You are on page 1of 2

Overview of Services

CERT Australias central mission is to provide advice and support to Australias critical infrastructure and other Systems of National Interest (SNI) on cyber security threats and vulnerabilities. Cyber security response is a complex and varied task. The actual assistance provided by CERT Australia is tailored to each particular incident and will therefore differ significantly depending on a large number of incident-specific factors. Reporting incidents to CERT Australia enables us to form a more accurate view of Australias cyber security threat landscape, which in turn allows us to better correlate attack activity and provide a greater level of response to all industry sectors. In considering the range and nature of its services, it should be remembered that CERT Australia:

is a trusted information and advice broker is not a regulator does not compete with existing offerings already provided by the market place

The following list of services represents an indicative view of the types of assistance we are able to provide Australian business in countering the cyber threat.

Services Catalogue
General Guidance
Provision of technical guidance on the mitigation of cyber security threats and vulnerabilities, including guidance on system architecture from a security perspective. Verification of proposed controls and response activities undertaken by SNIs in -house experts. Provision of locally relevant, closed-source information regarding vulnerabilities in hardware and software platforms and cyber security threats. This is the Alerts and Advisory service. Provision of high level architecture guidance and a security sounding board to assist SNIs own in-house experts. Provision of a technical watch list of IP addresses and domains which organisations can use to inform themselves of possible indicators of compromise on their network.

Contact CERT Australia - 1300 172 499 / info@cert.gov.au

DDoS Mitigation
Identification of attack controller(s). Reaching out to overseas partners to request takedown of attack controllers and mitigate attack traffic. Specific mitigation advice based on the characteristics of the particular DDoS attack being employed.

Incident Response Coordination


Coordination of the Australian Governments response with industry during a significant cyber security event. Initial point of contact and coordination for threats with an international dimension. Notifying Australian websites and businesses where we become aware of system or network compromises based on information feeds from a variety of sources.

Incident Response Support


Rapid access to initial advice and assistance during a cyber security incident while other response and clean-up support is being arranged. Working with other Australian Government organisations to bring specialist skills, expertise and information to assist Australian business in mitigating cyber security threats and vulnerabilities. Working with international partners to seek remediation of attacks originating outside Australia. Working with these same organisations to respond to attacks originating in Australia which are targeting foreign infrastructure. Acting as an intermediary between Australian business and ICT vendors to report and mitigate vulnerabilities. Preliminary malware, log file and other artefact analysis in the context of providing advice on optimal response activities.

Information Sharing and Capability Building


Facilitating access to unique and sensitive cyber security information, from local and foreign sources, for Australias critical infrastructure and systems of national interest through sector specific and national information exchange programs. Provision of one-on-one briefings for stakeholders providing current details about the operational threat environment with a whole-of-government perspective. Annually, providing access for selected SNI stakeholders to attend the Idaho National Labs (INL) advanced control systems training. Maintenance of a cyber exercises capability which is used to facilitate exercise programs (such as CyberStorm) and enables active participation in exercises run by the CERT Australia stakeholder community.

Contact CERT Australia - 1300 172 499 / info@cert.gov.au