[LINK] CERT Australia high risk strategy
foconnor at ozemail.com.au
Tue Jun 15 13:37:32 EST 2010
Who you gonna trust?
My experience is that it takes the government some time to get things
right - especially things IT. And in many IT instances, they never
get it right - look at the ongoing IT debacles in many government
agencies (Tax, CentreLink, Health etc).
I'd guess that many will think likewise, and that AusCERT has a bright future.
Wish I could say the same for the government's IT security advice
infrastructure and CERT Australia. :)
Still, they'll have their excuses ready, and it's not like anyone
will be held responsible for any catastrophic CERT Australia
At 9:21 AM +1000 15/6/10, Tom Worthington wrote:
>As explained by the Prime Minister in a speech at ANU, 28 May 2010, the
>Australian Government will now be relying on the the Attorney General's
>Department "Computer Emergency Response Team Australia" (CERT Australia
>for cyber security information and advice: <http://www.pm.gov.au/node/6784>.
>The Australian Government previously helped fund the not-for-profit,
>non-government AusCERT, based at the University of Queensland:
>The ability of CERT Australia to provide authoritative advice is
>unproven and its ability to provide independent advice unclear. This
>change therefore represents a high risk strategy for protecting
>Australia's cyber infrastructure.
>AusCERT advised that some government services, such as the National
>Information Technology Alert Service and National IT Incident Reporting
>Scheme, would be discontinued in February 29010:
>However, some services funded by government agencies, such as Stay Smart
>Online Alert Service, funded by the Department of Broadband,
>Communications and the Digital Economy, would continue:
>AusCERT intends to continue to offer subscription services to
>non-government and government organisations:
>According to a media report, federal agencies using their own CERT
>service will result in a loss to AusCERT of $250,000 in annual
>However, an IT professional managing operations at a medium to large
>federal government agency is likely to consider it is prudent to pay for
>an AusCERT subscription, even though they can get free advice from the
>government's CERT Australia. In the event of a major security breech
>resulting in loss of life, economic loss or sensitive information loss,
>the responsible professional may have to explain to a court why they
>failed to take sufficient steps to protect the public. That a non-expert
>told them they did not need independent IT security advice, even if that
>person is the Prime Minister, would not make a strong defence.
>Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 0419496150
>PO Box 13, Belconnen ACT 2617, Australia http://www.tomw.net.au
>Link mailing list
>Link at mailman.anu.edu.au
More information about the Link