Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Govt goes it alone on security reporting scheme

In its latest move to protect critical infrastructure, the federal government yesterday launched a secure Web site to report information security attacks, but the initiative has raised the ire of Australia's Computer Emergency Response Team (AusCert) which has spent the last two years establishing a national reporting and alert system with a broad membership base.

Developed jointly by the Defence Signals Directorate (DSD) and the National Office of the Information Economy (NOIE), the 'Onsecure' Web site is for the exclusive use of commonwealth agencies whereas the AusCert national reporting scheme is used by both the business community and government.

Explaining how the two reporting mechanisms will work in parallel with each other, NOIE CEO John Rimmer said the aim of Onsecure is to respond more quickly to security threats and replaces the current system of reporting which utilises snail mail and fax.

Rimmer said the current system managed by DSD and known as Isidras had mandatory protocols in place for government agencies to report security incidents but OnSecure was necessary to make it easier and faster to respond to hacking attempts, denial of service attacks or other information security breaches.

"It will also help the DSD to analyse incident reports more quickly and effectively, to identify any developing patterns and to assess the resulting threat level," Rimmer said.

AusCert's reporting scheme, which relies on government funding, is also used to analyse data and provide a measure for national threat levels.

Although AusCert data is currently shared with government, Rimmer said the government was seeking more data of its own.

He also admitted that the establishment of Onsecure will lead to "dual reporting" for commonwealth security professionals.

AusCert general manager Graham Ingram said Onsecure was developed with "little or no input" from the emergency response team with the reporting scheme it has developed over the past two years already including commonwealth agencies with whole of government agreements with four Australian states.

Ingram said it will be difficult to develop a 'national picture assessment' of security threats if there are separate data pools for government reporting with information collected by separate reporting schemes.

As a result, Ingram will liaise with government to ensure information-sharing continues so data is not fractured and all reporting mechanisms operate in tandem.

"This information is important for analysis to ensure we have a clear understanding of threat levels and that includes government, business and the wider community," he said.

"AusCert has a significant government membership base as they rely on our alerts, advisories and vulnerability information, but dual reporting is a concern because it's tough getting organisations to report at all."

OnSecure also has a public site, www.onsecure.gov.au, which makes information security resource material available to the general public and is funded through the government's allocation of $24.9 million over four years in the 2002-03 budget for the e-security national agenda strategy.

As part of this strategy, the government allocated additional funding to NOIE, the DSD, the Australian Federal Police, the Australian Security Intelligence Organisation and the Attorney-General’s Department to develop systems to protect, detect and respond to any attacks directed against Australia’s national information infrastructure.

The national information infrastructure includes the electronic systems underpinning critical services such as telecommunications, transport and distribution, energy and utilities, and the banking and finance sectors.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Attorney-General, AusCert, Australian Federal Police, Australia's Computer Emergency Response Team, Computer Emergency Response Team, e-Security, Federal Police, NOIE, Tandem

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
  • Keeping up With Ever-Expanding Enterprise Data - 2010 IOUG Database Growth Survey
    A majority of respondents report having performance and budget issues due to exponential data growth. Those companies with the highest rates of data growth, in fact, are eight times more likely than slow-growth sites to be seeing significant increases in their storage budgets. New processes and tools are needed to help organizations take control of the massive volumes of information now moving through their systems. The IOUG survey looked at approaches being taken by organizations to manage their growing data stores, and what still needs to be done.
    Learn more »
  • HP Imaging and Printing Services
    According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments