[ISN] AusCERT threatened by anti-cyberterrorism plans

From: InfoSec News (isn@private)
Date: Thu Jul 21 2005 - 00:32:25 PDT


http://www.zdnet.com.au/news/security/soa/AusCERT_threatened_by_anti_cyberterrorism_plans/0,2000061744,39203240,00.htm

By Munir Kotadia
ZDNet Australia 
20 July 2005 

The future of the Australian Computer Emergency Response Team
(AusCERT) is uncertain after the government implemented plans to
create a national computer emergency readiness team (GovCERT) to deal
with cyberterrorism attacks.

GovCERT was set up earlier this year to prepare for an attack on
Australia's critical IT infrastructure. According to the Attorney
General's office in Canberra, GovCERT is designed to fill a gap
between the government's internal security team and AusCERT, an
independent, not-for-profit organisation which provides computer
incident prevention, response and mitigation, a national alert service
and an incident reporting scheme to member companies.

However, Graham Ingram, director of AusCERT, has warned that GovCERT's
role should be restricted to planning and coordinating actions in case
of an attack and not duplicate or interfere with the functionality of
AusCERT.

"From what I know [GovCERT] has a focused requirement -- coordinating
infrastructure response on information issues for the government,
which is not what AusCERT is about or a space we wish to be in," said
Ingram.

Ingram said Australia lacked a plan of action to deal with a
cyber-terrorism incident.

"If a bomb went off, we have a national counter-terrorism plan, which
is practiced and everyone's roles and functions are predetermined. We
don't have a national cyber response plan -- if something happened
tomorrow, nobody has a clue who does what. My personal view is that
this an area where Australia is lacking and if that is where the
government can put some effort or resources I would see that as a
productive outcome," said Ingram.

Ingram is concerned that GovCERT will drain public money by creating
an organisation that will attempt to duplicate AusCERT's role.

"As it stands the level of support from the government is miniscule
but they want to up that. I would much prefer they put more effort
into supporting AusCERT because you cannot duplicate it. If AusCERT
didn't exist, the cost to the government would be estimated at
somewhere between AU$5 million and AU$10 million a year… They would
like to offer us about AU$700,000," said Ingram.

"The wise move is to support AusCERT because the costs of not doing it
are enormous," added Ingram.

Security experts are concerned about the GovCERT/AusCERT standoff
because they believe the risk of a major 'incident' is increasing.

Andy Lake, director of partners at e-mail security firm MessageLabs,
warned that there have already been signs that a serious attack is on
its way: "Over the last year we have seen a rise in targeted attacks
but their motivations have tended to be commercial. That sort of
cyberattack is definitely on the rise and we fully expect to see it in
Australia, maybe this year."

Neil Campbell, national security manager of IT services company
Dimension Data, agreed the risks are increasing.

"There have been a few instances of sabotage that you could
technically call terrorism but I am not aware of us having suffered a
cyber-terrorism incident -- but that doesn't mean we won't," said
Campbell.

Messagelabs' Lake said that if Australia suffered a cyberattack, most
people would immediately look to AusCERT for advice.

"We have a lot of faith in AusCERT. Up till GovCERT we would have
looked to AusCERT and been confident that they could do something,"  
said Lake.

James Turner, security analyst at Frost & Sullivan Australia, said
that there is a need for both an independent and government controlled
CERT and there are no reasons why both cannot work together.

"The government needs a body that is government controlled -- for
international intelligence. How likely is it that the US will stroll
into AusCERT and say they have just picked up certain information?  
They are not because they are going to want to give it to a government
organisation,' said Turner.

Turner believes that the introduction of GovCERT is a natural
evolution and will help better protect Australia.

"The nature of AusCERT is going to change but that is just business.  
There will be overlap between them but that is just part of security –
you need resiliency. If the people creating GovCERT are thinking about
it, there will be quite a nice harmony," said Turner.

Dimension Data's Campbell said that regardless of how the government
handles the GovCERT and AusCERT saga, it will be criticised.

"If you say there are not going to be any cyberterrorism incidents and
there are, and you were not prepared for them, you are in trouble. If
you spend too much money protecting against an unlikely threat, have
you done the worst thing in the world?

"Hindsight is going to be a harsh judge. You are damned if you do and
damned if you don't -- I'd rather be damned for doing it," added
Campbell.



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jul 21 2005 - 00:48:30 PDT