[LINK] OzIT: 'CERT's role still unclear'
Roger.Clarke at xamax.com.au
Tue May 18 08:25:50 AEST 2010
[The incompetence at the AG's Dept continues to run amok. When *is*
someone going to do a 'Fawltly Towers' job on the spook agencies??
[AusCERT's Graham Ingram provides some calm quotes at the end of this article.
[Let's hope this all eventually works out in a way that serves the
diverse security needs of government, big business, small business
CERT's role still unclear: government-owned and operated national CERT
May 18, 2010 12:00AM
AUSTRALIA'S Computer Emergency Response Team is still locked in
contract negotiations over its role, a year after the Rudd government
announced plans for a government-owned and operated national CERT.
Defence Minister John Faulkner launched CERT Australia in January,
with the opening of a Cyber Security Operations Centre in the Defence
This followed a 2009 budget allocation of $6.2 million aimed at
bringing together the expertise of AusCERT and the former GovCERT in
a cohesive partnership.
But negotiations that began in June with the University of Queensland
to provide some AusCERT services are still not resolved.
The UQ-based IT security unit, which is an independent, membership
subscription-funded not-for-profit organisation, has performed the
role of national CERT for more than 15 years.
As AusCERT opened its week-long conference and technical workshop
program this week, general manager Graham Ingram said a decision had
yet been reached on future arrangements.
"CERT Australia has indicated it's keen to buy services from us, but
the nature of these services and how they will be funded are yet to
be decided," Mr Ingram said.
"The contract is still being negotiated."
He said AusCERT was continuing to provide CERT services for
government departments and agencies under a previous membership
contract that expired in June 2008.
"This is being rolled over on an ongoing basis until we get a new
agreement in place," Mr Ingram said.
But whatever the outcome, AusCERT would continue its operations on
behalf of its members, which include most large private-sector
"We certainly see a role for both CERTs," he said.
"It's not a matter of one organisation or the other, and there has
been some confusion over what the changes mean.
"Many of our members would welcome the government taking over
responsibility for a number of public-interest issues that we have
never felt entirely comfortable about doing."
Mr Ingram said members were essentially cross-subsidising work being
done in the national interest and, if those activities were
transferred to the government body, AusCERT could devote more energy
to other priorities.
AusCERT sought funding for the public-interest workload during the
government's e-security review, but instead the new CERT Australia
"We rationalised carriage of those activities on the basis that
taking action for the public good meant it was less likely our
members would be compromised," Mr Ingram said.
"But I do think a number of members would be pleased to see a greater
focus on their needs. We have, in effect, contracts in place to work
with them on their behalf, and they may well say other things in the
national interest should be handled by government."
Karen Dearne is attending AusCERT 2010 on the Gold Coast as a guest of AusCERT
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link