Australian Government: Attorney-General's Department
Australian Government: Attorney-General's DepartmentAchieving a Just and Secure Society

Cyber Security

The Attorney-General’s Department is the lead agency for cyber security policy across the Australian Government and chairs the Cyber Security Policy and Coordination (CSPC) Committee, which is the interdepartmental committee that coordinates the development of cyber security policy for the Australian Government.

The Australian Government’s cyber security policy is contained in its Cyber Security Strategy.

The Strategy was launched on 23 November 2009 and articulates the overall aim and objectives of the Australian Government’s cyber security policy and sets out the strategic priorities that the Australian Government will pursue to achieve these objectives.  The Strategy also describes the key actions and measures that will be undertaken through a comprehensive body of work across the Australian Government to achieve these strategic priorities.

The Strategy was a key outcome of the E-Security Review 2008. The Review examined the Australian Government’s cyber security policy, programs and capabilities with the aim of developing a new Australian Government policy framework for cyber security – the Strategy.

The Australian Government defines cyber security as:

Measures relating to the confidentially, availability and integrity of information that is processed, stored and communicated by electronic or similar means.

The aim of the Australian Government’s cyber security policy is:

The maintenance of a secure, resilient and trusted electronic operating environment that supports Australia’s national security and maximises the benefits of the digital economy.

Australian Government Cyber Security Strategy

The Prime Minister indicated that cyber security is now one of Australia’s top tier national security priorities in the National Security Statement to the Parliament on 4 December 2008. The global community continues to experience an increase in the scale, sophistication and successful perpetration of cyber crime. As the quantity and value of electronic information has increased so too have the efforts of criminals and other malicious actors who have embraced the internet as a more anonymous, convenient and profitable way of carrying out their activities.

Australia’s national security, economic prosperity and social wellbeing are critically dependent upon the availability, integrity and confidentiality of a range of information and communications technologies (ICT). This includes desktop computers, the internet, mobile communications devices and other computer systems and networks.

A more insidious and damaging threat

The production, sale and distribution of malicious code has become a prolific criminal industry, making malware stealthier, more targeted, multi-faceted and harder to analyse and defeat. The risk to the Australian economy from computer intrusion and the spread of malicious code by organised crime has been assessed as high. This is particularly the case for financial transactions and sensitive commercial or personal identity information.

There are a growing array of state and non-state actors who are compromising, stealing, changing or destroying information and therefore potentially causing critical disruptions to Australian systems. The distinction between traditional threat actors – hackers, terrorists, organised criminal networks, industrial spies and foreign intelligence services – is increasingly blurred. With the borderless, anonymous nature of the internet, attribution of the source of attacks is difficult.

A government-led coherent, integrated approach

Confronting and managing these risks must be balanced against the civil liberties of Australians, including the right to privacy, and the need to promote efficiency and innovation to ensure that Australia realises the full potential of the digital economy.

The aim of the Australian Government’s cyber security policy is the maintenance of a secure, resilient and trusted electronic operating environment that supports Australia's national security and maximises the benefits of the digital economy.

While the Australian Government’s cyber security policy is primarily concerned with the availability, integrity and confidentiality of Australia’s ICT, it must be coordinated with those of other related policies and programs such as cyber safety which is focused on protecting individuals, especially children, from offensive content, bullying, stalking or grooming online for the purposes of sexual exploitation.

Guiding principles

Consistent with the enduring principles outlined in the Prime Minister’s National Security Statement, the Australian Government’s cyber security policy is based on the following guiding principles:

  • National leadership: The scale and complexity of the cyber security challenge requires strong national leadership.
  • Shared responsibilities: All users, in enjoying the benefits of ICT, should take reasonable steps to secure their own systems, exercise care in the communication and storage of sensitive information and have an obligation to respect the information and systems of other users.
  • Partnerships: In light of these shared responsibilities, a partnership approach to cyber security across all Australian governments, the private sector and the broader Australian community is essential.
  • Active international engagement: Given the transnational nature of the internet, in which effective cyber security requires coordinated global action, Australia must adopt an active, multi-layered approach to international engagement on cyber security.
  • Risk management: In a globalised world where all internet-connected systems are potentially vulnerable and where cyber attacks are difficult to detect, there is no such thing as absolute cyber security. Australia must therefore apply a risk-based approach to assessing, prioritising and resourcing cyber security activities.
  • Protecting Australian values: Australia must pursue cyber security policies that enhance individual and collective security while preserving Australians’ right to privacy and other fundamental values and freedoms. Maintaining this balance is a continuing challenge for all modern democracies seeking to meet the complex cyber security challenges of the future.

