A landmark co-operative IT security agreement was signed on 5 April 2006 between the Australian Government and Microsoft Australia. The agreement demonstrates the mutual interest of government and the private sector in working together to protect our IT networks.
The new agreement, known as the Security Cooperation Program (SCP), provides a structured way for the Australian Government and Microsoft to engage in cooperative security activities in the areas of computer incident response, attack mitigation and citizen outreach.
Intermedium asked the Attorney-General’s Department for some background to the agreement:
What is the Security Cooperation Program?
- In February 2005 Bill Gates announced the Microsoft Security Program to provide “a structured way for governments and Microsoft to engage in cooperative security agreements”.
- The purpose of the program is to share information security related metrics. The metrics are used by Microsoft to help them prioritise patch production and would be useful to agencies to show how government as a whole is protecting its systems.
Why was the Australian Government keen to enter into the SCP?
- The agreement is founded on the premise that IT security is best achieved through cooperation and information sharing.
- This cooperative, inclusive and trusting approach is one that we are working hard to establish - not just with Microsoft, but with businesses across the economy.
- In addition, the Information Infrastructure Protection Group (chaired by AGD) has endorsed the principle of the Australian Government participating in the SCP, believing that it is important for the government to lead by example in the sharing of information to improve security.
Are other countries involved in the SCP?
- Countries that signed up initially were Canada, Chile and Norway.
- Israel, Korea, India, Malaysia and New Zealand have since joined the program.
What are the main features of the SCP?
- This agreement offers the Australian Government earlier notification of vulnerability information, specialised CIO and technical briefings, assistance during an incident and assistance in consumer education and outreach.
- The two main components of the SCP are the sharing of information and collaborative activities focused on mitigating the negative effects of digital attack and responding rapidly to attacks when they occur.
What kind of information will be shared?
- Information about publicly known vulnerabilities that Microsoft is investigating.
- Information about upcoming and released patches to facilitate resource planning and deployment.
- Security incident metrics.
- Incident information in the event of a critical incident or emergency.
- Information on Microsoft product security, the Microsoft approach to security, and its incident response process.
How will the Australian Government and Microsoft collaborate under the agreement?
- Collaboration in computer incident response processes, including joint response in the event of an emergency.
- Cooperative consumer outreach and education activities, including development and distribution of materials and special events.