CIP NEWSLETTER by tqr19314


									 Trusted Information
                                         CIP NEWSLETTER
                                         For owners and operators of critical infrastructure
   Sharing Networ
   Sharing Network
    Critical Infrastructure Protection
for Critical Infrastructure Protection   Vol. 4 No. 2 June 2007

                                         Securing Australia’s online environment
Contents                                 During April and May this year Estonia was bombarded by a series of denial-of-service at-
Securing Australia’s                     tacks that forced it to suspend online services and, at one stage, block all international Internet
online environment                   1   traffic. Whether this prolonged attack was politically or criminally motivated, the perpetrators
                                         and the cost to the Estonian economy may never be known. The result, however, was severe
National Approach for
                                         disruption and economic damage to a nation that relies heavily on its information infrastruc-
the Protection of
                                         ture to deliver both business and government services.
Places of Mass Gathering 2
Liquid fuel supplies in                  The Australian Government has long recog-          The Attorney-General’s Department will lead
an emergency                         3   nised the importance of the National Infor-        these initiatives and has been provided with
                                         mation Infrastructure—the electronic and           $12.3 million to strengthen critical infrastruc-
IT Security Expert                       communications systems that underpin so            ture e-security. Part of this will be used to en-
 Advisory Group                      4   much of Australia’s economy—and that it            hance’s role in providing infor-
TISN prepares for                        forms part of our critical infrastructure. In      mation on sophisticated threats to critical in-
Cyber Storm                          5   2001, the Government’s E-Security National         frastructure owners and operators. This initia-
                                         Agenda (ESNA) articulated a vision of ‘a           tive will also inform government and business
Private health sector
                                         secure and trusted electronic operating envi-      about Australia’s dependency on the electronic
                                         ronment for both the public and private sec-       environment.
emergency role                       6
                                         tors’. The outcomes of last
Risk Management—                         year’s ESNA review recogn-                                            The Attorney-General’s
an operational approach 7                ised the way in which the on-                                         Department funding will
                                         line environment has changed                                          also improve Australia’s
CIP in Finland                       8
                                         since 2001, and led to the Gov-                                       capacity to manage cyber-
National Security Science                ernment allocating a total of                                         attacks through participa-
and Technology Unit                      $73.6 million for e-security in                                       tion in an exercise pro-
supports CIP              9              this year’s Budget.                                gram. This program includes international ex-
                                                                                            ercises such as Cyber Storm II (see report on
Activities across
                                         Importantly for critical infrastructure owners     page 5).
the TISN                           11
                                         and operators, this funding recognises it is a
Counter-terrorism                        constant struggle to defeat malware and bot-       In addition, will conduct a study
research funding                   12    nets—the armies of compromised home and            to evaluate the practicality of a centre where
                                         business computers that can be used as ‘zom-       business and government can share real time
                                         bie armies’ in cyber-attacks. The e-security       IT security information.
                                         initiatives flowing from the Budget funding,
                                         therefore, are designed to ensure that all com-    Importantly, the government has streamlined
                                         puter users, from home and small business          its arrangements to ensure all agencies in-
                                         to large corporations and governments, un-         volved can communicate easily and coordi-
                                         derstand the need for, and put in place, sound     nate their activities. Two committees formerly
                                         and effective security measures.                   responsible for e-security issues, the Informa-
                                                                                            tion Infrastructure Protection Group and the
                                         The $73.6 million, which will be provided          E-Security Coordination Group have been
                                         over four years, has therefore been provided       combined to form the E-Security Policy and
                                         to those Australian Government agencies with       Coordination Committee. This is chaired by
                                         e-security responsibilities. These are the At-     the Attorney-General’s Department.
                                         torney-General’s Department, the Department
                                         of Communications, Information Technology          No-one can ever say that Australia will never
                                         and the Arts, the Australian Communications        be subjected to the type of cyber-attack that
                                         and Media Authority, the Australian Govern-        crippled Estonia, but the measures provided
                                         ment Information Management Office, the            by the latest Budget funding will help
                                         Australian Federal Police and the Defence          strengthen the nation’s e-security across the
                                         Signals Directorate.                               board so we can be prepared to resist and,
                                                                                            should the worst happen, quickly recover from
CIP NEWSLETTER                                                                       Vol. 4 No. 2 June 2007

