AusCERT helped organise and participated in an APEC Tel/OECD malware workshop hosted in Manila in April 2007. The purpose of the workshop was to inform governments of the OECD countries and the economies of the Asia Pacific region about the serious and growing problems of trying to deal with malware and particularly, its use as a tool for increasing levels of cybercrime and its impact on its victims. The workshop brought together some of the world's best experts in dealing with malware to explore with government representatives possible strategies for dealing with the problem at national and international levels.

Additionally, some of the discussion of the workshop was designed to help inform recommendations for a paper the OECD is preparing on malware for OECD government ministers.

The OECD's Working Party on Information Security and Privacy (WPISP) and APEC Tel's Security and Prosperity Steering Group (SPSG) have now released a summary of the workshop proceedings. Information about the program and presentations are available from the APEC Tel web site.

AusCERT, and other experts, have been helping the OECD's Working Party on Information Security and Privacy develop a paper exploring these issues in greater detail. While the paper itself and recommendations and outcome of the paper are yet to be finalised, AusCERT would be keen to see improvements in international law enforcement cooperation and response to this form of cybercrime; improved arrangements nationally and internationally for incident response in terms of the criteria and timeliness for shut downs of sites known to be hosting malware and other fraudulent activity and the deregistration process for fraudulent domains improved, inter alia.

For example, in the area of improving international law enforcement cooperation for cybercrime, the Council of Europe has developed the Cybercrime Convention and is encouraging countries to become signatories to the Convention. If Australia was to sign the convention, it is expected to improve the level of assistance Australian law enforcement are given by their overseas counterparts who have also signed the Convention for Cybercrime for investigations impacting Australian interests but sourced overseas.

AusCERT, of course, recognises that international cooperation in the area of cybercrime involves complex issues with many stakeholders and interests and solutions are rarely trivial. However, AusCERT also recognises that current arrangements are inadequate to effectively deal with the problem in a sustainable way, and this in itself is enabling the problem to thrive.

AusCERT's work with the Australian government, law enforcement and a variety of international government fora, is designed to help raise awareness of these issues, and seek to inform proactive policy changes to better address the problem and ultimately make doing business online better and safer for everyone.

KK