[LINK] CERT Australia high risk strategy

Tom Koltai tomk at unwired.com.au
Tue Jun 15 20:20:09 AEST 2010 

I have but one thought on the topic...... (Ergo my Top Posting....)

Cringe.


> -----Original Message-----
> From: link-bounces at mailman1.anu.edu.au 
> [mailto:link-bounces at mailman1.anu.edu.au] On Behalf Of Frank O'Connor
> Sent: Tuesday, 15 June 2010 1:38 PM
> To: Tom Worthington
> Cc: Link list
> Subject: Re: [LINK] CERT Australia high risk strategy
> 
> 
> Mmmmm,
> 
> Who you gonna trust?
> 
> My experience is that it takes the government some time to get things 
> right - especially things IT. And in many IT instances, they never 
> get it right - look at the ongoing IT debacles in many government 
> agencies (Tax, CentreLink, Health etc).
> 
> I'd guess that many will think likewise, and that AusCERT has 
> a bright future.
> 
> Wish I could say the same for the government's IT security advice 
> infrastructure and CERT Australia.     :)
> 
> Still, they'll have their excuses ready, and it's not like anyone 
> will be held responsible for any catastrophic CERT Australia 
> failures.        :)
> 
> 				Regards,
> ---
> At 9:21 AM +1000 15/6/10, Tom Worthington wrote:
> >As explained by the Prime Minister in a speech at ANU, 28 
> May 2010, the 
> >Australian Government will now be relying on the the 
> Attorney General's 
> >Department "Computer Emergency Response Team Australia" 
> (CERT Australia 
> >for cyber security information and advice: 
> ><http://www.pm.gov.au/node/6784>.
> >
> >The Australian Government previously helped fund the not-for-profit, 
> >non-government AusCERT, based at the University of Queensland: 
> ><http://www.auscert.org.au/render.html?it=1959>.
> >
> >The ability of CERT Australia to provide authoritative advice is 
> >unproven and its ability to provide independent advice unclear. This 
> >change therefore represents a high risk strategy for protecting 
> >Australia's cyber infrastructure.
> >
> >AusCERT advised that some government services, such as the National 
> >Information Technology Alert Service and National IT 
> Incident Reporting 
> >Scheme, would be discontinued in February 29010: 
> ><http://www.auscert.org.au/render.html?it=12453>.
> >
> >However, some services funded by government agencies, such as Stay 
> >Smart Online Alert Service, funded by the Department of Broadband, 
> >Communications and the Digital Economy, would continue: 
> ><https://www.ssoalertservice.net.au/user/?action=register>.
> >
> >AusCERT intends to continue to offer subscription services to 
> >non-government and government organisations: 
> ><https://www.auscert.org.au/1924>.
> >
> >According to a media report, federal agencies using their own CERT 
> >service will result in a loss to AusCERT of $250,000 in annual
> >subscriptions: 
> ><http://www.theregister.co.uk/2010/06/10/aus_cyberdefence_strategy/>.
> >
> >However, an IT professional managing operations at a medium to large 
> >federal government agency is likely to consider it is prudent to pay 
> >for an AusCERT subscription, even though they can get free 
> advice from 
> >the government's CERT Australia. In the event of a major security 
> >breech resulting in loss of life, economic loss or sensitive 
> >information loss, the responsible professional may have to 
> explain to a 
> >court why they failed to take sufficient steps to protect 
> the public. 
> >That a non-expert told them they did not need independent IT 
> security 
> >advice, even if that person is the Prime Minister, would not make a 
> >strong defence.
> >
> >
> >--
> >Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 
> 0419496150 
> >PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
> >
> >
> >_______________________________________________
> >Link mailing list
> >Link at mailman.anu.edu.au 
> http://mailman.anu.edu.au/mailman/listinfo/lin> k
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au 
> http://mailman.anu.edu.au/mailman/listinfo/lin> k
>

More information about the Link mailing list