National Approach for the Protection of
Places of Mass Gathering
Places of mass gathering play a significant role in the lives of everyday
Australians, be it taking in a cricket match on a warm summer’s afternoon,
or shopping for the family. By their very nature, places of mass gathering
also present an attractive target for terrorists. To respond to this potential
threat, the Australian Government has released the National Approach for
the Protection of Places of Mass Gathering from Terrorism.

Places of mass gathering include a       business-government partnership
diverse range of infrastructure, from    consisting of a suite of engagement
                                                                                      … places of mass
sporting venues to public transport      initiatives. These initiatives range    gathering not only present
hubs. They are characterised by a        from the provision of threat advice       terrorists with potential
large concentration of people and        to owners and operators, to the de-       opportunities for mass
very few security controls. As such,     velopment of a toolkit of security-     casualties, symbolism and
places of mass gathering not only        related material.
present terrorists with potential op-
                                                                                 high impact imagery, they
portunities for mass casualties, sym-    The National Approach for the Pro-        pose a broad range of
bolism and high impact imagery,          tection of Places of Mass Gathering       security challenges for
they also pose a broad range of se-      from Terrorism is currently only              their operators
curity challenges for their operators.   available in hardcopy form. It can
To meet these challenges, the Com-       be obtained by emailing
monwealth, state and territory gov-
ernments and industry have worked
together to develop the National
Approach for the Protection of
Places of Mass Gathering from Ter-

The National Approach will work in
conjunction with a Guided Self As-
sessment for owners and operators
of places of mass gathering. This
Guided Self Assessment is a counter-
terrorism tool that is also being de-
veloped under the auspices of the
National Counter-Terrorism Com-

The National Approach articulates a
comprehensive approach to identi-
fying and engaging with places of
mass gathering. This builds on the
jurisdictional arrangements already
in place for planning and managing
major and specific events, as well as
ensuring a nationally consistent ap-

The effectiveness of the risk man-
agement arrangements outlined in
the National Approach is based upon
the sharing of roles and responsibili-
ties among all relevant stakeholders.
This is achieved through an active

Page 2
Vol. 4 No. 2 June 2007                                                                    CIP NEWSLETTER

Liquid fuel supplies in an emergency
A prolonged and substantial disruption to liquid fuel supplies would have
serious consequences throughout the Australian economy. To understand
the possible effects of a disruption to liquid fuel supplies on critical infra-
structure, a meeting was held between Infrastructure Assurance Advisory
Group (IAAG) chairs and representatives from the Department of Industry,
Tourism and Resources (DITR) who support the National Oil Supplies Emer-
gency Committee (NOSEC).

The meeting highlighted the intricate     plies upon these sectors. DITR also
nature of interdependencies between       produced a very informative back-
sectors and the consequent reliance       ground paper explaining the liquid
on liquid fuel supplies by some sec-      fuel supply arrangements in Austra-        The meeting highlighted
tors for back-up power generation in      lia and how a potential disruption to       the intricate nature of
the event of a cut to the electricity     that supply would be dealt with by             interdependencies
supply. A disruption to those supplies    the Australian Government. The            between sectors and the
would be further complicated in a         paper will be available to TISN
                                                                                    consequential reliance on
pandemic situation where social dis-      members on the Secure TISN
tancing policies may apply.               website.                                    liquid fuel supplies by
                                                                                    some sectors for back-up
The catalyst for the discussions goes     The Attorney-General’s Department          power generation in the
back to the Communications Sector         Critical Infrastructure Protection            event of a cut to the
IAAG’s desktop exercise, Exercise         Branch is now conducting a staged
                                                                                          electricity supply
Eclipse, in May 2006 (see CIP News-       process to identify those sectors
letter Vol. 3, No. 3, August 2006).       which will be directly affected by a
The exercise scenario involved a          potential disruption to the liquid fuel
major loss of power and tested the        supply and the flow-on effects to
reliance of the sector on the electric-   other sectors. Sectors are also be-
ity supply. It also highlighted the       ing asked to identify their minimum
need to further examine the Commu-        liquid fuel requirements in order to
nications sector’s access to backup       continue to provide essential ser-
liquid fuel. Furthermore, it was evi-     vices to the community. This infor-
dent that other sectors would be sig-     mation will be provided to National
nificantly affected by a disruption to    Committee on Critical Infrastructure
fuel supplies.                            Protection members, who will liaise
                                          with their NOSEC members before
To better understand these impacts,       NOSEC is informed of each sector’s
DITR has engaged with the IAAGs           minimum liquid fuel requirements
to seek advice on interdependencies       and the consequences of their mini-
and to understand the impact of a         mum fuel needs not being met.
major disruption to liquid fuel sup-

