Overview of the Australian Internet Security Initiative
The Australian Internet Security Initiative (AISI) is an ACMA program helping to reduce malicious software (malware) infections and service vulnerabilities occurring on Australian internet protocol (IP) address ranges. It operates as a public-private partnership in which Australian internet providers voluntarily participate to help protect their customers from cyber security threats.
Malware infections enable cyber criminals to steal personal and sensitive information from infected computing devices and control them remotely for illegal or harmful purposes, without the knowledge of the device user. These ‘compromised’ devices are often aggregated into large groups, known as 'botnets', which can undertake activities causing harm to other internet users; including the mass distribution of spam, hosting of phishing sites, distributed denial of service (DDoS) attacks on websites and the facilitation of identity theft.
Through the AISI, daily email reports are provided to internet providers identifying IP addresses on their networks observed as being malware infected or potentially vulnerable to malicious exploits. Internet providers are encouraged to use the AISI data to identify and inform affected customers about their malware infection or service vulnerability, including providing advice to infected customers on how they can fix the compromise or remedy the open or vulnerable service.
The malware infection and service vulnerability data used in the AISI is provided by organisations seeking to enhance the security of the Internet, including Microsoft, the Spamhaus Project and the Shadowserver Foundation. This data is independently assessed by the ACMA before it is included in the AISI program. AISI data is constantly updated as new infections, threats and vulnerabilities emerge.
Current AISI members
The AISI commenced in November 2005 and has progressively expanded since that time. As of 13 January 2017, the AISI has 149 members, which include 131 predominantly internet service providers (ISPs) and 18 educational institutions. View the current list of AISI Members.
The internet providers participating in the AISI are estimated to cover more than 95 per cent of Australian residential internet users. Through their voluntary participation, these providers help raise security levels on Australian IP address ranges, thereby reducing costs for all internet providers and users.
The AISI and the Communications Alliance iCode
In August 2014, the Communications Alliance published the Industry Code – C6 50:2014 – iCode – Internet Service Providers Voluntary Code of Practice for Industry Self-Regulation in the Area of Cyber Security (replacing the 2010 Internet Industry Association iCode). The iCode aims to promote a security culture among the internet industry by reducing the number of compromised computing devices in Australia. It is designed to provide a consistent approach for Australian ISPs to help inform, educate and protect their customers against cyber security risks.
The iCode encourages all Australian ISPs to participate in the AISI and to take steps to respond to AISI reports. The iCode is available on the Comms Alliance website.
What do Internet Providers need to do to participate in the AISI?
You are eligible to participate in the AISI if you have assigned Australian IP address ranges and are solely responsible for the management of these ranges. If you would like to participate in the AISI, please send an email to email@example.com with the following information:
- the IP address ranges associated with your network (preferably in CIDR format)
- your Autonomous System Number (ASN)—if applicable
- an email address to send the daily AISI email reports to (ideally a generic email address rather than an individual email address)
- a direct contact number(s) and email address to discuss AISI operational matters
- the name by which you want your company to be listed on the ACMA website.
The AISI malware and service vulnerability data is also available through the AISI portal, where the daily AISI reports can be downloaded as an alternative to receiving these by email. The portal also provides historical and more comprehensive data than provided in the daily AISI reports, and a granular search capability. If you wish to access the AISI portal for data relating to your network IP ranges, please advise the ACMA of this when you request to participate in the AISI.
Botnets and criminal activity
It is illegal for any person or organisation to remotely use and control another person's computer without their knowledge or consent. Under the Criminal Code 1995 criminal penalties apply in the following circumstances:
- Unauthorised access and modification of data via a carriage service. For example, accessing another person's computer to install a bot. Penalty—a two-year maximum prison sentence.
- Unauthorised modification of data via a carriage service. For example, installing a bot on another person's computer. Penalty—a 10-year maximum prison sentence.
- Possession of data with intent to commit a computer offence. For example, possession of bot binaries and exploiting tools or installers. Penalty—a three-year maximum prison sentence.
- Producing, distribution or obtaining data with intent to commit a computer offence. For example, writing a bot code or selling a bot code. Penalty—a three-year maximum prison sentence.
Consumers can directly report such alleged misuse through the Australian Cybercrime Online Reporting Network (ACORN).