[LINK] CERT Australia high risk strategy

Frank O'Connor foconnor at ozemail.com.au
Tue Jun 15 13:37:32 AEST 2010 

Mmmmm,

Who you gonna trust?

My experience is that it takes the government some time to get things 
right - especially things IT. And in many IT instances, they never 
get it right - look at the ongoing IT debacles in many government 
agencies (Tax, CentreLink, Health etc).

I'd guess that many will think likewise, and that AusCERT has a bright future.

Wish I could say the same for the government's IT security advice 
infrastructure and CERT Australia.     :)

Still, they'll have their excuses ready, and it's not like anyone 
will be held responsible for any catastrophic CERT Australia 
failures.        :)

				Regards,
---
At 9:21 AM +1000 15/6/10, Tom Worthington wrote:
>As explained by the Prime Minister in a speech at ANU, 28 May 2010, the
>Australian Government will now be relying on the the Attorney General's
>Department "Computer Emergency Response Team Australia" (CERT Australia
>for cyber security information and advice: <http://www.pm.gov.au/node/6784>.
>
>The Australian Government previously helped fund the not-for-profit,
>non-government AusCERT, based at the University of Queensland:
><http://www.auscert.org.au/render.html?it=1959>.
>
>The ability of CERT Australia to provide authoritative advice is
>unproven and its ability to provide independent advice unclear. This
>change therefore represents a high risk strategy for protecting
>Australia's cyber infrastructure.
>
>AusCERT advised that some government services, such as the National
>Information Technology Alert Service and National IT Incident Reporting
>Scheme, would be discontinued in February 29010:
><http://www.auscert.org.au/render.html?it=12453>.
>
>However, some services funded by government agencies, such as Stay Smart
>Online Alert Service, funded by the Department of Broadband,
>Communications and the Digital Economy, would continue:
><https://www.ssoalertservice.net.au/user/?action=register>.
>
>AusCERT intends to continue to offer subscription services to
>non-government and government organisations:
><https://www.auscert.org.au/1924>.
>
>According to a media report, federal agencies using their own CERT
>service will result in a loss to AusCERT of $250,000 in annual
>subscriptions:
><http://www.theregister.co.uk/2010/06/10/aus_cyberdefence_strategy/>.
>
>However, an IT professional managing operations at a medium to large
>federal government agency is likely to consider it is prudent to pay for
>an AusCERT subscription, even though they can get free advice from the
>government's CERT Australia. In the event of a major security breech
>resulting in loss of life, economic loss or sensitive information loss,
>the responsible professional may have to explain to a court why they
>failed to take sufficient steps to protect the public. That a non-expert
>told them they did not need independent IT security advice, even if that
>person is the Prime Minister, would not make a strong defence.
>
>
>--
>Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 0419496150
>PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
>
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list