                                                                                                        Page 3
CIP NEWSLETTER                                                                             Vol. 4 No. 2 June 2007

IT Security Expert Advisory Group
The IT Security Expert Advisory Group is one of the Expert Advisory Groups
within the TISN. The group is chaired by Ashley Cross, General Manager,
Security Branch, Department of Communications, Information Technology
and the Arts. Its membership consists of academic specialists, vendors and
industry associations and representatives from government—all of whom
are leaders in the information technology/e-security field.

The IT Security Expert Advisory
Group provides advice to the TISN
on IT security issues relating to criti-                IT Security Expert Advisory Group
cal infrastructure protection. Over            The ITSEAG as part of the Trusted Information Sharing Network, provides
the last two years, the group has de-          information and advice to owners and operators of Australia’s critical
                                               infrastructure on solutions to IT problems and emerging IT security trends..
veloped advice for critical infrastruc-
ture owners and operators on strate-
gic IT security issues.
                                                                         Broad Strategic Advice
This includes strategic advice on the
management challenges associated
with IT security and the security as-          IT Security Governance                                 Enterprise Strategy for
pects of new technology applications                   Report                                          Information Security
such as wireless and Voice Over
Internet Protocol. Details of the ad-
vice provided and work underway in
2006–07 are illustrated in the dia-                   Prevention and Protection Advice for Information Technology

In addition to detailed reports which
are classified ‘TISN-in-Confidence’,
the IT Security Expert Advisory                  Specific
Group also has produced a series of                                                Business                         Business
                                                                                   Processes                        Practice
unclassified practical advice papers            Application
                                                                                     Advice                          Advice
for Boards of Directors and Chief                 Advice
Executive Officers as well as for
Chief Information Officers and tech-
nical practitioners.                               Voice over                      Denial of
                                                Internet Protocol                   Service                       Outsourcing
The Group’s papers are available at or contact the Sec-
retariat in the Department of Com-                   Wireless                       SCADA
munications, Information Technol-
ogy and the Arts on (02) 6271 1595
or                              Global
                                                   Positioning                    Risk Management
                                                    System                           Framework

                                                                                  SCADA COI Portal

                                              Finalised Advice

                                              Advice Under Development
                                                                             Supervisory Control and Data Acquisition (SCADA) systems
                                                                             are used for remote monitoring and control in the delivery of
                                                                             essential services/products such as electricity, natural gas,
                                                                             water, waste treatment and transportation. The ITSEAG has
                                                                             fostered the development of the SCADA Community of Inter-
                                                                             est of owners and operators of critical infrastructure to work
                                                                             with the ITSEAG to develop SCADA work programs and foster
                                                                             the exchange of information.

