The Federal Government has abandoned plans to appoint a dedicated cyber security tsar to protect Australia's national information infrastructure (NII), but is moving ahead with plans to implement a national reporting scheme to monitor security breaches within Australia's top 100 companies.
Details of the reporting scheme and other recommendations developed at a meeting of the business-government taskforce established to safeguard Australia's critical infrastructure will be released this week.
Speaking exclusively to Computerworld, the Attorney General's Department NII senior adviser Michael Rothery said the reporting scheme will be in place by July and has the full support of the private sector.
More than 90 per cent of Australia's critical infrastructure is privately owned and includes information systems necessary to support essential services such as banking, finance, telecommunications, transport, power and water supplies.
Rothery said there was little private sector support for a dedicated security tsar, because there were fewer than 100 companies safeguarding Australia's critical infrastructure and they preferred to liaise directly with the Attorney General's department.
"They did not want to import a model from overseas, they wanted a framework with an Australian flavour. We are too small to have a full-time cyber tsar unlike the US which has to deal with IT security issues on a much larger scale with broader geographic reach," he said.
However, the reporting scheme will not just apply to Australia's top companies. Rothery said the role of Auscert (Australian Computer Emergency Response Team) will be strengthened to provide a reporting scheme for companies outside of the essential services sector.
Auscert currently provides a subscription service for security alerts, but Rothery said new services will be introduced free of charge and support offered to encourage companies to report breaches so threats -- and how they specifically impact Australia -- can be measured.
He supported proposals to introduce "rewards" to stimulate private sector support including tax breaks for IT security spending.
"To establish IT security standards the Government is also considering a tick system; companies that meet a set of guidelines or principles receive an accredited tick, but we have to examine the cost overhead for compliance," Rothery said.
Report recommendations will be available at www.cript.gov.au