PM orders urgent national cyber security strategy review

From ASIO to ASD, cyber security strategy is under review. Pic: ASIO

Prime Minister Tony Abbott has used the official opening of the Australian Cyber Security Centre in Canberra to announce another review of Australia’s cyber security strategy, with a report to be provided in just six months.

Mr Abbott on Thursday revealed that the review, which will be led by the Department of Prime Minister and Cabinet will be assisted by a panel of experts including Business Council of Australia head Jennifer Westacott, Telstra’s Chief Information Security Officer, Mike Burgess, the director of the Australian Strategic Policy Institute’s International Cyber Policy Centre Dr Tobias Feakin and the Chief Security and Trust Officer at Cisco Systems in the United States, Mr John Stewart.

The latest probe into Australia’s cyber security arrangements signifies a return of top level oversight and potentially coordination back to the PM’s office against the present division of duties split between the Department of Communication, the Attorney General’s Department and the Department of Defence.

The present Director General of the Australian Security Intelligence Organisation, Duncan Lewis, was previously tasked with overseeing cyber security arrangements during his time as First Assistant Secretary of the National Security Division of the Department of Prime Minister and Cabinet during the Howard government.

Designating cyber security functions to government agencies, who then have to work with the private sector, has rarely been easy.

Australia’s technology industry and wider business groups have for almost a decade struggled to stay across the myriad of shifting and sometimes differing policies related to cyber security and regulation.

Some of the agencies straddling the issue include ASIO, the Australian Federal Police, the Attorney General’s Department, the Australian Signals Directorate, cyber safety and telecommunications functions at the Department of Communications, the Privacy Commission cross-portfolio bodies like the Cyber Security Operations Centre – seems to have been rebranded as the Australian Cyber Security Centre.

The Australian Information Industry Association has backed the review, with chief executive Suzanne Campbell saying rapid changes in technology and an increasing focus on a knowledge based digital economy meant the complexity of cyber security issues were not well understood — by business, governments or citizens.

“Notwithstanding the focus on security risks from sophisticated new technology developments,  management of cyber security is as much a business and business process issue,” Ms Campbell said.

“We strongly encourage the Review to take a holistic approach and avoid making this a technology problem.  [The] AIIA welcomes the opportunity to engage with the expert panel as part of the Review process.

But it’s the composition of the expert panel advising the review that could yet ruffle more than a few feathers in parts of the technology sector, especially given what seems to be a strong focus on the ‘network’ layer of technology at the expense of endpoint and application security such as operating systems, databases and applications software.

While networks have and continue to be exploited as an access point, exploiting vulnerabilities in software applications and operating systems have become an increasingly worrying vector of attack for government, businesses and end user targets   especially as more software is delivered as a service from the cloud and is made available through mobile devices.

The presence of US headquartered Cisco on the expert panel also has the potential to raise eyebrows overseas, particularly given the heated debate the Coalition helped to propel over Chinese network equipment manufacturer Huawei being effectively excluded from bidding on the National Broadband Network when in Opposition.

In terms of the ground the latest cyber review will cover, the government has made its mandate flexibly broad.

Specifically, the Prime Minister’s office has said the review will:

  • assess the risk of cyber attacks in the public and private sectors with a view to making our online systems more resilient to attack;
  • examine how government and industry can better work together to reduce the risk of cyber attacks;
  • assess how Government protects its networks and information; and
  • work to ensure we are one step ahead of the threats to government networks and critical infrastructure.

“By 2017, more than nine out of ten Australians will be routinely online and Australian businesses and consumers benefit from the opportunities an interconnected world delivers. However, there are also risks,” the PM’s Office said in a statement.

“Australia faces real and growing cyber threats. Last year alone, the Australian Signals Directorate responded to 940 cyber incidents involving Government agencies, a 37 per cent increase on the previous year.”

According to the PM’s Office “the direct cost of cyber-crime to Australia in the past 12 months is estimated to be more than $1 billion.”

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required