Page 4
Vol. 4 No. 2 June 2007                                                                     CIP NEWSLETTER

TISN prepares for Cyber Storm
TISN members from the Banking and Finance, Communications, Energy
and Water sectors, are gearing up for Exercise Cyber Storm II, which will
be held in March 2008.
Cyber Storm II will simulate a multi-     The US team will be made up of fed-
sector coordinated attack through,        eral, state and local governments, as
and on, the global cyber-infrastruc-      well as private sector involvement
ture. The exercise will be led by the     from the IT, communications, chemi-
US Department of Homeland Secu-           cal, and transportation (rail/pipeline)
rity. In addition to the participation    sectors, with finance and energy tak-
of Australian government and indus-       ing part through their Information
try representatives, including TISN       Sharing and Analysis Centers.
members, the exercise will involve
Canada, New Zealand and the United        In a nutshell, Cyber Storm II’s ob-
Kingdom.                                  jectives are to:

It is expected that Cyber Storm II,       • examine the capabilities of partici-
will be the largest government-spon-        pating organisations to prepare for,
sored cyber-security exercise of its        protect from, and respond to the
kind. Its aim is to examine the pro-        effects of cyber attacks
cesses, procedures, tools and
organisations needed to respond to        • exercise strategic decision making
a massive cyber-attack. This will           and inter-agency coordination of
involve a full range of incident re-        incident response(s) in accordance
sponse—technical, operational and           with national level policy and pro-
strategic—across the complete spec-         cedures
trum of players, based on threats and/
or attacks from an organised adver-       • validate information-
sary. Not only will the exercise be
                                            sharing relationships
cyber-specific, it will gradually rise
                                            and communications
to the level of what the US call ‘an
                                            paths for the collection
Incident of National Significance’.
                                            and dissemination of
                                            cyber incident situ-
Importantly, the exercise will be
                                            ational awareness, re-
stakeholder-driven. The scenarios
                                            sponse, and recovery
will be based on participants’ objec-
                                            information, and
tives, and it will be distributed, with
players communicating where pos-
sible through their usual email,
                                          • examine the means and
phone, fax and websites, from their         processes to share sen-
normal centres or offices. Exercise-        sitive and classified
specific channels will also be used         information across
as needed. Australia is considering         standard boundaries in
setting up an Internet-based email          safe and secure ways
system independent of participants’         without compromising
normal communications channels to           proprietary or national
replicate that being set up by the US.      security interests.

Although participation is yet to be       The exercise is based on
finalised, around 40 organisations        the assumption that any
from the Commonwealth, state and          cyber-asset can be com-
territory governments, the IT indus-      promised given sufficient funding,
try, and private sector members of        organisation, and time. The adver-
the TISN’s Communications, Bank-          sary, who may be known terrorists
ing and Finance, Energy and Water         using individual actors, activist and/
Services sector groups have ex-           or criminal intermediaries, will have
pressed interest in taking part.
                                                                                    Continued on page 6

                                                                                                          Page 5
CIP NEWSLETTER                                                                            Vol. 4 No. 2 June 2007

Private health sector laboratories’ emergency role
The private health sector plays a vital role in supplying medicines, medical
devices and consumables, and diagnostic services to the public health sec-
tor. In the event of an emergency situation it will be essential that certain
facilities, such as private laboratories, are able to provide surge capacity
and handle excess diagnostic work from public sector laboratories.

Australia has well equipped public        ing, in conjunction with the Health
health laboratories which can             Infrastructure Assurance Advisory
readily diagnose harmful pathogens        Group (HIAAG), has initiated a pri-
that could be used in a terrorist at-     vate laboratory surge capacity
tack, as well as those that could         project.
cause a human influenza pandemic.
The Australian Government recog-          The project’s first task will be to de-
nises that in the event of an incident,   velop a discussion paper to pinpoint
such as a bioterrorist incident or out-   the key issues related to the provi-
break of infectious diseases, labo-       sion of surge capacity by private
ratories will need to mount a rapid       health laboratories in the event of a
and sustained response.                   health emergency. The discussion
                                          paper will be used to assist the Aus-
Private health laboratories under-        tralian Government in its efforts to              Private health
take a considerable volume of the         ensure effective preparedness to re-        laboratories undertake a
diagnostic work in Australia and can      spond to health emergencies.                 considerable volume of
potentially play an important role in                                                   the diagnostic work in
providing surge capacity in a major       A project team comprised of private
emergency situation. To explore this      laboratory sector representatives has
                                                                                           Australia and can
option with the private laboratory        been formed. It met in Melbourne for            potentially play an
sector and to highlight the issues        the first time on 27 February 2007.              important role in
associated with taking on this role,      The discussion paper was presented          providing surge capacity
the Department of Health and Age-         at the recent meeting of the HIAAG.           in a major emergency

