Gov’t goes it alone on security reporting scheme

In its latest move to protect critical infrastructure, the Australian federal government yesterday launched a secure Web site to report information security attacks, but the initiative has raised the ire of Australia’s Computer Emergency Response Team (AusCert) which has spent the last two years establishing a national reporting and alert system with a broad membership base.

Developed jointly by the Defense Signals Directorate (DSD) and the National Office of the Information Economy (NOIE), the ‘Onsecure’ Web site is for the exclusive use of commonwealth agencies whereas the AusCert national reporting scheme is used by both the business community and government.

Explaining how the two reporting mechanisms will work in parallel with each other, NOIE Chief Executive Officer John Rimmer said the aim of Onsecure is to respond more quickly to security threats and replaces the current system of reporting which utilizes snail mail and fax.

Rimmer said the current system managed by DSD and known as Isidras had mandatory protocols in place for government agencies to report security incidents but OnSecure was necessary to make it easier and faster to respond to hacking attempts, denial of service attacks or other information security breaches.

“It will also help the DSD to analyze incident reports more quickly and effectively, to identify any developing patterns and to assess the resulting threat level,” Rimmer said.

AusCert’s reporting scheme, which relies on government funding, is also used to analyze data and provide a measure for national threat levels.

Although AusCert data is currently shared with government, Rimmer said the government was seeking more data of its own.

He also admitted that the establishment of Onsecure will lead to “dual reporting” for commonwealth security professionals.

AusCert general manager Graham Ingram said Onsecure was developed with “little or no input” from the emergency response team with the reporting scheme it has developed over the past two years already including commonwealth agencies with whole of government agreements with four Australian states. Ingram said it will be difficult to develop a ‘national picture assessment’ of security threats if there are separate data pools for government reporting with information collected by separate reporting schemes.

As a result, Ingram will liaize with government to ensure information-sharing continues so data is not fractured and all reporting mechanisms operate in tandem.

“This information is important for analysis to ensure we have a clear understanding of threat levels and that includes government, business and the wider community,” he said.

“AusCert has a significant government membership base as they rely on our alerts, advisories and vulnerability information, but dual reporting is a concern because it’s tough getting organizations to report at all.”

OnSecure also has a public site, www.onsecure.gov.au, which makes information security resource material available to the general public and is funded through the government’s allocation of A$24.9 million (US$17.7 million) over four years in the 2002-03 budget for the e-security national agenda strategy.

As part of this strategy, the government allocated additional funding to NOIE, the DSD, the Australian Federal Police, the Australian Security Intelligence Organization and the Attorney-General’s Department to develop systems to protect, detect and respond to any attacks directed against Australia’s national information infrastructure.

The national information infrastructure includes the electronic systems underpinning critical services such as telecommunications, transport and distribution, energy and utilities, and the banking and finance sectors.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now