About us

What is CERT Australia?

Australia, like many other nations, has an ever increasing reliance on information and communication technology in all aspects of life. However, we also face an increasingly sophisticated and hostile online security environment and emerging threats that do not respect traditional jurisdictional boundaries.

To better protect Australia’s Internet users, the Australian Government has brought together Australia’s existing computer emergency response arrangements under a new national computer emergency response team, CERT Australia. It ensures that all Australians and Australian businesses have access to information on cyber threats and vulnerabilities.

CERT Australia is the initial point of contact for cyber security incidents impacting upon Australian networks.

What is CERT Australia responsible for?

CERT Australia’s primary responsibility is to work with the private sector in identifying critical infrastructure and systems that are important to Australia’s national interest, based on an assessment of risk, and to provide these organisations with information and assistance to help them protect their information and communication technology infrastructure from cyber threats and vulnerabilities. This is also achieved through trusted information exchanges between the Australian Government and Australian businesses on cyber security issues. In working to protect critical infrastructure such as banking, water, energy generation, transportation and telecommunications, CERT Australia plays a part in ensuring those services that all Australians rely on are secure and resilient.

CERT Australia is also a source of cyber security information for the Australian community and the point of contact for Australia’s international cyber security counterparts. It also has a coordination role in the event of a serious cyber incident.

It provides Australians with information on cyber threats so that they can better protect themselves.

Why was CERT Australia formed?

CERT Australia was formed to provide an initial point of contact for cyber security information for Australia and to coordinate Australia’s cyber event response arrangements, nationally and internationally.

Australia, like many other nations, faces an increasingly sophisticated and hostile online security environment and emerging threats. The instigators of these threats do not respect traditional jurisdictional boundaries.

The Australian Government E-Security Review 2008 found that Australia’s Computer Emergency Response Team (CERT) arrangements would benefit from greater coordination in order to better respond to these challenges. As such, it recommended the formation of a new Australian Government national CERT. In November 2009, the Attorney-General announced that the new national CERT would be called CERT Australia.

What makes up CERT Australia?

CERT Australia incorporates a number of cyber security activities previously undertaken by Australian Government agencies, including the Australian Government Computer Emergency Readiness Team (GovCERT.au) within the Attorney-General's Department.

CERT Australia complements the work undertaken by the Cyber Security Operations Centre (CSOC) within the Department of Defence, and assists the Australian Government to maintain a national picture of cyber threats.

Who benefits from CERT Australia?

All Australians benefit from CERT Australia.

It provides a source of information on cyber security issues for Australia, and will assist to better coordinate and manage the cyber security response during a serious cyber event.

By helping to share information between Australian internet service providers (ISP), major corporations, anti-virus researchers and information technology security vendors, CERT Australia provides the Australian community with relevant and timely information on cyber security issues. CERT Australia will support ISPs in assisting their subscribers and will be both a contributor and recipient of the collection efforts of the global CERT community.

By assisting organisations that own or operate critical infrastructure and those businesses important to Australia’s national interest, CERT Australia plays a part in ensuring that those services that all Australians rely on in their daily lives are secure and resilient.

Who manages CERT Australia?

CERT Australia is managed by the Australian Government Attorney-General's Department.

The Attorney-General’s Department coordinates Australian Government cyber security policy and manages Australia’s cyber crisis management arrangements. The Australian Government Computer Emergency Readiness Team (GovCERT.au) has provided cyber security support to owners and operators of critical infrastructure and key business. Located within the Attorney-General's Department, it is now part of CERT Australia.

How do I contact CERT Australia?

If you wish to report an incident, please refer to the Incidents page.

You can contact CERT Australia using the contact details below:

Alternatively, you can write to:

Our PGP Key details are:

PGP Fingerprint

ED06 AEA6 8333 C293 7942  0ABC 79BB A240 B754 2536

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 9.6.3 (Build 3017)