TISN prepares for Cyber Storm
Continued from page 5

a specific political and economic         a simulated massive Internet disrup-      subject matter expertise, adjudicat-
agenda, and sufficient resources. It      tion.                                     ing disputes, and deconflicting
will seek to achieve its agenda by a                                                player action issues and inject/event
combination of undermining public         The multinational exercise control        interdependencies.
confidence, physical impacts, eco-        centre, located in Washington DC,
nomic impacts and limited inten-          will coordinate the exercise with an      Australia’s participation is being co-
tional loss of life. It will primarily    Australian control centre, which will     ordinated by the Attorney-General’s
use cyber-attacks combined with           probably be located in Canberra.          Department Critical Infrastructure
supporting physical attacks, where        These centres will manage the exer-       Protection Branch. Further informa-
necessary, on cyber-infrastructure        cise flow, executing and monitoring       tion can be obtained from Steve
within selected sectors. At least part    planned injects, developing and vet-      Stroud, Director National Informa-
of the exercise scenarios will involve    ting ‘on the fly’ injects, simulating     tion Infrastructure, by email at
                                          all non-playing entities, providing

Page 6
Vol. 4 No. 2 June 2007                                                                  CIP NEWSLETTER

Risk Management—an operational approach
Security risk management is central to critical infrastructure protection.
But it is a rapidly evolving field that is moving beyond physical security
concepts such as locks, fences and guards, to encompass a wide range of
management issues such as strategy, governance, ethical conduct, safety
and organisational performance. For security risk management to be suc-
cessfully integrated into the fabric of organisations it must become a funda-
mental part of everyday operations.

Security Risk Management Hand-           that HB 167:2006 provides guidance
book HB 167:2006 reflects the            and extra information on how to ap-      ...the handbook outlines a
broad nature of the security land-       ply that standard in the security risk   broad framework and core
scape. Released by Standards Aus-        context.                                   elements that should be
tralia last December, it does much                                                  included in the security
more than provide ‘tick and flick’       HB 167:2006 is included in the pack-
checklists; it aims to inform under-     age of standards being supplied to       risk management process
standing, not set out a series of im-    TISN members through Infrastruc-
mutable rules and regulations that       ture Assurance Advisory Group sec-
must be applied to all circumstances     retariats and can be purchased from
and situations. The handbook             the SAI Global webshop at
recognises that security cannot be
completely removed from the opera-
tions of an organisation and must be
tailored to individual circumstances.
It covers areas such as managing
risk perceptions, profitability, repu-
tation, efficiency and fairness in

While maintaining consistency with
Australia’s internationally renowned
Risk Management Standard—AS/
NZS 4360—the handbook outlines
a broad framework and core ele-
ments that should be included in the
security risk management process.
Because it has a wide range of rec-
ommendations it can be used by any
size or type of organisation, from
large multinationals to small busi-
nesses, government agencies and the
not-for-profit sector.

At a briefing on the handbook held
in Canberra for government agen-
cies, Dr Carl Gibson from La Trobe
University, a member of the panel
that developed the handbook,
warned of the dangers of simply
applying templates that are not tai-
lored to an organisation’s particu-
lar needs. He also emphasised that
AS/NZS 4360 is the only tool
needed for risk management, but

                                                                                                      Page 7
CIP NEWSLETTER                                                                   Vol. 4 No. 2 June 2007

CIP in Finland
Australia and Finland are a long way apart physically, but as a visit by an
officer from the National Emergency Supply Agency showed, both countries
face common challenges when it comes to critical infrastructure protection.

