sanctions in place against Iran over its efforts to develop nuclear weapons technology. “Everybody can understand a nuclear weapon is a threat; people aren’t ready to understand that bad code is a threat but it’s pretty clear that it could do massive amounts of harm.”

The call comes amid growing concerns about politically-motivated cyber attacks on “critical infrastructure” around the world, such as banks, emergency services and utilities. The Department of Defence has investigated 250 “serious, sophisticated” cyber intrusions into Australian government networks in the first eight months of this year out of 1000 total cyber incidents. Last year, there were 2400 attempted intrusions and the government is now considering designating cyberspace as a fifth domain of warfare. The IIA earlier this year met US President Barack Obama’s cyber-security coordinator, Howard Schmidt, to discuss it as a potential model for the US to adopt. Winter, who is now the CTO for security solutions provider ArcSight, is under no illusions that implementing his idea to block countries from the internet would be an “enormously complex task”, as the kind of international authorities required to make it work have yet to be designed. Winter compared the approach to that taken in the public health arena, whereby quarantines and other restrictive processes are used to deal with highly infectious diseases. “If you look at all these kinds of shared environments whether it’s health or health care, air travel or even the use of highways – we get certain privileges in exchange for accepting certain liabilities and responsibilities.”

In June, a year-long parliamentary cyber-crime inquiry called on the ISP industry to go a step beyond quarantining infected machines. Security companies regularly finger countries in Eastern Europe and Africa as being havens for cyber criminals and spawning much of the internet security threats affecting internet users worldwide. In the first instance the ISP may simply send a letter to the user informing them that their computer is infected and showing them how to clean it up. Even global superpowers like China have been accused of sponsoring hackers to attack Western internet companies including Google. Winter said that when countries are consistently introducing cyber threats the global community should band together to effectively shut them out of the internet until their governments do something about it. IIA chief executive Peter Coroneos said “temporary quarantining” of Australians from the internet was just one measure built into the code that ISPs could adopt. A global survey released this week by Symantec found half of all companies running critical infrastructure systems worldwide say they have sustained politically motivated attacks. It recommended contractual obligations requiring people to install anti-virus and firewall programs on their computers in order to access the internet. But he said the Internet Industry Association’s moves to quarantine Australian internet users until they clean up their computers was a “tremendously important step” that should be adopted in other countries like the US. “Once your machine is compromised and it becomes an incubating ground for botnets and various other kinds of malware then it’s in everybody’s interest to get it cleaned up, and so a certain forcing function is necessary,” said Winter.
This is due to formally come into effect on December 1. While applauding this idea, Dr Prescott Winter, who left the NSA in February after a 27-year career there, including as its CTO, said governments and internet providers around the world could go a step further and target the source of many of the threats.. The Australian ISP industry is already one of the first in the world to develop an industry code that would see some infected Australian users effectively unable to access the open internet until they clean their computer of malware. Countries in Eastern Europe and Africa that harbour cyber criminals should be locked out of the global internet until their governments do something to reduce the threats, the former chief technology officer at the US National Security Agency says.

Advertisement: Story continues below