AusCERT threatened by anti-cyberterrorism plans

AusCERT threatened by anti-cyberterrorism plans

Summary: The future of the Australian Computer Emergency Response Team (AusCERT) is uncertain after the government implemented plans to create a national computer emergency readiness team (GovCERT) to deal with cyberterrorism attacks.GovCERT was set up earlier this year to prepare for an attack on Australia's critical IT infrastructure.

The future of the Australian Computer Emergency Response Team (AusCERT) is uncertain after the government implemented plans to create a national computer emergency readiness team (GovCERT) to deal with cyberterrorism attacks.

GovCERT was set up earlier this year to prepare for an attack on Australia's critical IT infrastructure. According to the Attorney General's office in Canberra, GovCERT is designed to fill a gap between the government's internal security team and AusCERT, an independent, not-for-profit organisation which provides computer incident prevention, response and mitigation, a national alert service and an incident reporting scheme to member companies.

However, Graham Ingram, director of AusCERT, has warned that GovCERT's role should be restricted to planning and coordinating actions in case of an attack and not duplicate or interfere with the functionality of AusCERT.

"From what I know [GovCERT] has a focused requirement -- coordinating infrastructure response on information issues for the government, which is not what AusCERT is about or a space we wish to be in," said Ingram.

Ingram said Australia lacked a plan of action to deal with a cyber-terrorism incident.

"If a bomb went off, we have a national counter-terrorism plan, which is practiced and everyone's roles and functions are predetermined. We don't have a national cyber response plan -- if something happened tomorrow, nobody has a clue who does what. My personal view is that this an area where Australia is lacking and if that is where the government can put some effort or resources I would see that as a productive outcome," said Ingram.

Ingram is concerned that GovCERT will drain public money by creating an organisation that will attempt to duplicate AusCERT's role.

"As it stands the level of support from the government is miniscule but they want to up that. I would much prefer they put more effort into supporting AusCERT because you cannot duplicate it. If AusCERT didn't exist, the cost to the government would be estimated at somewhere between AU$5 million and AU$10 million a year... They would like to offer us about AU$700,000," said Ingram.

"The wise move is to support AusCERT because the costs of not doing it are enormous," added Ingram.

Security experts are concerned about the GovCERT/AusCERT standoff because they believe the risk of a major 'incident' is increasing.

Andy Lake, director of partners at e-mail security firm MessageLabs, warned that there have already been signs that a serious attack is on its way: "Over the last year we have seen a rise in targeted attacks but their motivations have tended to be commercial. That sort of cyberattack is definitely on the rise and we fully expect to see it in Australia, maybe this year."

Neil Campbell, national security manager of IT services company Dimension Data, agreed the risks are increasing.

"There have been a few instances of sabotage that you could technically call terrorism but I am not aware of us having suffered a cyber-terrorism incident -- but that doesn't mean we won't," said Campbell.

Messagelabs' Lake said that if Australia suffered a cyberattack, most people would immediately look to AusCERT for advice.

"We have a lot of faith in AusCERT. Up till GovCERT we would have looked to AusCERT and been confident that they could do something," said Lake.

James Turner, security analyst at Frost & Sullivan Australia, said that there is a need for both an independent and government controlled CERT and there are no reasons why both cannot work together.

"The government needs a body that is government controlled -- for international intelligence. How likely is it that the US will stroll into AusCERT and say they have just picked up certain information? They are not because they are going to want to give it to a government organisation,' said Turner.

Turner believes that the introduction of GovCERT is a natural evolution and will help better protect Australia.

"The nature of AusCERT is going to change but that is just business. There will be overlap between them but that is just part of security - you need resiliency. If the people creating GovCERT are thinking about it, there will be quite a nice harmony," said Turner.

Dimension Data's Campbell said that regardless of how the government handles the GovCERT and AusCERT saga, it will be criticised.

"If you say there are not going to be any cyberterrorism incidents and there are, and you were not prepared for them, you are in trouble. If you spend too much money protecting against an unlikely threat, have you done the worst thing in the world?

"Hindsight is going to be a harsh judge. You are damned if you do and damned if you don't -- I'd rather be damned for doing it," added Campbell.

Topics: AUSCERT, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • The creation of GovCERT had been mooted for many years. AusCERT shouldn't pretend to be surprised by its evolution.

    Hopefully GovCERT will also be more useful to its members than AusCERT is to its own subscribers.

    AusCERT sometimes seems to be little more than an annual conference organiser. Oh, I forgot, it also sends out an occassional email alert too, that re-packages alert information everyone already knows about anyhow.

    No wonder govt agencies wanted to set up GovCERT. They needed something seriously useful, and which could also be directly integrated into a structured online security monitoring and management framework.