Responsibility for the Australian Internet Security Initiative (AISI) has shifted been from the Australian Communications and Media Authority to CERT Australia from 1 July.
The AISI launched in late 2014 as a program to notify Australian Internet service providers of malicious activity taking place within the IP address ranges they manage. The program sends daily notifications to ISPs that potentially reveal malware infections and botnet activity among customers.
The data is drawn from a range of sources, including Microsoft, the Spamhaus Project and the Shadowserver Foundation.
The government’s review of the ACMA, released in 2016, recommended that the organisation’s cybersecurity programs “where appropriate, be transferred, along with staff and funding, to the Attorney-General’s Department”.
CERT Australia sits within the department.
The review assessed both the AISI and the ACMA’s Phishing Alert Service.
“The Review ... considers there is scope to increase the effectiveness of these initiatives by linking them more closely with Commonwealth Government initiatives with similar objectives,” the report stated.
The report said that in relation to the Phishing Alert Service and the ACMA’s spam public awareness website, it “notes that its operation is closely linked to spam reports received by the ACMA that arise from its regulatory responsibility for the Spam Act”.
“The case for transferring these specifc functions should be further investigated as part of the implementation of this recommendation,” the report stated.
“While we are proud of the ACMA’s important contribution to Australia’s cyber security framework for more than a decade, the transition is an exciting development as the AISI will be now be housed with similar programs and expertise,” said ACMA’s acting chairperson, James Cameron.
“We expect an ongoing close relationship with the CERT, particularly for the ACMA’s work regulating unsolicited communications, including commercial spam.”