Date: 23 November 2009
Click here for printable version
Australian government announces new national CERT arrangements for Australia on budget night
In a media release on budget night, Tuesday, 12 May 2009 the Australian government Attorney-General, The Hon Robert McClelland MP, announced that:
Recognising the Australian community's increasing reliance on information and communications technology in all aspects of life, the Commonwealth will provide $8.8 million on e-security, to bring together Australia’s existing computer emergency response arrangements under a new national Computer Emergency Response Team (CERT).
The new national CERT, to be created in collaboration with AusCERT, will provide a single point of contact for e-security information for all Australians and Australian businesses.
It will also ensure Australian internet users have access to information on cyber threats, vulnerabilities in their systems and information on how to better protect their information technology environment.
On 23 November 2009, Australian government announced that it will call the new national CERT, CERT Australia.
The purpose of this statement is to clarify how this decision affects AusCERT and its existing members and relationships within the CERT and information security communities nationally and internationally.
- What arrangements have been made between the Australian government and AusCERT with regard to the new national CERT role?
AusCERT/the University of Queensland has agreed to assist the Australian government by providing some of the required “national CERT” services to it under contract. Contract discussions are currently underway.
- What national CERT services will AusCERT provide under contract?
The exact nature of the services to be provided is still be negotiated, however, it is likely to include a range of technical security bulletins about computer threats and vulnerabilities.
- Will AusCERT receive $8.8 million to provide national CERT services?
No. This is a budgetary allocation to the Attorney-General’s Department and not a representation of any arrangements between AusCERT and the Attorney-General’s Department.
- What is AusCERT’s view about the new arrangements?
AusCERT regards the funding of the national CERT role by the Australian government as a positive outcome which will provide greater access to information about computer threats and vulnerabilities to all Australians. Also, it will provide AusCERT the opportunity to develop new services and capabilities in its own right to help improve cyber security within Australian more generally.
AusCERT will continue as an active player in the global computer emergency response and information security community and is committed to improving cyber security by providing assistance nationally and internationally.
- When will the new arrangements come into effect?
The exact timing is yet to be agreed, however it is likely to be within 12 months of finalising a contract agreement, possibly around July 2010.
- My organisation is an existing AusCERT member, how will this affect us?
AusCERT will continue to provide services, including bulletins and incident response coordination, to all its members. Once the new national CERT arrangements come into effect, it is expected that the technical security bulletins currently produced by AusCERT will be freely available to all Australian interests. In the meantime, AusCERT will look to develop a range of new premium services which may be of potential interest to existing and new members.
- Who should I contact about national CERT matters now?
AusCERT has performed the role of Australia’s national CERT for several years. Until the new arrangements are in place, AusCERT will continue to provide national CERT services to Australian and overseas interests. When the new arrangements are in place, AusCERT, in collaboration with the Australian government, will continue to support this role under contract arrangements.
- Will the new arrangements change AusCERT or the way AusCERT operates?
No. AusCERT will remain an independent, self-funded and not-for-profit organisation based at the University of Queensland. Some of the arrangements for the national CERT role are likely to change and these will be worked out with the Australian government. However, AusCERT will continue to provide services to its members and overseas contacts including within the international computer security community, which includes other CERTs, IT and IT security vendors and expert volunteer groups.
Nick Tate Director ITS and AusCERT