Federal Government unveils a new CERT

Suspends CNVA program.

The Federal Government has unveiled a new point of contact for cyber-security issues in Australia.

CERT Australia, announced last night by Attorney General Robert McClelland, would combine existing CERT arrangements under the one organisation.

The CERT, which would be created using $8.8 million worth of funding announced in May, would be set-up as one of the recommendations from the E-Security Review 2008.

The government has also suspended funding for the Computer Network Vulnerability Assessment (CNVA) program.

The CNVA program, which was run by existing CERT GovCERT.au, assisted organisations that owned or managed critical infrastructure. It had nine rounds of "dollar-for-dollar" funding which helped government and businesses test the security of their computer networks and systems.

"Due to other priority work involved in setting up CERT Australia within the Australian Government, the CNVA Program will be suspended until further notice," the Attorney General web site stated as of last night.

"The Program is likely to be re-activated in the future, however no decision has been made on timing."

Privately-run AusCERT, which considers itself "the primary Australian contact for dealing with Internet security threats and vulnerabilities affecting Australian interests" was unavailable for comment today.

AusCERT already provides technical security advisories to the Federal Government, among other clients. In a media statement in May, AusCERT said it would "look to develop a range of new premium services" should the Government start providing such advisories for free.

In September, AusCERT general manager Graham Ingram, sat before a Cybercrime Inquiry and was asked if a Commonwealth take over of the organisation would be better for Australia.

Ingram disagreed with the idea, stating that he didn't like the idea of bureaucrats running it.

"I would like to see the idea of a partnership with government [because] a takeover would not be a good outcome because we have twenty people who are literally geeks who do this stuff really well," he said.

"If you replace those twenty people with twenty policy bureaucrats I don't think you're going to have an outcome [where] you're going to be increasing our capacity to do the job. But again, I think that's probably the taxpayer who needs to make that judgement in terms of investment well met."

What do you think? Should the Government run Australia's CERT or should it be run by private organisations?