Hacking or virus attacks within companies will continue to go unreported following industry opposition that forced the Federal Government to abandon plans to introduce reporting mechanisms.
Plans to establish an information database to protect Australia's national infrastructure were canvassed last year as more than 90 per cent of the country's major services such as airports, banks and electricity providers are under the custodianship of the private sector.
Tom Dale, National Office of the Information Economy (NOIE) general manager of legal and regulatory issues, said no agreement could be reached with industry for centralised reporting of security attacks and the plan "will not go ahead".
"There are no incentives for industry to participate in such a scheme; however, a framework for the development of information sharing is another matter," he said.
As reported in Computerworld (July 10, 2000 p3), Peter Coroneos, Internet Industry Association executive director, said the database would quantify security threats to business and government and a working party was being developed to include Australia's top 20 companies.
Creation of an e-security coordination group followed, chaired by NOIE, to take a strategic approach to security issues.
A member of the coordination group Ajoy Ghosh, Unisys e-security architecture director, said industry refused to participate in a compulsory reporting scheme unless it was an opt-in arrangement.
Ghosh said cyber-risk insurers were opposed to any reporting measures and industry was maintaining its support for a light touch regulatory approach by Government.
This approach is in contrast to the US where the Senate is examining "carefully crafted" legislation forcing companies to report information about their systems and fixes in the event of a cyber attack.
Bob Bennett, Senate high tech task force officer, said exemptions to the Freedom of Information Act (FOIA) are under consideration to reach a new level of communication and trust between government and industry to protection the national infrastructure.
"The old practice of a government official casually telling industry they should be more vigilant because of suspicious activity just won't do," he said.