Special Minister of State Gary Nairn has vehemently backed the use of standards for Australian e-government frameworks during the keynote address today at the AusCert 2006 conference.
However, figures released at the conference, on Queensland's Gold Coast, show a decreased use of standards in both the public and private sectors.
The AusCert 2006 figures reveal a reduction in the overall use of policies, standards, technologies, and staff training in 2006 when compared to last year.
Jamie Gillespie, AusCert training and education team leader, said the decline is unfortunate given the continued growth in the use of IT. Training particularly is among a number of challenges information security professionals face.
Nairn said the federal government is working to encourage the use of standards, but the immediate challenge is facilitating e-government while improving communication that balances security with business over and above government-mandated regulations. Nairn cited the work on PKI (public key infrastructure) and the Gateway Project, launched early last year, as two recent examples.
"The standards and best practice principles cannot be too descriptive on how the standards should be met or interfere unnecessarily in commercial decisions and industry operations," Nairn said. "The Australian government is on the front foot in terms of implementing best practice within government itself for authentication and delivery of government services through the Australian government framework for the use of PKI. The central element to the Gatekeeper Project is the accreditation, certification and registration against Australian government policy requirements. Enhanced PKI frameworks have been developed to deliver increased flexibility for agencies to adopt PKI with their clients and other agencies."
Nairn said such a framework, which should be in place by June 30 this year, would reduce the cost and complexity for service providers, agencies, businesses and individuals. He elaborated on the government's approach to using standards on the back of a $100,000 grant to Standards Australia to examine national and international standards relevant to critical infrastructure protection.
Under this grant, Standards Australia will study the security implications of a number of existing standards and identify any gaps, as well as developing risk management and business continuity plans.
Nairn said local industry can be part of the e-government strategy and called for input from any companies with experience in service orientated architecture (SOA), identity management, single sign-on and smartcards. He said the Australian Government Information Management Office is already working with other organizations on whole of government standards to ensure consensus by industry and government for use under the smartcard program.
Michael Crawford is attending the conference as a guest of AusCert