http://www.zdnet.com.au/news/security/soa/AusCERT_threatened_by_anti_cyberterrorism_plans/0,2000061744,39203240,00.htm By Munir Kotadia ZDNet Australia 20 July 2005 The future of the Australian Computer Emergency Response Team (AusCERT) is uncertain after the government implemented plans to create a national computer emergency readiness team (GovCERT) to deal with cyberterrorism attacks. GovCERT was set up earlier this year to prepare for an attack on Australia's critical IT infrastructure. According to the Attorney General's office in Canberra, GovCERT is designed to fill a gap between the government's internal security team and AusCERT, an independent, not-for-profit organisation which provides computer incident prevention, response and mitigation, a national alert service and an incident reporting scheme to member companies. However, Graham Ingram, director of AusCERT, has warned that GovCERT's role should be restricted to planning and coordinating actions in case of an attack and not duplicate or interfere with the functionality of AusCERT. "From what I know [GovCERT] has a focused requirement -- coordinating infrastructure response on information issues for the government, which is not what AusCERT is about or a space we wish to be in," said Ingram. Ingram said Australia lacked a plan of action to deal with a cyber-terrorism incident. "If a bomb went off, we have a national counter-terrorism plan, which is practiced and everyone's roles and functions are predetermined. We don't have a national cyber response plan -- if something happened tomorrow, nobody has a clue who does what. My personal view is that this an area where Australia is lacking and if that is where the government can put some effort or resources I would see that as a productive outcome," said Ingram. Ingram is concerned that GovCERT will drain public money by creating an organisation that will attempt to duplicate AusCERT's role. "As it stands the level of support from the government is miniscule but they want to up that. I would much prefer they put more effort into supporting AusCERT because you cannot duplicate it. If AusCERT didn't exist, the cost to the government would be estimated at somewhere between AU$5 million and AU$10 million a year… They would like to offer us about AU$700,000," said Ingram. "The wise move is to support AusCERT because the costs of not doing it are enormous," added Ingram. Security experts are concerned about the GovCERT/AusCERT standoff because they believe the risk of a major 'incident' is increasing. Andy Lake, director of partners at e-mail security firm MessageLabs, warned that there have already been signs that a serious attack is on its way: "Over the last year we have seen a rise in targeted attacks but their motivations have tended to be commercial. That sort of cyberattack is definitely on the rise and we fully expect to see it in Australia, maybe this year." Neil Campbell, national security manager of IT services company Dimension Data, agreed the risks are increasing. "There have been a few instances of sabotage that you could technically call terrorism but I am not aware of us having suffered a cyber-terrorism incident -- but that doesn't mean we won't," said Campbell. Messagelabs' Lake said that if Australia suffered a cyberattack, most people would immediately look to AusCERT for advice. "We have a lot of faith in AusCERT. Up till GovCERT we would have looked to AusCERT and been confident that they could do something," said Lake. James Turner, security analyst at Frost & Sullivan Australia, said that there is a need for both an independent and government controlled CERT and there are no reasons why both cannot work together. "The government needs a body that is government controlled -- for international intelligence. How likely is it that the US will stroll into AusCERT and say they have just picked up certain information? They are not because they are going to want to give it to a government organisation,' said Turner. Turner believes that the introduction of GovCERT is a natural evolution and will help better protect Australia. "The nature of AusCERT is going to change but that is just business. There will be overlap between them but that is just part of security – you need resiliency. If the people creating GovCERT are thinking about it, there will be quite a nice harmony," said Turner. Dimension Data's Campbell said that regardless of how the government handles the GovCERT and AusCERT saga, it will be criticised. "If you say there are not going to be any cyberterrorism incidents and there are, and you were not prepared for them, you are in trouble. If you spend too much money protecting against an unlikely threat, have you done the worst thing in the world? "Hindsight is going to be a harsh judge. You are damned if you do and damned if you don't -- I'd rather be damned for doing it," added Campbell. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 21 2005 - 00:48:30 PDT