e-Security

e-Security National Agenda

What is the e-Security National Agenda?

Recognising the increasing reliance of government, business and home users on information and communications technologies, the Australian Government established the e-Security National Agenda (ESNA) in 2001 to create a secure and trusted electronic operating environment for both the public and private sectors.

Since then, the e-security landscape has changed significantly with the emergence of sophisticated, targeted and malicious online attacks. These attacks potentially come from a number of sources, including organised crime, foreign intelligence services and politically motivated groups that pose a risk to the:

  • continuity of government
  • reliable delivery of critical services by both the public and private sector, and
  • identity and financial information of home users and small to medium-sized enterprises.

ESNA Review

In 2006, the Government announced a review of the ESNA to ensure that its policies were keeping up to date with changing security needs.

The review found that because the online environment is highly interconnected, e-security threats to different segments of the Australian economy cannot be addressed in isolation. This key finding saw the development of three new priorities to address concerns and to assist in achieving the original objective of ESNA, to:

  • reduce the e-Security risk to Australian Government information and communications systems
  • reduce the e-Security risk to Australia’s national critical infrastructure, and
  • enhance the protection of home users and
  • small to medium enterprises from electronic attacks and fraud.

What is the national information infrastructure?

Australia’s national information infrastructure, also called the NII,  is part of our critical infrastructure. It is made up of the electronic systems that underpin services such as telecommunications, transport and distribution, energy and utilities, and banking and finance.

What do computer emergency response/readiness teams do?

Computer emergency response/readiness teams - usually called ‘CERTs’- play an important role in keeping computer systems safe. There are CERTs in countries around the world, which work together to protect computer systems. Australia has two CERTS:

GovCERT.au looks after the Government's responsibilities for a range of computer security issues. It does not handle day to day computer incidents.

  • To find out more, visit the GovCERT.au page on this site.

AusCERT is based at the University of Queensland . It deals with computer security incidents involving Australian systems at an operational level.

What is the Computer Network Vulnerability Assessment Program?

The Computer Network Vulnerability Assessment Program is a grants program for critical infrastructure owners and operators. It helps them check the security of their computer networks, including related physical and personnel security issues.

What is SCADA?

Supervisory Control and Data Acquisition systems—commonly called ‘SCADA’— form part of Australia’s critical infrastructure. They are used to remotely monitor and control the delivery of essential services and products, such as electricity, gas, water, waste treatment and transport systems.

The IT Security Expert Advisory Group has formed a Community of Interest for SCADA security issues

Useful references

To find out more, you can:

Visit:

Download: