The Federal Government has kicked off a new cyber security strategy with the creation of an emergency response team previously announced in May, called CERT Australia.
The new team is set to commence operations in January and will work with the Cyber Security Operations Centre (CSOC) set up as part of the Defence White Paper earlier in the year.
This initiative is one of the recommendations coming out of the E-Security Review 2008 which led to the Government pledging $100 million in funding over four years to strengthen Australia’s national security framework. In May, when the CERT Australia team was announced, the Federal Government said it would spend $8.8 million on its creation.
In a statement, Attorney-General Robert McClelland said the Cyber Security Strategy would formalise the "roles, responsibilities and policies of Australian intelligence, cyber and policing agencies to protect Australian internet users".
“CERT Australia will work with other national CERTs around the world, the IT industry and Australian internet service providers to help network operators to identify and respond to cyber security incidents,” McClelland said.
The new CERT Australia will work with the existing AusCERT, which is run as an independent, not-for-profit organisation at The University of Queensland and has provided security services such as those under the Federal Government's Stay Smart Online program.
The Cyber Security Strategy will have a focus on: Education and awareness; best practice; partnering with business; maintaining the legal framework to prosecute cyber crime; promoting a skilled cyber security workforce; and improving the analysis and response to threats.
The announcement follows on from several high-profile cyber security reports in recent months including the Australian Security Intelligence Organisation (ASIO) confirming that Internet-based attacks have been used by hostile intelligence services to gain confidential Australian Government and business information.
Additionally, earlier in July, a botnet comprised of about 50,000 infected computers waged a war against US government Web sites and caused headaches for businesses in the US and South Korea.
While the E-Security Review 2008 and its subsequent developments with additional funding to the Australian Federal Police and the setting up of CERT Australia have focused on defensive measures, the CSOC, which has already gained operational capabilities, is able to provide cyber warfare support to the Australian Defence Forces.
However, as the details on what kind of capabilities and what governance and oversight mechanisms are in place for these offensive capabilities is unclear, analysts and academics have called for greater transparency to ensure support is gathered from the public.