[LINK] OzIT: 'CERT's role still unclear'
jwhit at melbpc.org.au
Tue May 18 09:10:49 AEST 2010
At 08:25 AM 18/05/2010, Roger Clarke wrote:
>"We rationalised carriage of those activities on the basis that
>taking action for the public good meant it was less likely our
>members would be compromised," Mr Ingram said.
>"But I do think a number of members would be pleased to see a greater
>focus on their needs. We have, in effect, contracts in place to work
>with them on their behalf, and they may well say other things in the
>national interest should be handled by government."
I don't understand how all this works, but since when has that
stopped me commenting? ;-)
Having a government CERT in DSD makes sense for national security
aspects. That requires specialist skills, lots of money, lots of
vigilence, and levels of security clearance that mere mortals don't
get without serious vetting. It also falls into international treaty
territory for information sharing and coordinated efforts to combat
those level problems.
Then there are the lesser levels of security that will also have
impact if ignored, that overlay and extend wider in the community:
business intrusions, targeted network attacks, and software flaws
come to mind, that impact consumers and business. But that is not at
the level of impact should the country itself be under attack. I
liked getting the AusCERT messages (which have stopped, btw) because
most of the time it reinforced my decision to ditch the software that
was part of the usual problem. :-) These advisories and tests do
overlap into government as part of the general milieu, but aren't the
same issues. Yes, there needs to be a helicopter view to spot the
interactions, but it doesn't need to be handled (expensively) by DSD.
Why shouldn't there be a continuance of AusCert doing what it has
done well for 15 years and letting them get on with it? The govt
seems to want to have NGO 'social service agencies' fill in the gaps
that govt can't manage to deal with, charities and such. Why are they
wanting to try to draw all the CERT stuff into one group that they
control? Sometimes having a distributed approach is useful and
spreads the ability to pick up tasks if one of the central services
is knocked off or otherwise engaged. Distributed networks is what
makes the internet work, after all.
OK, I'll stop rambling.
Melbourne, Victoria, Australia
jwhit at janwhitaker.com
Our truest response to the irrationality of the world is to paint or
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer
_ __________________ _
More information about the Link