Objectives

The objectives of the Australian Government’s cyber security policy are that:

  • All Australians are aware of cyber risks, secure their computers and take steps to protect their identities, privacy and finances online.
  • Australian businesses operate secure and resilient information and communications technologies to protect the integrity of their own operations and the identity and privacy of their customers.
  • The Australian Government ensures its information and communications technologies are secure and resilient.

Strategic priorities

To achieve these objectives the Australian Government applies the following strategic priorities to its programs:

  • Improve the detection, analysis, mitigation and response to sophisticated cyber threats, with a focus on government, critical infrastructure and other systems of national interest.
  • Educate and empower all Australians with the information, confidence and practical tools to protect themselves online.
  • Partner with business to promote security and resilience in infrastructure, networks, products and services.
  • Model best practice in the protection of government ICT systems, including the systems of those transacting with government online.
  • Promote a secure, resilient and trusted global electronic operating environment that supports Australia's national interests.
  • Maintain an effective legal framework and enforcement capabilities to target and prosecute cyber crime.
  • Promote the development of a skilled cyber security workforce with access to research and development to develop innovative solutions.

New capabilities

At the forefront of the Australian Government’s Cyber Security Strategy are two key organisations, currently being established and expected to be fully operational in early 2010:

CERT Australia – Australia’s national computer emergency response team

The Attorney-General’s Department will progressively take responsibility for the national computer emergency response team (CERT) function for Australia – CERT Australia will commence operations in early 2010.

CERT Australia will bring together Australia’s existing computer emergency response arrangements under a new national CERT. CERT Australia will be the source of cyber security information for the Australian community and the point of contact for Australia’s international cyber security counterparts. It will provide all Australians with access to information on cyber threats and vulnerabilities so that they can better protect themselves.

CERT Australia will provide a trusted environment for information exchanges between the Australian Government and business on cyber security related issues. 

CERT Australia will have a coordination role during a serious cyber security incident.

It will incorporate a range of current cyber security activities undertaken by Australian Government agencies, including the Australian Government Computer Emergency Readiness Team.

CERT Australia will complement the work of the Cyber Security Operations Centre (CSOC).

For more information visit the CERT Australia website.

Cyber Security Operations Centre (CSOC)

CSOC in the Defence Signals Directorate is a Defence capability serving whole of government cyber security needs to detect and defeat sophisticated cyber threats. The CSOC provides cyber situational awareness and an enhanced ability to facilitate coordinated responses to, and management of, cyber security events of national importance. Staffed by skilled experts from a number of Australian Government agencies, it maximises the Australian Government’s ability to prevent, detect and rapidly respond to fast evolving sophisticated cyber exploitation attempts and attacks.

The CSOC draws on an array of sources in the intelligence and security, law enforcement, national CERT and industry communities to provide a comprehensive picture of threats to Australian information and systems. The CSOC coordinates cyber event responses by government agencies and works in collaboration with overseas partners. It will accommodate a continuously staffed watch office and analysis team able to prevent or respond immediately to significant cyber threats as they are detected.

For more information visit the Defence Signals Directorate website.

Roles and responsibilities of Australian Government agencies

A range of agencies make a significant contribution to the implementation of the Australian Government Cyber Security Strategy and the operation of CERT Australia and the CSOC. Recognising that all Australian Government agencies have an important role to play in ensuring the security and resilience of Australian Government systems, the following agencies have clear responsibility for the delivery of Australian Government cyber security outcomes.

The Attorney-General’s Department (AGD) is responsible for Australian Government protective security policy and for criminal law and law enforcement policy, including:

  • providing whole of government coordination on cyber security policy, including crisis management and international collaboration
  • promulgating protective security policy for Australian Government agencies
  • taking a leadership role in advancing business-government partnerships, including national CERT arrangements, and
  • providing cyber security guidance to owners and operators of critical infrastructure and other businesses of national interest.

CERT Australia works with the Joint Operating Arrangements (JOA) agencies to contribute to a shared understanding of major events, provide a pathway to the national crisis management arrangements, and be able to provide alerts and guidance to the private sector.

The Australian Communications and Media Authority (ACMA) is responsible for the regulation of broadcasting, the internet, radiocommunications and telecommunications. It contributes to cyber security objectives by:

  • gathering evidence and assisting in protecting Australians from computer fraud and identity theft
  • ensuring internet service providers (ISPs) and telecommunications providers are meeting their regulatory obligations regarding criminal misuse and illegal content
  • encouraging the development of codes of practice for ISPs and online content service providers and monitoring compliance with these codes
  • working with ISPs for the identification of compromised computers, and
  • identifying, investigating and acting against those involved in the distribution of spam.

