There’s enough cybercrime for Australia’s twin Computer Emergency Response Teams (CERTs), but some say bad blood simmers in the wake of failed negotiations and allegations of staff poaching.
The relationship deteriorated between the industry-led veteran AusCERT and the newly-crowned government agency CERT Australia after the agencies could not agree on subsidies for additional services.
In its submission to a government e-security review, AusCERT said the agency should be better integrated with governments to provide “a comprehensive and holistic e-security framework”.
AusCert general manager, Graham Ingram, said the talks did not fail on price as claimed in some reports, but conceded it was an “abrupt end to protracted negotiations”.
“We will keep doing what we have done for the last 15 years, and we won’t alter that,” Ingram said.
“Services should be complementary, but it will be up to the Federal Government to decide whether it is a good use of taxpayers’ money to duplicate them.
“The amount of work we had to do was too much for the funding we had.”
One industry source, who wished to remain unnamed, said the industry may be reluctant to hand sensitive data to the government agency.
“Look what the government did to Google. There is discretion in an industry body that might not be present at CERT Australia,” he said.
It is understood that some AusCERT staff have applied for positions at the government-sanctioned CERT Australia, which are also located in Brisbane. Former AusCERT operations manager Karl Hanmore has joined the new CERT after a stint as a security officer at Microsoft.
Ingram said staff may be lured to the new agency — described as a rival by some industry insiders — from the “uncertainty” caused by the failed talks.
He said it would be difficult to source and train replacements, and hinted that the new agency would seek and give preference to AusCERT employees jumping ship.
Asked about the potential for loss of knowledge in the hand-over of responsibility, Ingram said international cooperation often depends on informal and personal relationships between CERT managers.
“In the 15 years of its operation, AusCERT has established a credible reputation as a leader in global CERT community which is widely respected and trusted. This puts AusCERT in an enviable position… that can be both trusted to share information with and worthy of a response when requesting help,” the AusCERT submission read.
CERT Australia has been contacted for comment.