During Axel Hagelstam’s visit to        • being prepared for an outbreak of
Australia last December, he briefed       bird flu.
the Attorney-General’s Department
Critical Infrastructure Protection      A major difference in the approach
Branch on Finland’s critical infra-     to critical infrastructure protection
structure protection policy.            between Finland and Australia is
                                        each country’s attitude to govern-
Mr Hagelstam identified several ar-     ment regulation.
eas where Australia and Finland are
taking a similar approach to critical   Finland’s fairly interventionist ap-
infrastructure protection, which in-    proach has been shaped by history,
clude:                                  especially its proximity to the Soviet
                                        Union during the Cold War.
• adopting an all hazards approach
                                        In contrast the Australian
• recognising transport, food sup-      Government’s policy encourages
  ply, energy supply and health care    businesses to understand their par-
  as critical infrastructure sectors    ticular security needs and respond
                                        according to their own assessment of
• recognising the challenges arising    risk. Regulation is only used in spe-
  from multinational business and       cial circumstances, such as in the
  multiple interdependencies            transport       industry       where
                                        interoperability is essential.
• capturing the benefits of public/
                                        Copies of Mr Hagelstam’s presenta-
  private partnerships
                                        tion are available by contacting the
                                        Critical Infrastructure Protection
• fostering greater international co-   Branch at
  operation, and

Page 8
Vol. 4 No. 2 June 2007                                                                       CIP NEWSLETTER

National Security Science and Technology
Unit supports CIP

The Department of the Prime Minister and Cabinet’s National Security Sci-
ence and Technology (NSST) Unit was set up in 2003 to provide a focus for
research and development with application to counter-terrorism.

 The NSST Unit is staffed by experts       by the needs of counter-terrorism
 drawn from the Defence Science            agencies, it focuses on working with
 and Technology Organisation,              those agencies to aid in developing
 CSIRO, the Australian Intelligence        specific requirements for research
 Community and the Australian Fed-         activities. The National Counter-Ter-
 eral Police. As part of its work, the     rorism Policy Committee endorsed
 NSST:                                     the unit’s capability framework in
                                           December 2005. The framework pro-
 • provides a recognised and ac-           vides a broad and strategically fo-
   cepted national focus for science       cused approach to requirement set-
   and technology for counter-terror-      ting and identifies priorities within
   ism                                     the key areas of prevention and pre-
                                           paredness, response and recovery.
 • provides science and technology
   input to key national security          The unit has also hosted a series of
   policy issues and initiatives           workshops attended by state, territory
                                           and Commonwealth Government
                                           agencies. Through these workshops,
 • develops and promulgates
                                           a number of national requirements
   awareness of counter-terrorism
                                           have been identified and developed
   community research requirements
                                           into research tasks with the assistance
   in partnership with counter-terror-
                                           of task advisers from interested agen-
   ism agencies                                                                        The NSST plays a key
                                           cies nominated at the workshops.
                                           These workshops were also used to          role in supporting critical
 • maintains and develops knowl-           help set requirements for the RSCT
   edge of the skills and abilities of
                                                                                      infrastructure protection
                                           program, which has called for pro-          policies and programs
   the science and technology re-          posals on an annual basis since be-
   search providers to enhance             coming operational in July 2004. The
   counter-terrorism capability            Unit continues to liaise with counter-
                                           terrorism agencies on an ongoing
 • effectively manages the Research        basis to ensure the capability frame-
   Support for Counter-Terrorism           work reflects current needs.
   (RSCT) program, and
                                           One of the NSST Unit’s major
 • manages international links and         projects is managing the RSCT pro-
   collaborative programs of re-           gram, which aims to commission and
   search to ensure best use of na-        deliver strategically focused research
   tional resources.                       and development activities to en-
                                           hance national counter-terrorism ca-
 The NSST plays a key role in sup-         pabilities. Commenced in July 2004,
 porting critical infrastructure protec-   the program funds research projects
 tion policies and programs. This          addressing priority capability gaps.
 work includes physical and informa-       The program has funded 40 research
 tion security, explosives, intelli-       projects and a number of further re-
 gence surveillance and operations,        search tasks are under negotiation.
 as well as work on chemical, bio-
 logical, radiological and nuclear         The Publicly Funded Agencies’ Col-
 projects.                                 laborative Counter-Terrorism
                                           (PACCT) research program was
 As the unit’s work is largely driven      launched by the Parliamentary Sec-        Continued on page 10

