Roles and responsibilities in the Australian IT security landscape are in confusion following the formation of yet another official IT security organisation.
GovCert, the federal government's latest IT security progeny has created a national "computer emergency readiness team". Part of the critical infrastructure protection branch of the Attorney General's department, it will test existing incident response, harm minimisation, law enforcement and recovery arrangements for critical IT infrastructure.
However, just how or if the new organisation will work with self-funded IT security service provider, the Australian Computer Emergency Response Team (AusCert) remains unclear, with relations between the two security shops more cordial than friendly.
So far no one is saying whose idea it was to create a new organisation which uses the same base acronym but different words to an existing organisation.
Managing director of AusCert, Graham Ingram, said his organisation is still defining whether GovCert will have a relationship with AusCert, and on what terms.
"At this stage we are still talking to the commonwealth government about the relationship between AusCert and GovCert," Ingram said.
"There is a requirement for GovCert in the sense that critical issues will be addressed at government level, which AusCert is not well placed to do. "We have clear indications that the Commonwealth government is eager to support AusCert in its current role."
Asked if GovCert risked duplicating some of AusCert's functions, Ingram admitted his organisation was "not exactly popping champagne" over the new name - but denied relations were strained.
A statement provided to Computerworld by the Attorney General's Department, says GovCert will work with the Defence Signals Directorate (DSD), ASIO, the Australian Federal Police, the Protective Security Coordination Centre - as well as AusCert.
A spokesperson from the Attorney General's department said GovCert "is not an operational response agency, but one of planning and testing and will complement" both AusCert and the Defence Signals Directorate.
IDC security analyst Megan Dahlgren said AusCert's work in Australia is as important to Australia as the Standards Board, which provides minimum IT security standards.
"Everyone can benefit from the work of AusCert without paying for it its advice gives an organisation the ability to run and manage themselves," Dahlgren said.
Dahlgren added AusCert's cost recovery funding model was valuable because it provided a view independent of the commercial objectives of vendors.
AusCert member and IT solutions firm Melbourne IT says there is room for both government and industry-related emergency response or readiness teams.
Melbourne IT's CTO, Bruce Tonkin, said AusCert represents a local branch of an international security network.
"There is room for both AusCert - which is industry orientated - and GovCert which is government orientated and would exchange information with other governments on terrorist threats, which would use some of the vulnerabilities identified in postings from AusCert," Tonkins said.
Tonkin added the arrangement would work best if AusCert handled the "how" of IT security threat while GovCert pursued the "who".
Australia's IT securocracy
- AFP - Australian Federal Police
- AHTCC - Australian High Tech Crime Centre
- ASIO - Australian Security Intelligence Organisation
- AusCert - Australian Computer Emergency Response Team
- CIAC - Critical Infrastructure Advisory Council
- DIO - Defence Intelligence Organization
- DSD - Defence Signals Directorate
- DSTO - Defence Science and Technology Organisation
- EAG - Expert Advisory Group
- GovCert - Australian Government Computer Emergency Readiness Team
- IAAG - Infrastructure Assurance Advisory Groups
- ITSEAG - IT Security Advisory Group
- SETU - Science Engineering and Technology Unit for Counter-Terrorism
- TISN - Trusted Information Sharing Network