[LINK] OzIT: 'CERT's role still unclear'

Jan Whitaker jwhit at melbpc.org.au
Tue May 18 09:10:49 AEST 2010 

At 08:25 AM 18/05/2010, Roger Clarke wrote:
>"We rationalised carriage of those activities on the basis that
>taking action for the public good meant it was less likely our
>members would be compromised," Mr Ingram said.
>
>"But I do think a number of members would be pleased to see a greater
>focus on their needs. We have, in effect, contracts in place to work
>with them on their behalf, and they may well say other things in the
>national interest should be handled by government."

I don't understand how all this works, but since when has that 
stopped me commenting? ;-)

Having a government CERT in DSD makes sense for national security 
aspects. That requires specialist skills, lots of money, lots of 
vigilence, and levels of security clearance that mere mortals don't 
get without serious vetting. It also falls into international treaty 
territory for information sharing and coordinated efforts to combat 
those level problems.

Then there are the lesser levels of security that will also have 
impact if ignored, that overlay and extend wider in the community: 
business intrusions, targeted network attacks, and software flaws 
come to mind, that impact consumers and business. But that is not at 
the level of impact should the country itself be under attack. I 
liked getting the AusCERT messages (which have stopped, btw) because 
most of the time it reinforced my decision to ditch the software that 
was part of the usual problem. :-) These advisories and tests do 
overlap into government as part of the general milieu, but aren't the 
same issues. Yes, there needs to be a helicopter view to spot the 
interactions, but it doesn't need to be handled (expensively) by DSD.

Why shouldn't there be a continuance of AusCert doing what it has 
done well for 15 years and letting them get on with it? The govt 
seems to want to have NGO 'social service agencies' fill in the gaps 
that govt can't manage to deal with, charities and such. Why are they 
wanting to try to draw all the CERT stuff into one group that they 
control? Sometimes having a distributed approach is useful and 
spreads the ability to pick up tasks if one of the central services 
is knocked off or otherwise engaged. Distributed networks is what 
makes the internet work, after all.

OK, I'll stop rambling.

Jan



Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _

More information about the Link mailing list