                                                                                                            Page 9
CIP NEWSLETTER                                                                    Vol. 4 No. 2 June 2007

National Security Science and Technology Unit
continued from page 9

retary to the Prime Minister in March    The Unit also led negotiations to es-
2005. The program brings together        tablish a bilateral Memorandum of
the Defence Science and Technology       Understanding on collaborative re-
Organisation, CSIRO, the Australian      search and development for counter-
Nuclear Science and Technology           terrorism with the US Technical Sup-
Organisation and Geoscience Aus-         port Working Group from the US
tralia to further their work on          Department of Defense. The Work-
counter-terrorism related projects. In   ing Group is a US national forum that
November 2005 the Unit organised         identifies, prioritises, and coordi-
the first Science and Technology and     nates interagency and international
Counter-Terrorism Conference,            research and development require-
which brought together PACCT             ments for combating terrorism. The
agencies with Commonwealth               Memorandum was concluded in
counter-terrorism agencies and State     May 2006 and will enable Austra-
and Territory representatives.           lian and US co-investment of up to
                                         US$100 million over 10 years in re-
The NSST Unit is also active on the      search and development to support
international front, and has led ne-     counter-terrorism. The NSST Unit
gotiations on two collaborative ar-      coordinated and led the Australian
rangements with the United States.       delegations to bilateral meetings in
For example the Treaty on Coopera-       Washington in May 2006 and
tion in Science and Technology for       Canberra on 12–16 March 2007.
Homeland/Domestic Security Mat-
ters, signed in 2005, established a      The NSST Unit is interested in es-
formal arrangement to facilitate sci-    tablishing linkages with other nations
entific and technological exchange       and programs over the coming years.
and interaction on counter-terrorism.    Negotiations are currently under way
The first bilateral meetings held un-    to establish a quadrilateral arrange-
der the Treaty took place on 1–2 June    ment between Australia, the US, the
2006 in Washington. The NSST Unit        UK and Canada.
led the Australian delegation attend-
ing the meetings hosted by the US        Further information about the NSST
Department of Homeland Security.         Unit and its work is available from
Australia will host the next bilateral   the Department of the Prime Minis-
meetings in June 2007.                   ter and Cabinet website:

Page 10
Vol. 4 No. 2 June 2007                                                                     CIP NEWSLETTER

