Nicole Brangwin, Foreign Affairs, Defence and Security
The cybersecurity environment is a constantly evolving and complex issue that affects numerous sectors. Strategic level policies and programs are struggling to keep up with threats as technology rapidly advances. The Cyber Security Strategy released in April 2016 is Australia’s response to the threat but its implementation is now urgent.
What is cybersecurity?
In simple terms,
cybersecurity involves the protection of computer systems connected to the Internet.
Entities such as government,
business and organisations, as well as millions of individuals in Australia,
rely on these connections every day.
What are we protecting these systems from?
According to the Government’s
Australian Cyber Security Centre (ACSC),
threats might include cyber espionage that gathers intelligence in support of
state-sponsored activities; cyber attacks that aim to destroy critical
infrastructure; or criminals using the Internet as a means to defraud, or steal
How serious is the threat?
According to the ACSC
Threat Report, from 2011 to 2014, the number of cybersecurity incidents to which
the Australian Signals Directorate (ASD) responded rose by around 260 per cent
(from 313 incidents in 2011 to 1,131 in 2014). These incidents involved
Australian Government and other networks of national interest.
Needless to say, the cyberthreat is vast,
traversing many jurisdictions—and it is not just a technical ICT (information,
communication and technology) issue. Effective threat mitigation requires
action across sectors including government (not just defence and policing, but
all government entities); industry (large, medium and small businesses);
academia and science (research and development) and the community (personal
security awareness), just to name a few.
What is being done?
As a policy issue, concerns
about Australia’s cyber resilience were initially raised in the Howard
Government’s 2000 Defence White Paper, Defence 2000: our
future defence force. A number of initiatives flowed from this policy
including cooperation among key national security agencies to assess and deal
with emerging threats. In the 2009 Defence White Paper, Defending
Australia in the Asia Pacific century: Force 2030, the Rudd Government
elevated the cyberthreat to one of national security priority, and in 2010, established
the Cyber Security Operations Centre (CSOC) within the Defence Signals
Directorate (now ASD). In
2013, under the Gillard Government, the CSOC evolved into the Australian
Cyber Security Centre as ‘the hub of the government’s cyber security efforts’.
Defence White Paper recognised that dealing with cyberthreats requires
not only a whole-of-government approach, but industry involvement as well.
The Department of Defence
continues to play the primary role within the ACSC, which also hosts the
Attorney-General’s Computer Emergency Response Team Australia (CERT Australia);
the Cyber Espionage Branch of the Australian Security Intelligence Organisation;
components of the High-Tech Crime Operations unit of the Australian Federal
Police; expertise from the Australian Criminal Intelligence Commission
(formerly the Australian Crime Commission) and key industry participants.
Is Australia prepared?
2011, the Gillard Government announced the development of a cyber white
paper, which was meant to address issues ranging from safety, crime, and consumer
protection, to national security and defence. The initial impetus eventually
morphed into an overarching update of the National
Digital Economy Strategy, released in June 2013.
Following the 2013 election, cybersecurity was not part of the
Abbott Government’s public focus on national security issues until the cybersecurity
review announced in November
2014. The review was originally intended to take six months but it was not
months later when, under the Turnbull Government, Australia’s new
cybersecurity strategy was finally announced—effectively replacing the 2009 cyber
security strategy. While the 2016 strategy recognises cybersecurity as a
strategic issue for Australia’s economy and national security, the emphasis
placed on this issue appears less significant than in 2009 when cybersecurity was
considered ‘one of Australia’s top tier national security priorities’.
The Government’s commitment to the strategy is
demonstrated by the April 2016 announcement of an Ambassador for Cyber Issues
(yet to be appointed), a Minister Assisting the Prime Minister on Cyber
Tehan) and a Special Advisor to the Prime Minister on Cyber Security (Alastair
Given the escalation of
cyber attacks and Defence’s role in responding, it is unsurprising to learn that
Australia has an offensive capability. However, this was not publicly
acknowledged until the release of the 2016 Cyber Security Strategy. No further
details about Australia’s offensive capabilities are publicly available, but ASD
now openly recruits for
offensive and defensive cyber specialists.
Could this lead to cyberwarfare?
Debate surrounds the exact nature
of cyberwarfare as a sole undertaking. The 2016 Defence
White Paper highlights the ‘complex non-geographic threats’ in
cyberspace and space, and how military capabilities can be adversely affected.
The Australia-United States alliance also acknowledged these threats during
Ministerial talks in
2011 (AUSMIN) where it was agreed that the ANZUS Treaty could be invoked in
response to a cyber attack. But when does a cyber attack constitute an armed
attack? The US
considers, on a case-by-case basis, the ‘nature and extent of injury or
death to persons and the destruction of, or damage to, property’. The threshold
for, say, an armed response to a cyber attack is not clear or publicly
discussed by Australian or US officials.
Department of the Prime Minister and Cabinet, ‘Australia’s cyber security strategy: enabling innovation, growth & prosperity’, Australian Government, April 2016.
Australian Cyber Security Centre (ACSC), ‘ACSC 2015 threat report’, Australian Government, July 2015.
Back to Parliamentary Library Briefing Book
For copyright reasons some linked items are only available to members of Parliament.
© Commonwealth of Australia
With the exception of the Commonwealth Coat of Arms, and to the extent that copyright subsists in a third party, this publication, its logo and front page design are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia licence.