mQGiBEtOoxcRBADnSmF5hqW4kCIDipdtYqTjvyz4qNKcYMc8uQtTncny4IUzguPc
tbjAVi/mGT6zyOfmjafwUW/PIQpNZ7nhWTitJECnVTwjiiOEGSjP5envLYatqmSQ
I6u/9Tcf3TQy5Xp7XYIi1k1F82CY3A8OGY6nAzXWSanCyhgcjJGvACeozQCg/ywa
ITZltMJttPETX8syVhQ6WDkD/jquikat/oQwNVqDZmnsJmf3UqjTTsiae2Q0UPcl
K1RLTRJyDsoP3uPaun1Vth6KJM8CKnKvYxQtcZBH9f2F0PTVyhQHgLQhxpP0wZnz
B4I86x6CyWL+fBJzs+2BL89JSutew9jA70C5UrNUIY+URww6stRWmaLuThvzqN8p
CXt5A/42L8BRkFd6H5GFGi9hICYqeYKC4WUgbBl8zcYFEooPvMYqiEmeBc9kR3Xs
nRxpRaP5I5Fe4AgMrAbfbA9XgemYOwC+B2lxfihyBYLC7F5P+BmCJFx5QsAmTzz7
HfX3hCAfbjLtjzWU56H95BelRSvCjp4bbndJYLeN2OYOWeh147QhQ0VSVCBBdXN0
cmFsaWEgPGluZm9AY2VydC5nb3YuYXU+iQCWBBARAgBWBQJLTqMXMBSAAAAAACAA
B3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQYLCQgHAgoC
GQEFGwMAAAADFgIBBR4BAAAABBUICgMACgkQebuiQLdUJTYCQwCg/UTpGS4HYMAh
Zsol/jAWGCW5RuYAoIZqPWEWACMhdo+y7tUXHWOt7r5UuQINBEtOoxcQCAD2Qle3
CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSG
SfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJ
Zv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgN
RR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv88
4bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsi
GSa6q6Jew1XpMgs7AAICB/9KIUW2mRsDlz1psHExvDvMRKI6Uhn8zfipvf4+4Dw5
C6H7GptybJGTaMUF5BhBySbErhPHRn74OoWU97fM0rOADiHEqobw4IcLVD3fHC8n
apWzHbNRDeGZf4XUQ+lhvxzYO3+UnIpN+XC3AGwkgTEZv8bJYycMc79va6Q077MQ
DqatsPHdFu74pJACuY12KXUlWWMhGav3fNvB3ZZePd6LPuTbvP6A9lZdDkrROheK
4J/+B9Kq25Zw+DS2YKDgip8rd23aYId2nOGH4creqaByhBkvnRTipp1Szu2j6u57
+cnYqmZ8w2LKnmTEV1vyWET53igBfK77v6enmVrSpVI8iQBMBBgRAgAMBQJLTqMX
BRsMAAAAAAoJEHm7okC3VCU2MKgAn3W0Fb7RF/fh6EWxTpkIyBVqHj6yAKDmgwZu
3LEVAFbqj1qooe3eFm+QxA==
=mjDp
-----END PGP PUBLIC KEY BLOCK-----

When does CERT Australia become operational?

CERT Australia commenced initial operations on 28 January 2010. CERT Australia will build operational capacity through 2010.

How much funding is the Australian Government investing in CERT Australia?

As announced in the 2009-10 Budget, the Australian Government is investing an additional $6.2 million over four years to bring together Australia’s computer emergency response arrangements to form CERT Australia. CERT Australia includes the resources and current functions of GovCERT.au.

What is the difference between GovCERT.au and CERT Australia?

The role of GovCERT.au was as a readiness team. It assisted Australian critical infrastructure and key businesses prepare for, and prevent, sophisticated cyber security threats.

CERT Australia has incorporated GovCERT.au and its existing readiness functions. CERT Australia also includes an incident handling capability, and is the initial source of cyber security information and point of contact for Australia’s international cyber security counterparts. It also has a coordination role during a serious cyber incident.

CERT Australia provides all Australians with access to information on cyber threats so that they can better protect themselves.

Is GovCERT.au still in operation?

The current functions and services of GovCERT.au are continuing as part of CERT Australia. The name GovCERT.au is no longer used.

My organisation has been a recipient of  GovCERT.au advisories. Will my organisation still receive those now that CERT Australia has commenced operations?

Yes. Those who have been receiving GovCERT.au advisories will continue to receive information through CERT Australia advisories.

My organisation has signed a non-disclosure agreement (NDA) with GovCERT.au. Will we need to sign another NDA now that CERT Australia has commenced operations?

No. As the signed NDA is an agreement with the Commonwealth of Australia, the conditions within the NDA will transition to CERT Australia, along with the work and responsibilities of GovCERT.au.

What is the Cyber Security Operations Centre (CSOC)?

Established as an initiative of the Australian Government’s Defence White Paper, the Cyber Security Operations Centre (CSOC) provides the Australian Government with all-source cyber situational awareness and the ability to facilitate operational responses to cyber security events of national importance.

The CSOC’s core functions include:

Is CERT Australia part of the Cyber Security Operations Centre (CSOC)?

No. CERT Australia, which is managed by the Attorney-General’s Department, is independent from the CSOC which is part of the Department of Defence. However, CERT Australia will have a presence within the CSOC.

CERT Australia and the CSOC have complementary roles in ensuring that Australia is protected from cyber threats. CERT Australia contributes to the CSOC’s ability to form a national picture of cyber threats for the Australian Government. The CSOC provides information to CERT Australia that can be used to help protect the Australian community.