Activities across the TISN

Banking and Finance IAAG               • a Risk and Issues Survey, and            The next meeting of the MG-IAAG
                                                                                  is scheduled for 10 August 2007.
The BFAG has elected a new Chair,
Damian McMeekin from ANZ, and          • a draft Risk Context Statement for
                                         the Emergency Services sector.           Transport IAAG
Deputy Chair, Harvey Crapp from
the Australian Prudential Regulation                                              Priority work for the TIAAG during
Authority.                             The group is also developing two           2007 will be to continue the identi-
                                       papers around Pandemic Influenza           fication of sectoral vulnerabilities
Discussion exercise Treasure Trove     for the Australian Emergency Man-          and inter-dependencies. This work
was held on 5 March 2007 with as-      agement Committee.                         will establish key priorities for the
sistance provided by the NSW Po-                                                  Transport Sector in ensuring conti-
lice.                                  Food Chain IAAG                            nuity of services and will provide
                                       The FCIAAG met in Canberra on              essential information for the future
Communications Sector IAAG             Wednesday 8 November 2006. The             inclusion of transport in the CIPMA
                                       secretariat is preparing a food indus-     program.
The CSIAAG met on 28 February
2007 and are formulating their work    try risk context statement to be de-
                                       livered as part of the threat assess-      The Aviation, Maritime and Rail
plan for 2007. The CSIAAG is:
                                       ment process. The next meeting of          Groups held meetings in March with
                                       the group is now scheduled to be           the next round of meetings scheduled
• finalising the Risk Context State-                                              for mid-year.
  ment for the Broadcasting sector     held when the draft risk context state-
                                       ment is ready for consultation with
                                       the Group.                                 Water Services IAAG
• finalising the ongoing consider-
  ation of the supply and distribu-                                               Three members of the WSIAAG
                                       Health IAAG                                have been selected to undertake a
  tion of liquid fuels in emergency,
  and                                  The latest HIAAG meeting was held          study tour of Canada and the USA.
                                       on 20 April 2007.                          The study tour will incorporate par-
                                                                                  ticipation in the World Conference
• engaging a consultant to prepare
                                       Mass Gatherings IAAG                       for Disaster Management in Canada
  a report on the use of remote ac-
                                                                                  and meetings with USA’s Technical
  cess to support key business pro-    The work on the Business–Govern-           Support Working Group and Depart-
  cesses and functions in a pro-       ment Communications Partnership            ment of Homeland Security.
  longed emergency.                    Project is continuing, with a final re-
                                       port to be submitted to MG-IAAG            At the most recent meeting of the
The next meeting of the CSIAAG         management committee.                      WSIAAG, David Parsons (Sydney
will be held to coincide with the
                                                                                  Water) was re-elected as the Chair
SCADA national workshops.              Development of the Counter-Terror-         of the group for another two years.
                                       ism Toolkit is underway and engage-        Steve Hancock (Sydney Catchment
Energy IAAG                            ment has commenced with the juris-         Authority) was elected as the new
The Pandemic Influenza Planning        dictions to ascertain their level of in-   Deputy Chair.
Working Group’s workshop was held      terest in the project.
on 12–13 March 2007 in Brisbane.                                                  IT Security EAG
                                       The Guided Self Assessment Work-
                                       ing Group are continuing their work        ITSEAG met in Sydney on 5 March
The EIAAG bulletin was distributed
                                       on implementing the web-based ap-          2007. The group discussed the draft
on 2 April 2007.
                                       proach, with a view to reporting back      version of Principles of Enterprise
No date has been set for the 10th      to NCTC in mid-2007. The website,          Information Security and reviewed
EIAAG meeting.                         once online, will enable owners and        a draft of Managing IT Security in
                                       operators of places of mass gather-        an Outsourcing Arrangement—
Emergency Services IAAG                ing to assess the attractiveness of        Practice Guide for Owners and Op-
                                       their business operation to terrorist      erators of Critical Infrastructure.
The ES-IAAG is continuing to work
on                                                                                The next meeting will be in June

                                                                                                             Page 11
CIP NEWSLETTER                                                                          Vol. 4 No. 2 June 2007

Counter-terrorism research funding

The Australian Government is mak-       She said that funding would be, ‘pro-     been committed to more than 40
ing millions of dollars in research     vided on a co-investment basis and        projects.
funding available under the Research    priority given to projects that satisfy
Support for Counter-Terrorism Pro-      the needs of multiple counter-terror-     The projects to have received fund-
gramme, which is administered by        ism agencies’.                            ing include:
the National Security Science and
Technology (NSST) Unit of the De-       Proposals will be accepted from           • investigation of counter-measures
partment of the Prime Minister and      Australian private companies and            for contamination of urban water
Cabinet.                                organisations such as universities,         supplies
                                        cooperative research centres and          • improved detection of traces of
The closing date for receipt of fund-   Commonwealth scientific agencies            explosive materials, and
ing proposals is 27 July 2007.          such as CSIRO, ANSTO and DSTO.
                                        It is also possible for organisations     • intelligence CCTV for proactive
A spokesperson for NSST said the        to group together as a team and bid         security.
Programme provides money for re-        for funding.
                                                                           Information and proposal guidelines
search projects assessed as having ‘a
                                                                           for funding are available from
high potential of addressing priority   Since the Programme was introduced
capability gaps’.                       in 2004, more than $7 million has

Page 12

To top