CERT Australia Announced
Good luck to the AGD team with CERT Australia. Further reports:
- Australian IT mentions the role of AusCERT in this.
- AusCERT’s press release here.
*** Should have included this also in original post: http://www.ag.gov.au/cybersecurity
For those attending the AISA National Annual Seminar Day; David Campbell, (Director Australian Government Computer Emergency Readiness Team) will be talking about the new CERT. Should be an interesting presentation.
———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.
November 27th, 2009 at 8:56 am
Funding. Funding. Funding. Integration. Commercial. Overlay.
a) get the *global* wise men and women of infosec (quorum required) I will provide a list if required..
b) send them around the country (AU) for 2 months to telcos and large enterprises like secret squirrel ninjas
c) Get them to write a short, succinct paper that will stand the test of time e.g. information management.. same challenges for centuries
d) build capabilities in to the NBN from the start!
e) go v6 and focus on endpoint security, self-describing data and intelligent packets
f) create zones/channels and enclaves around the country
You can’t stop the signal Mel. Transparency, visibility, auditability. Cannot enforce the policy = no policy.
November 27th, 2009 at 9:17 am
I had a chance to meet with the GovCERT guys now CERT Australia and I hope to talk with them again soon. They do seem committed to change and improvement and time will tell. I suppose they need a new starting point (new Governments, new ministers, changes..staff etc).
Starting point with an announcement and hopefully some substance to follow. It will be nice to marry up initiatives vs submissions received for the E-Security strategy but acknowledging a detailed level of data could be hard given the number of submissions. I hope there is substance and that they won’t shy away from making tougher calls. Hate to lose progress at the expense of misguided programs like the Internet filtering. Just my thoughts.
From my perspective, am waiting now to see some detail. Maintaining momentum, they’ll need to do that sooner rather than later.
You raise some good points…it will be interesting to see how many are covered in the “detail”.
DD
November 27th, 2009 at 11:24 pm
Drazen, wasn’t it initially stated that GovCERT/CERT Australia was only going to serve government agencies. From my reading of this release it seems they have supplanted the role previously retained by AusCERT. AusCERT’s statement of they are offering “complementary” services seems to be a rather pisspoor consolation.
Why the need for this change unless AusCERT were failing to fulfil their stated purpose?
What is the value add by having the government fulfil this role that couldn’t be achieved by AusCERT?
I have real concerns about the dilution of our national capability in this area which has been decades in the making.
- J.
November 28th, 2009 at 4:35 pm
Pretty much it Jay I reckon.
My thoughts on AusCert are out there so I’m probably not the best person to comment I suppose? I do qualify that each time and here that I know relatively little about AusCert and most people in the industry I know are in the same boat. They may well kill it with the clients they have but from a broader industry perspective, just aren’t doing it in my opinion. Thus the reason for CERT Australia?
The AISA presentation this week should be interesting.
DD