Numerous legislative stumbling blocks mean there is little chance of industry participating in even the most remote level of information sharing as part of the federal government's critical infrastructure initiatives.
Under current legal framework, information shared with government is not protected leaving little regard for confidentiality.
Freehills solicitor Martin McEniery said under the Freedom of Information Act (FOI) there is no guarantee that the officer assessing the FOI application will grant the information confidential status.
"This is of obvious concern to companies which are being encouraged to share information [about] threats and vulnerabilities to what may be mission-critical systems," McEniery said.
The federal government is trying to establish an IT security alert system with critical infrastructure industries such as banking, utilities and telecommunications under its Trusted Information Sharing Network (TISN).
However, even TISN identifies legislative obstacles including FOI legislation in a paper entitled Information Sharing Arrangements, which examines ways to ensure information shared to fix a potential problem does not become public knowledge to "avoid greater exploitation" of a vulnerability.
The Australian Bankers' Association (ABA) is aware of the lack of information protection with a spokeswoman admitting that a raft of legislative changes may be required to provide a suitable information sharing environment.
"The problem relates to a number of Acts, but as it stands the government cannot protect the confidentiality of information provided by industry; this isn't the only problem, we need to overcome competition laws as well. For example, if there are four banks in a room disclosing [vulnerability] information this could contravene competition laws. At the moment there is no legal framework in place," the spokeswoman said.
While the spokeswoman admitted this could involve legislative changes she is optimistic that problems will be overcome because the banking industry does want to participate in TISN.
At the same time, the ABA has called for the implementation of uniform cybercrime and privacy legislation by all states and territories in its submission to a parliamentary inquiry into cybercrime.
Chaired by MP Bruce Baird the parliamentary committee of the Australian Crime Commission has received more than 25 submissions largely from Police agencies; hearings will start in the week of July 14, 2003.
The ABA spokeswoman said while the Cybercrime Act and Privacy Act are federal law, similar provisions have been introduced only in NSW and Victoria; no other state or territory has followed suit.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.