Feds, Microsoft sign whole of govt security deal

The Australian federal government has signed a whole-of-government agreement with Microsoft to exchange information on security issues ranging from cyberterrorism and general security bulletins.

As part of the arrangement, Microsoft will provide the Australian federal government with a monthly security bulletin and in return Microsoft will have closer contact with government agencies to learn how Microsoft products are being used and operating.

The alliance, dubbed the Security Cooperation Program (SCP), is the first whole-of-government agreement for Microsoft.

Announcing the agreement, Attorney General Phillip Ruddock said the SCP is one way to remain ahead of hackers and criminals "who seek to exploit information technology systems for their own benefit or to inflict harm on our community".

"The SCP would help defend government systems against terrorists who may be planning to break into computer systems to shut down markets, or disrupt water or electricity services."

All federal government agencies are immediately part of the agreement. State and territory governments can also sign up to the SCP.

Peter Watson, Microsoft Australia's chief security advisor, confirmed its participation in the SCP will not supersede any existing government agencies such as AusCert or the DSD. The DSD will be a key part of the program due to existing ties with the Critical Infrastructure Protection Branch.

Watson said in regards to this agreement, (Australia is just one of 14 different countries participating in the SCP), the standard program has been tweaked to ensure the DSD is a central point of contact for the SCP to deal with the government.

"The focus is around our security product set; we do not ask what other (non Microsoft) products are used, but we are interested in seeing broad characteristics to help with trending analysis and what we develop in terms of products and guidance," Watson said.

"What we do is provide a monthly set of consolidated information of what we are seeing of security issues around the world, such as virus infections [through] to things where people might be exploiting known vulnerabilities that we (Microsoft) are doing investigations on.

"Information from all 14 nations is made anonymous then provided to the SCP, because what we are trying to do is share information about vulnerabilities [without] disclosing where they came from."

Hydrasight analyst Michael Warrilow said if the arrangement involves anything more than exchanging information, he has serious concerns. Warrilow said the way it looks at the moment is just a feel-good approach with very little actual merit.

"The Attorney General has already invested in AusCert for Australia and the region as well as the critical infrastructure group whereas the government overall has invested in the Defense Signals Directorate (DSD)," Warrilow said.

"In my opinion these agencies represent a far better means of protecting the government and Australian society."