Statement by AusCERT General Manager Graham Ingram in response to the news article "Government docs reveal gunning for AusCERT" by SC Magazine and the referenced government procurement proposal released under FOI legislation.

Who is AusCERT?

As an expert security group based at The University of Queensland, AusCERT helps Australian Internet users and its member organisations prevent, detect, respond to and mitigate cyber and Internet based attacks. With nearly 20 years of experience, AusCERT is Australia's first and longest operating computer emergency response team and is widely recognised as a leader in assisting victims of cyber attack. AusCERT is a self-funded, not-for-profit organisation which provides a range of services, including hosting an annual information security conference.

What was the service that AusCERT provided the government?

Following an open tender process AusCERT was chosen to operate the Australian Government's Stay Smart Online Alert Service as part of the broader Stay Smart Online initiative from April 2008 to April 2012. The Stay Smart Online Alert Service is a free subscription service that provides home users and small to medium enterprises with information on the latest computer network threats and vulnerabilities in simple, non-technical, easy to understand language. AusCERT produced alerts, advisories, newsletters and factsheets on a range of topics and provided solutions to help manage these risks.

AusCERT conducted bi-annual surveys of the SSO Alert Service subscribers, and for each alert, advisory, newsletter published collected unsolicited feedback from the subscribers. Overall, the consistent feedback from subscribers was extremely positive.

AusCERT's response

The proposal to approve the "Proposed Expenditure" and to make "an Approach to Market (Tender)" submitted by the Assistant Secretary, Cybersecurity and Asia-Pacific Engagement Branch within the Department of Communications and the Digital Economy (DBCDE) contains inaccurate and misleading statements about AusCERT and the nature and quality of the service provided under this contract.

Over the four years, AusCERT supported DBCDE in making the SSO Alert Service, as well as the broader Stay Smart Online initiative, a success and helped DBCDE deliver a useful public service. This included providing assistance that was not part of the contract requirements; and included hosting National Cyber Security Awareness Week events, providing advice about functional changes to the www.staysmartonline.gov.au web site, and suggesting how the SSO Alert Service could be improved and be more useful to home users and SMEs directly affected by cyber attacks.

While AusCERT fully supports the Department's right to choose a suitable tender mechanism and provider for this service, AusCERT is concerned to learn that inaccurate and misleading information was used to justify the Department's decision. We will enter into further discussions to resolve this issue.