Cyber security

Nicole Brangwin, Foreign Affairs, Defence and Security

Key issue 
Cyber security is a strategic priority for Australia’s national security with the threat of cyber-attacks dramatically increasing. Recent strategic policy statements and organisational reforms have highlighted the need to develop robust responses to this rapidly evolving national security issue.

Initiatives and current status

The first significant official recognition of cyber security as a national security issue emerged from the pages of the 2000 Defence White Paper, Defence 2000: Our Future Defence Force. This White Paper recognised the ‘new security challenge’ of cyber-attacks against Australia’s critical national information infrastructure (NII) and noted Defence’s key role in developing effective responses to such attacks. Cyber-attacks can involve instances such as espionage to obtain classified information or sabotage to disable key NII.

Subsequently, the E-Security Initiative was launched in May 2001 as part of the Howard Government’s budget announcement on national security. The initiative focused on safeguarding Australia’s NII, requiring a collaborative approach from the Australian Security Intelligence Organisation (ASIO), Defence Signals Directorate (DSD, now known as the Australian Signals Directorate—ASD), the Australian Federal Police (AFP) and the Attorney-General’s Department (AGD) to assess and deal with identified threats.

On 2 July 2008, the Rudd Government announced a review into Australia’s e-security policies, programs and capabilities (E-Security Review). The initial outcomes from the review were made public on 19 December 2008. They included the introduction of mechanisms to support exchanges of information on threats and responses between government and the private sector, particularly in the areas of banking, finance and utilities. The development of a code of practice for e-security was flagged, with consultation expected to take place with Internet Service Providers. The remaining outcomes and recommendations were deferred to be included in an overall e-strategy framework.

The 2009 Defence White Paper, Defending Australia in the Asia Pacific Century: Force 2030, emphasised the potential impact of the ‘emerging threat’ of ‘cyber warfare’ against Australia’s national interests. The 2009 White Paper stated that cyber-attacks on Australia’s ‘defence, security, government and civilian information infrastructure’ could seriously threaten Australia’s national security. In response, the Government established the Cyber Security Operations Centre (CSOC) to operate within ASD. CSOC was mandated to provide greater situational awareness and respond to cyber threats.

In November 2009, the Cyber Security Strategy (CSS) was released. The CSS set out the Government’s strategic priorities for securing Australia’s NII and featured two initiatives: the Computer Emergency Response Team (CERT Australia) and the CSOC.

CERT Australia commenced operations on 28 January 2010 and incorporated the previously established to become the national coordination authority within government. CERT Australia provides information and advice on cyber security to the Australian community and engages in international cooperation.

CSOC was officially launched on 15 January 2010 and established within ASD to identify cyber intrusions against Australian interests of national importance. It also provides an operational response to cyber-attacks.

The Trusted Information Sharing Network (TISN) was established under the Howard Government and remained in place under the Rudd and Gillard Governments. TISN represents major sector groups that have been identified as critical infrastructure for the purposes of national security. These include: banking and finance, communications, energy, the food chain, health, transport and water services. CERT Australia works closely with the TISN to advise and assist sector group members on strategies for protection against cyber-attacks.

Threat assessment

The ASIO Report to Parliament 2011–12 emphasised the extent of the cyber threat to Australia’s national security:

Espionage, including via cyber means, also continues as an enduring and first-order threat to Australia’s security—targeting not only government departments and agencies, but key commercial enterprises and industries. The hostile and pervasive nature of this threat required increased cooperation and coordination with domestic and international partners, as well as active engagement with elements of nationally critical industry.

ASIO reported that state and non-state actors are involved in targeting Australian interests through cyber espionage.

In June 2013, ASD official, Major General Steve Day, stated that CSOC had detected or reported 1,790 cyber security incidents in 2012. Of these, 685 required a ‘heightened response’ from CSOC. What was meant by a ‘heightened response’ was not disclosed. Major General Day noted that ‘state-sponsored actors are the most active’ threat and 65% of all cyber intrusions (state and non-state sponsored) involve targeting commercial information. Common commercial targets included energy, mining and resources; banking and finance; defence capability; telecommunications; and technology.

Future prospects

In April 2013, in response to ongoing cyber intrusions, the Gillard Government mandated that all government agencies must apply the ‘Top 4’ Strategies to Mitigate Targeted Cyber Intrusions as part of the revised Protective Security Policy Framework. ASD assessed that around 85% of intrusions would be mitigated once the ‘Top 4’ strategies were implemented.

As part of the National Security Strategy, announced by Prime Minister Gillard in January 2013, the new Australian Cyber Security Centre (ACSC) is in the process of being established. The ACSC builds on the existing CSOC and ASD is expected to continue playing a primary role in its operation. The new ACSC will comprise cyber security capabilities from ASD, ASIO, AGD, AFP and the Australian Crime Commission.

International cooperation

In 2002, Australia signed a Memorandum of Understanding with Canada, New Zealand, the United Kingdom and the United States, establishing the International Computer Network Defence (CND) Coordination Working Group (ICCWG). The ICCWG, among other things, facilitates information sharing and resolution of CND-related issues.

The 2009 Defence White Paper noted that the Government would fund the Defence Science and Technology Organisation (DSTO) to investigate advanced computer security options, via the Technical Cooperation Program. DSTO also engages with other militaries on issues such as cyber warfare.

Australia participates in a United States-led multilateral cyber security exercise known as Cyber Storm. In March 2013, Australia took part in a United States-sponsored international exercise as part of Cyber Storm IV.

During the September 2011 AUSMIN talks, Australia and the United States agreed that the Australia, New Zealand, United States Security Treaty (ANZUS Treaty) could be invoked in response to a cyber-attack. The 2013 Defence White Paper emphasised this position.

Parliament should be cognisant of any policies and international agreements that involve offensive activities to counter cyber-attacks; specifically, the criteria for which offensive action might be taken under the ANZUS Treaty.

Further reading

P Jennings and T Feakin, The emerging agenda for cybersecurity: special report, Australian Strategic Policy Institute, July 2013.

N Brew, ‘Meeting the challenges of cyber security’, FlagPost weblog, 31 March 2011.

For copyright reasons some linked items are only available to members of Parliament.

© Commonwealth of Australia