[LINK] CERT Australia high risk strategy

Tom Worthington tom.worthington at tomw.net.au
Tue Jun 15 09:21:14 AEST 2010


As explained by the Prime Minister in a speech at ANU, 28 May 2010, the
Australian Government will now be relying on the the Attorney General's
Department "Computer Emergency Response Team Australia" (CERT Australia 
for cyber security information and advice: <http://www.pm.gov.au/node/6784>.

The Australian Government previously helped fund the not-for-profit,
non-government AusCERT, based at the University of Queensland:
<http://www.auscert.org.au/render.html?it=1959>.

The ability of CERT Australia to provide authoritative advice is
unproven and its ability to provide independent advice unclear. This
change therefore represents a high risk strategy for protecting
Australia's cyber infrastructure.

AusCERT advised that some government services, such as the National
Information Technology Alert Service and National IT Incident Reporting
Scheme, would be discontinued in February 29010:
<http://www.auscert.org.au/render.html?it=12453>.

However, some services funded by government agencies, such as Stay Smart
Online Alert Service, funded by the Department of Broadband,
Communications and the Digital Economy, would continue:
<https://www.ssoalertservice.net.au/user/?action=register>.

AusCERT intends to continue to offer subscription services to
non-government and government organisations:
<https://www.auscert.org.au/1924>.

According to a media report, federal agencies using their own CERT 
service will result in a loss to AusCERT of $250,000 in annual 
subscriptions:
<http://www.theregister.co.uk/2010/06/10/aus_cyberdefence_strategy/>.

However, an IT professional managing operations at a medium to large
federal government agency is likely to consider it is prudent to pay for 
an AusCERT subscription, even though they can get free advice from the
government's CERT Australia. In the event of a major security breech
resulting in loss of life, economic loss or sensitive information loss,
the responsible professional may have to explain to a court why they
failed to take sufficient steps to protect the public. That a non-expert
told them they did not need independent IT security advice, even if that
person is the Prime Minister, would not make a strong defence.


-- 
Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 0419496150
PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au





More information about the Link mailing list