The chief executive officer of the National Office of Information Technology, John Rimmer, said the claim, made by Deacon's e-security group head Leif Gamertsfelder, probably resulted from an incorrect reading of IT security spending in the May 2002 federal budget.
The figure quoted by Gamertsfelder refers in fact to an increased allocation of funds earmarked for the creation of a four year strategy to improve information technology security across the nation's critical infrastructures.
"In the last budget there was an AU $24.9 million increase in IT security infrastructure funding across a range of industries, but this was to better coordinate their activities and strengthen already existing capabilities," Rimmer said. "It is nothing like the overall amount spent on IT security, it was just a marginal increase."
According to Rimmer agencies like the Defence Signals Directorate, the Australian Federal Police, the Australian Security and Intelligence Organisation, and the Attorney General's Department all devote significant resources to the nation's overall IT security infrastructure. However, he concedes there is still work to be done.
With NOIE at the helm, a working group was established to develop an approach to improve security across all agencies and departments, through the implementation of both technologies and strategies. In the initial phase the group aims to focus on ensuring agency leaders have access to up-to-date information, and are aware of new approaches to risk assessment and threat management.
"We are looking at providing better training for IT security staff, and a more active approach to reporting incidents and sharing information about threats and vulnerabilities," Rimmer said. "Our priorities are the same as those of a leading bank or company in the private sector."
The working group kicked off their program with a workshop in September, to encourage agencies to increase their security training, and while he says the response was good, Rimmer is cognisant security requires an ongoing approach.
"The response was better than we had expected, 62 agencies sent staff, and a lot sent senior people so they are clearly taking it seriously," Rimmer said. "In addition to the working group we have set up a high level committee to get a more coordinated approach to ITC standards, architecture and security across all Federal Government departments and agencies."
As for the true figure associated with the implementation of security within the government, a spokesperson for Senator Richard Alston, Minister of Information Technology, Communication and the Arts, said it would be almost impossible to determine.
"Every department and agency in the government has responsibility for its own IT, including the security elements central to that IT infrastructure, so to get a serious realistic figure you would have to go to every agency and find out what they spend on IT and what proportion is relevant to security," the spokesperson said.
NOIE - another luddite alston "initiative" ie all talk no action.