Defence policies were standing in the way of Australian anti-fraud and corruption investigators knitting together their systems in a private cloud by the end of 2012, the lead agency behind the online initiative said.
Anti-money-laundering and counter-terrorism regulator Austrac was spearheading the push that included the Australian Crime Commission, Customs, Federal Police and other agencies to collect sensitive taxpayer data in a shared online repository by the end of next year. But Defence department intransigence to soften its Information Security Manual to be less “prescriptive” and more “risk-based” stood in the way, said Austrac chief information officer Trevor Clunne.
Defence prevented agencies from hosting data classified as protected by government standards – equivalent to the confidential class in the national security system – in shared environments. Taxpayer and bank data held by Austrac fell into this category because its release could threaten public security.
The agencies are meeting in workshops to beat out plans for the private cloud to host data in a co-location data centre.
Clunne hoped to convince Defence to certify the private cloud during its review period as soon as possible.
“We need sign-off by Defence, which we hope to get. I want this to work because it reduces spend of tax payer dollars,” said Clunne, a former technology chief at Vodafone and Virgin.
“It is difficult to comply with the information security manual and go to the cloud. The classified data is subject to very strict security rules.”
If Defence does not soften its stance, the agencies will “remain followers rather than leaders”, he said.
Austrac works with banks and government agencies to crack down on terrorism funding networks and money laundering it estimated will top $4.5 billion this year.
Clunne would also exploit the “big data” concept – tools and processes to handle massive amounts of data – with analytics systems to catch fraudsters by sifting through identity databases in the private cloud.
“Dirty money” was estimated to cost 5 percent of funds handled by Austrac. International data did not exist because countries were reticent or unable to provide figures, Clunne said.
In 2009 to 2010, Austrac data provided by 3700 agencies leads to $272 million in revised tax assessments from a review of 1141 cases and $7.22 million in revised Centrelink data from a review of 1238 cases.
Clunne said regulating emerging financial sectors was “like playing whack-a-mole because you close one loop hole that may go elsewhere”.
He said Australia was a leader in anti-money laundering and its IT systems and operations were supplied to sister agencies in the US and Canada.
Austrac has improved its systems, such as by using an extensible markup language risk-reporting mechanism favoured by big banks but found onerous by smaller institutions. And this year it will trial a search and analysis suite to improve data mining with 35 agencies this year.
In January, Austrac proposed a system where transactional organisations it regulated would pay its $29.6 million costs in the next financial year, sparing the taxpayer from funding its operations.
Clunne said the new systems would reduce that bill.