Staff have been chosen for the government’s new IT security watchdog and are now just awaiting security clearances.
The Centre for Critical Infrastructure Protection, which becomes operational this month, is a new government body dedicated to protecting key national infrastructure owners from serious IT security threats. Key national infrastructure is defined as operators in the government, energy, telecomms and internet, transport, emergency services and finance sectors.
CCIP director Mike Spring, who is also IS security director for the Government Communications Security Bureau which runs CCIP, and CCIP manager Jay Garden have already been appointed. The other six, who are a combination of experienced IT specialists and graduates, are just awaiting security clearances, says Spring.
CCIP’s operating budget for the 2001-02 year is $450,000 and $847,000 for 2002-03, says Spring. A cabinet paper on the centre puts personnel costs at $298,000 in the first year and $580,000 in the second. IT set-up was expected to cost $269,000.
He reiterates previous statements that the CCIP isn't out to compete with existing private IT security providers.
"We won't be providing advice of low-level vulnerabilities such as from AusCERT. We would expect information owners to have their own subscriptions to such services."
CCIP won't be too worried about "run-of-the-mill" viruses and won’t be putting out 40 announcements a week. "We'll be looking at the real threats." The latter category includes distributed denial of service attacks, he says.
Part of the CCIP's work will be running a website, which is due to go live this month.