IAA Newsletters

Well, that was an action-packed month, wasn’t it! We started by catching up with pals at AusNOG, went on to launch our shiny new portal, and ended with a very real reminder about the importance of strong data security and privacy. The ongoing car crash that is the Optus data breach just keeps me glued to the coverage.

We may never find out the exact truth of what happened at Optus, but sadly it is entirely too credible that somebody, somewhere, allowed an unauthenticated API access to a very sweet honeypot from an unsecured network. I think we can all imagine the slippery slope of decision making that happened to enable this. It would have started with someone needing to build extensions on the database that holds the customer information, then someone needing to access it via an API, and then someone needing remote access to the API to change the colour scheme on something that used it, and hang it, this is just easier if I do this without credentials cos debugging is hard. Or some such. Which someone, somewhere, had authority (but not all the information) to allow… Err yeah. No. It really shouldn’t happen.

At the core of this is the question of why years old customer data still existed in this database, and why such important identifying information is even held at all. While people keep telling me the requirement sits in the credit management regulation and data retention legislation, it really does not seem justified, and nor does it seem reasonable that actual records such as passport, driver’s licence and medicare numbers are retained. The stern reminder for us as operators is that we need to examine the data we keep, why we keep it, and ensure our systems and processes for retaining it, managing it and removing it are sound: both at the technology and human levels. It also reminds us we need to have our data breach notification plans ready, and appropriate to the storm of excrement that will come down if it gets out. What should and would we do to make good to our customers if data were to leak?

On top of this sits how the government will react to the relatively low fines that sit within the Australian privacy legislation, especially when compared with the European GDPR. It has already flagged changes to the various cybersecurity obligations. It is certainly an area we will watch with some concern, both for over-regulation and to provide assistance to members in compliance when it inevitably appears (see our new paper on the Asset Register compliance, for an example).

As consumers, we also must push back on handing this data over in the first place, and sadly a lot of us will have to go through the hideous process of dealing with our own data that has, or simply may have, leaked in this breach. For some people, the ramifications of their home address leaking can be utterly serious indeed.

On that note, I will assure you all that we have looked very carefully at the data model we hold for our own portal, and the security model in place. I have also commissioned a separate security review to ensure best practice. We don’t retain any credit card information, and we certainly don’t want your medicare number.

In the coming month, we will have the WA-IX anniversary and our AGM, with some fantastic speakers and representatives coming from our early WAIA membership. The IAA team have also been working solidly towards producing this year’s annual report, and I am glad to see interest already in the event and in the board election. I hope to see you there.

All the best

Narelle Clark

After all the effort the team has put in, we are just bursting to launch our new portal. As with any software project, there is more we want to do, but the critical piece has just been to turn it into a robust system on a platform that is modular, extensible and – yes – one we can support into the future. The old one really has had its day, so we’re really looking forward to pulling the proverbial plug on it! Nick and Kyle have really put their hearts and souls into this, and the rest of the team, led by Tanz, have had us all (and I mean all!) grinding our way through relentless interface and system testing. While I’m sure something is bound to surprise us, we are very confident that the system will be ready for our September soft launch date and comms have just gone out to that effect. I’m sure you’ll all love the fresh new look, conveniently located useful tools, and a few long-needed features. All we ask is that you please be patient as we bed it down, and you get used to things being in different places. All feedback is genuinely welcome, and we are also putting in place a solid feature request system that will allow both the users and the IAA team to prioritise updates and changes.

I’m also pleased to announce we’re taking the plunge to 400Gbps ethernet switching. That’s another massive achievement from the team: completing exhaustive interoperability testing with our existing platform, configuring, misconfiguring and generally trying hard to push things to their limits! Of course, the current supply chain joys mean those of you desperate to cut over to 400Gbps interconnects with your nearest IX will have to wait a month or few, but rest assured our congestion management practices are strong and as soon as we can pop the new core into place, we will. In the mean time we’ll keep adding 100G links… and NSW-IX will be the first. We’ve chosen Arista as it offered the best performance of all the vendors we tested, with all the right acronyms in all the right places, frames and packets in order, yes sirree!

And that was the month, really… well actually, no. The tech team made the news with a case study published by one of our vendors – apparently we aren’t the only ones proud of such a neat design! We had a great online event on the topic of lawful interception, and even had a last-minute panellist join from one of the Agencies. We spent two days locked in a room reviewing the latest NBN Special Access Undertaking proposal, and we’re very keen to hear member thoughts on that topic. Amongst others, we’ve also dashed off another submission to Treasury who want to massively increase the fines (up to 30% of revenue) for telcos acting anti-competitively, noting the ridiculously short consultation window and that these fines could also apply more broadly under the Australian Consumer Law. Just what we need, eh?

I’d also like to extend a big thank you to Spectrum Networks for giving us the extra space we needed in Sydney’s Global Switch. While now at an end, we do appreciate the hospitality we’ve had for what must be nearly a decade of service. Members are the life blood of our organisation, and those that act generously in the spirit of industry co-operation allow us to expand cost effectively, or test out new sites for viability without burning the budget. You really are the gems that make our industry sparkle! IAA operates on a blend of commercial and donated services, all in the spirit of making the Internet better, and we are all better for it. Thanks again, Spectrum Networks!

See you all at AusNOG folks, and don’t forget to say ‘Hi!’ to our latest IAA Systers.

Narelle