In a move likely to cause more pained winces in Canberra, Symantec's global CEO and chairman John Thompson and vice president of security response, Art Wong have called on the Federal Government to create the position of an Australian cyber security tsar.
Ostensibly in town to promote Symantec's new integrated 'single view' security integration products -- Symantec Security Management System (SSMS) and Symantec Incident Management System (SIMS) -- the dynamic duo wasted no time in telling assembled media that Australia needed to get its act together on the cyber security front.
"We probably need many, many cyber tsars, people that have the same or similar mission to make sure that the critical infrastructure of Australia or [any other country] is protected," Thompson said, adding that serious attacks were rarely confined to a single country.
In a later interview, Symantec's Art Wong (who was founder of SecurityFocus), continued the tub-thumping for a cyber tsar, saying that although Australia was taking information security threats seriously, we could still do better: "Australia would certainly benefit from [getting a cyber tsar], it's a means of being aware of the problem in your country and being able to strategise and coordinate activities in one country amongst different organisations, be it government or private industry. That sort of coordination is really necessary to combat the threat we are seeing right now. There is always more that can be done. I would go so far as to say it is required and necessary," Wong said.
He also placed heavy emphasis on "foreign" threats emerging as a critical factor with attacks becoming increasingly sophisticated, with former communist countries still providing plenty of headaches: "In Eastern European regions there's a lot of skill level in terms of security knowledge, intelligence and counter intelligence and those resources are now being used for other activities. I don't know if they can be attributed to [foreign governments], but we can attribute them to the state of the economy, some political motivation and people who are finding themselves out of a job because of military cutbacks," he said. He added that, so far, there had been no " activity worth mentioning" emerging from the Middle East or known terrorist organisations in the way of cyber attacks.
Government remains polite but cool
Australian Federal Government reaction to Symantec's foray into policy making was politely cool. Mike Rothery, senior adviser for national information infrastructure at the Attorney General's Department, told Computerworld that while the American model of a "one-stop shop" for cyber security worked well for them, the Australian taxpayer will be spared the cost of yet another security directorate. "It doesn't come across as a very attractive option for us, because there are very different ranges of considerations. All they are doing, to a certain extent, is echoing what is coming out of the US. The US outreach strategy for cyber security includes the creation of single points of contact or cyber tsars. We know that and that's actually part of the US strategy. We don't necessarily agree with that," Rothery said.
"The US is coming up with a particular model to sell to economies that, perhaps, haven't got an active public policy program in this space - and we have. The American message is for those governments that are just starting to wrangle with forming a public policy view on e-security. We are not bothered by that message, but neither do we think that that message is applicable to Australia," he continued.
Recommendations on Australia's national infrastructure initiatives are currently being assessed by Federal Cabinet.