[ISN] Feds lift security role of AusCERT

From: InfoSec News (isn@private)
Date: Mon May 29 2006 - 22:07:00 PDT


James Riley
The Australian
MAY 30, 2006  
COMPUTER security outfit AusCERT will hire additional staff after
being handed an expanded role in helping protect critical federal
government IT infrastructure.

AusCERT general manager Graham Ingram said a landmark agreement with
the Attorney-General's Department would lead to a bigger workload and
a fatter budget.

AusCERT is to provide whole-of-government security services to all
Commonwealth departments and agencies.

The agreement elevates AusCERT's role as a critical partner in the IT
component of federal national security initiatives.

Negotiated by Attorney-General's Department as part of its Critical
Infrastructure Protection program, the agreement replaces a series of
piecemeal contracts between AusCERT and individual departments.

"The agreement means a much expanded role for AusCERT, and it will
make things much clearer as to what that role is," Mr Ingram said.

Attorney-General Philip Ruddock's office has bristled at suggestions
the Government was seeking to curtail its relationship with AusCERT.  
It claimed the opposite was true.

The department had created a tiny co-ordination team called GovCERT
late last year - with one technical staff and one policy adviser - but
a spokeswoman for Mr Ruddock said AusCERT remained the main resource
for risk detection and assessment.

"The suggestion that somehow GovCERT is a threat to, or somehow
detracting from, the viability of AusCERT is simply not correct," Mr
Ruddock's spokeswoman said.

"AusCERT has been providing advice to a range of government
departments under separate contracts," she said.

"The government feels a better way of dealing with this is to have a
whole-of-government approach and to have a single agency point of
contact, and that's what we're trying to do."

Mr Ingram said AusCERT and the department had not decided if the
contents of the agreement would be made public.

The creation of GovCERT would ultimately make AusCERT's role easier by
giving it a single point of contact in government to deal with in case
of specific threats, he said.

"There are certain things that AusCERT really cannot do and would not
wish to do, and that is to co-ordinate government activity," Mr Ingram

"We can't do that. We're aiming to have GovCERT as a facilitation
point in the Australian government to allow us to work much more
effectively," he said.

Brisbane-based AusCERT employs 20 security specialists and expects to
hire more by the end of the year as a result of the deal with the
Attorney-General's Department.

AusCERT, which stands for the Australian Computer Emergency Response
Team, is a not-for-profit organisation that provides early warning and
vulnerability assessment services for private and public

The team includes personnel with high-level security clearances, and
has taken part in transnational, government-to-government cyber
security exercises such as CyberStorm earlier this year.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Mon May 29 2006 - 22:21:03 PDT