Attorney General Confirms CNVA "Suspension"

No more dollar-for-dollar funding on critical infrastructure testing from July 1...

The Computer Network Vulnerability Assessment program was designed to "to help organisations that own or manage critical infrastructure test the security of their computer networks and systems".

To date, 32 CNVA projects have been approved with 30 projects proceeding.

Projects have been undertaken in the banking and finance, energy, food chain, health, transport and water sectors, a spokesperson from the Attorney General's department says.

The program will be suspended on July 1 "pending review".

Launched in 2004, the CNVA aimed to assist those maintaining critical infrastructure in identifying key weaknesses in their security. Yet to date, the Attorney General has doled out just $2.2 million through the scheme.

Still, the department insists the program may see a second rising.

"The CNVA program is likely to be re-activated in the future, however no decision has been made on timing," the spokesperson says.

One penetration tester interviewed by Risky.Biz wasn't surprised. He says the "refund" nature of the subsidy often made applying for the grants more trouble than they were worth. "It didn't align with organisations' typical procurement processes," he says.

The program identified critical infrastructure as "physical facilities, supply chains, information technologies and communication networks which if destroyed, degraded or rendered unavailable for an extended period would significantly impact on the social or economic well-being of the nation".

Our thanks to Drazen Drazic for bringing this story to our attention.