AusCert 2010: Microsoft to link critical infrastructure security agencies

Membership could stoke Aus- and Gov-CERT rivalries

Microsoft has launched a world-first global government security network to share information on vulnerabilities and exploits that affect critical infrastructure.

The Defensive Information Sharing Program, launched at AusCERT 2010, builds on the preceeding Government Security Program (GSP), and the Microsoft Security Program (MSP).

Microsoft Security Response Centre security program lead, Steve Adegbite, said the program will include all national government infrastructure owners.

"We just didn't react fast enough to the Google [China] attacks. We had this information that is violatile, and not putting it in the hands of defenders just doesn't make sense," Adegbite said.   "We will provide this information after our investigative and remediation cycle is completed to ensure that members are receiving the most current information. While this process varies from issue to issue due to the complex nature of vulnerabilities, disclosure will happen just prior to our security update release cycles.

"The program shares updates, the reasons behind them, stack traces, source code, and technical details ahead of the [patches] so entities can take rememdial action."   It includes a Critical Infrastructure Protection Program under which non-disclose agreements will be abolished to allow disparate government agencies to share information on solving security infrastructure risks. The program will also partner infrastructure agencies across the world to help them resolve similar problems.   Participants can access the network via a Microsoft web portal. It has been in development for 18 months and will be run as a year-long trial.

CERT scuffles

.

The program could inflame rivalry in the ranks of national security agencies, according to AusCERT representatives.

Membership of the program will only be extended to one national CERT, which participates in the GSP, and MSP, in a move seen to inflame what former a AusCERT official identifies as a hatred between Australia's Critical Emergency Response Teams (CERTs).

The former official said the Australian agencies AusCERT and GovCert "hate each-other", and compete for resources and responsibilities. It is understood the GovCert and AusCert have each membership to the MSP and GSP.

Scott McIntyre, security officer for the Netherlands CERT, said the program should include industry groups such as telecommunications providers, and noted that country does not have "nor wants", a national CERT agency.

Adegbite said problems will be address during the program pilot.

More about: AusCert, CERT, etwork, Google, Microsoft

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: auscert, AusCert 2010, govcert
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/20/adawarefree/

Lavasoft Ad-Aware Free

Ad-Aware Free has long been one of the most popular spyware killers on the planet, and with good reason. It's simple to use, does an ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia