[LINK] OzIT: 'CERT's role still unclear'

[Roger Clarke]

[The incompetence at the AG's Dept continues to run amok.  When *is* 
someone going to do a 'Fawltly Towers' job on the spook agencies??

[AusCERT's Graham Ingram provides some calm quotes at the end of this article.

[Let's hope this all eventually works out in a way that serves the 
diverse security needs of government, big business, small business 
*and* consumers.


CERT's role still unclear:  government-owned and operated national CERT
Karen Dearne
The Australian
May 18, 2010 12:00AM
http://www.theaustralian.com.au/australian-it/certs-role-still-unclear-government-owned-and-operated-national-cert/story-e6frgakx-1225867906806

AUSTRALIA'S Computer Emergency Response Team is still locked in 
contract negotiations over its role, a year after the Rudd government 
announced plans for a government-owned and operated national CERT.

Defence Minister John Faulkner launched CERT Australia in January, 
with the opening of a Cyber Security Operations Centre in the Defence 
Signals Directorate.

This followed a 2009 budget allocation of $6.2 million aimed at 
bringing together the expertise of AusCERT and the former GovCERT in 
a cohesive partnership.

But negotiations that began in June with the University of Queensland 
to provide some AusCERT services are still not resolved.

The UQ-based IT security unit, which is an independent, membership 
subscription-funded not-for-profit organisation, has performed the 
role of national CERT for more than 15 years.

As AusCERT opened its week-long conference and technical workshop 
program this week, general manager Graham Ingram said a decision had 
yet been reached on future arrangements.

"CERT Australia has indicated it's keen to buy services from us, but 
the nature of these services and how they will be funded are yet to 
be decided," Mr Ingram said.

"The contract is still being negotiated."

He said AusCERT was continuing to provide CERT services for 
government departments and agencies under a previous membership 
contract that expired in June 2008.

"This is being rolled over on an ongoing basis until we get a new 
agreement in place," Mr Ingram said.

But whatever the outcome, AusCERT would continue its operations on 
behalf of its members, which include most large private-sector 
organisations.

"We certainly see a role for both CERTs," he said.

"It's not a matter of one organisation or the other, and there has 
been some confusion over what the changes mean.

"Many of our members would welcome the government taking over 
responsibility for a number of public-interest issues that we have 
never felt entirely comfortable about doing."

Mr Ingram said members were essentially cross-subsidising work being 
done in the national interest and, if those activities were 
transferred to the government body, AusCERT could devote more energy 
to other priorities.

AusCERT sought funding for the public-interest workload during the 
government's e-security review, but instead the new CERT Australia 
was proposed.

"We rationalised carriage of those activities on the basis that 
taking action for the public good meant it was less likely our 
members would be compromised," Mr Ingram said.

"But I do think a number of members would be pleased to see a greater 
focus on their needs. We have, in effect, contracts in place to work 
with them on their behalf, and they may well say other things in the 
national interest should be handled by government."


Karen Dearne is attending AusCERT 2010 on the Gold Coast as a guest of AusCERT


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University