[LINK] OzIT: GovCERT favoured over AusCERT
Roger.Clarke at xamax.com.au
Tue Apr 14 12:29:24 AEST 2009
[AusCERT left out in the cold?]
National security resources opened up to business
The Australian IT Section
April 14, 2009
THE federal Government plans to massively boost technology defences
in the private sector by sharing intelligence and security agency
secrets with business owners.
Three key sectors -- finance, utilities and telecommunications --
will share sensitive information under an exchange structure to be
managed by GovCERT, the government computer emergency readiness team.
For the first time, businesses will have access to expertise and
resources available in organisations such as the Defence Signals
Directorate and ASIO.
Closer dealings between private and public organisations are central
to e-security arrangements expected to be announced shortly.
An Attorney-General's Department spokesman said that further outcomes
of last year's E-Security Review were under consideration, "in the
context of broader national security issues".
"The security of the Government's own systems is a high priority as
these store information about Australians as well as classified
information," he said.
GovCERT is responsible for advising on technology security issues in
Australia, liaising with foreign government agencies, preparing for
threats and responding to them.
The spokesman said greater engagement with the private sector would
build on partnerships forged in the Trusted Information Sharing
Network since 2003.
"In particular, the three new information exchanges will enable
businesses and government agencies to share specific technical
information quickly, and in a trusted manner," he said.
"They will also encourage the sharing of sensitive information
between companies to help us all to better understand the threats and
to allow rapid response to cyber-incidents."
However, AusCERT -- which provides critical emergency response
support to organisations on a fee-for-service basis -- had been
hoping it would be granted sustainable funding for its operations.
Part of the University of Queensland, AusCERT wants to offer its
expertise to a broader range of online users and become the national
IT security triage and co-ordination centre.
"AusCERT has a long-standing history and reputation of helping to
protect internet security here and abroad," it told the e-security
review last year.
It would be "counter-productive" to require GovCERT to replicate
services and resources already provided by the non-profit
"Building a basic national CERT capability would be a costly exercise
and would take at least two to three years," AusCERT said.
"We have developed the experience and level of trust required to
perform these functions over 15 years of operation."
Internet service providers can expect a larger role in e-security,
with the review recommending the introduction of a code of practice
"The code will be developed in collaboration with ISPs and will set
out the minimum expectation of ISPs to contribute to online security
for all users," the spokesman said.
The Smith Review of Homeland and Border Security, released in
December, finds that governments, businesses and individuals are
increasingly vulnerable to electronic attack.
"The Commonwealth has a special role to play in this area, given its
high-level capabilities in e-security and the cross-jurisdictional
nature of the threat," review author Ric Smith said.
"It is, however, difficult to quantify the magnitude of the problem
and the potential economic and social consequences, particularly of a
large-scale cyber attack."
Last year the World Economic Forum estimated there was a 10-20 per
cent probability of a major critical information infrastructure
meltdown in the next 10 years, with a potential global cost of $US250
The European Commission has warned that electronic attacks "have
risen to an unprecedented level of sophistication", most notably in
the recent assaults on Estonia, Lithuania and Georgia.
It identified the need for "shared responsibility, as no single
stakeholder has the means to ensure the security and resilience of
all ICT infrastructures and to carry all the related
The EC is contemplating regulations to oblige network owners and
service providers to strengthen security, guarantee continuity of
supply and report breaches.
The Australian Industry Group said "improved levels of national
e-security will increase competitiveness and productivity, and
generate new markets and products".
It noted that investment would be needed to overcome "the fragility
of key digital economy assets on which governments and industry
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link