For more information visit the Australian Communications and Media Authority website.

The Australian Federal Police (AFP) enforces Commonwealth criminal law and protects Commonwealth and national interests from crime in Australia and overseas. In relation to cyber security, the AFP:

  • provides a specialised investigative capacity to support the identification, investigation and prosecution of complex technology enabled crime offences
  • works in partnership with the Australian law enforcement community to respond to organised and complex technology enabled crime
  • actively engages in the implementation of crime prevention strategies aimed at raising awareness of cyber security risks in the Australian community, and
  • cooperates with international agencies to investigate and prosecute technology enabled crime and address cyber crime issues.

AFP is a member agency of the JOA.

For more information visit the Australian Federal Police website.

The Australian Security Intelligence Organisation’s (ASIO) responsibilities are defined by the Australian Security Intelligence Organisation Act 1979 and, in relation to
cyber security, include:

  • investigating electronic attacks conducted for purpose of espionage, sabotage, terrorism or other forms of politically motivated violence, attacks on the defence system and other matters that fall under the heads of security in the ASIO Act
  • collecting intelligence both domestically and internationally on such matters, assessing the capabilities and intentions of persons and groups of security interest
  • contributing to the investigation of computer network operations directed against Australia’s national interests, including those targeting government and critical infrastructure assets
  • producing threat assessments and protective security advice for government and critical infrastructure, and
  • liaising with business on behalf of the Australian intelligence community through the Business Liaison Unit.

ASIO is a member agency of the JOA.

For more information visit the Australian Security Intelligence Organisation website.

The Defence Signals Directorate (DSD) is the national authority on the security of ICT across government. DSD provides a range of information security services to ensure that sensitive government electronic information systems are not susceptible to unauthorised access, compromise or disruption. Pursuant to the Intelligence Services Act 2001, DSD’s functions include:

  • providing material, advice and other assistance to Commonwealth and State authorities on matters relating to the security and integrity of information that is processed, stored or communicated by electronic or similar means, and
  • providing assistance to Commonwealth, State and Territory authorities in relation to cryptography and communications technologies.
  • DSD, through the CSOC, is responsible for maintaining a comprehensive national picture of cyber security threats, through monitoring and analysis of all information sources. It provides a central point for sharing information across government and coordinates with other agencies on response activities.
  • DSD is responsible for developing and maintaining the Australian Government Information and Communications Technology Security Manual (ISM).

DSD is a member agency of the JOA.

For more information visit the Defence Signals Directorate website.

The Department of Broadband, Communications and the Digital Economy (DBCDE) has responsibility for creating an environment that supports Australians in taking full advantage of the opportunities offered by the digital economy by:

  • working with the internet industry and the community to raise awareness of cyber security risks with a view to improving their online practices and behaviours
  • working with the ISPs to enhance the security of their subscribers, including through the development of codes of practice
  • working across the BCDE portfolio to promote the alignment of activities that have cyber security synergies with whole of government cyber security policy objectives, and
  • collaborating internationally to address cyber security issues, ensuring that DBCDE international activities align with whole of government objectives.

For more information visit the Department of Broadband, Communications and the Digital Economy website.

The Department of Finance and Deregulation’s Australian Government Information Management Office (AGIMO) works with Australian Government agencies to ensure the productive application of information and communication technologies (ICT). It contributes to cyber security objectives by:

  • ensuring that Australian Government ICT proposals have adequately considered cyber security risks
  • working with agencies to adopt a whole of government approach to the management of common assets and data sharing
  • promoting security and resilience as essential requirements of e-government initiatives
  • developing whole of government strategies to help meet shortfalls in skilled cyber security practitioners, and
  • coordinating a strategy for managed internet gateways for Australian Government agencies.

For more information visit the Australian Government Information Management Office website.

The Joint Operating Arrangements (JOA) were established by the Australian Government whereby operational cyber security agencies (DSD, AFP and ASIO) identify, analyse and respond to cyber events of serious national consequence. The JOA agencies determine which agency has primary carriage of a security event response on the basis of the nature of the event and individual agency responsibilities. It is intended that this process will be undertaken within the CSOC, drawing upon its capabilities and the staff embedded within it from relevant Australian Government agencies.

The Cyber Security Policy and Coordination (CSPC) Committee is the Australian Government interdepartmental committee that coordinates the development of cyber security policy for the Australian Government. The CSPC Committee:

  • provides whole of government strategic leadership on cyber security
  • determines priorities for the Australian Government
  • coordinates the response to cyber security events, noting that its coordination and policy functions do not extend to the oversight of operations, and
  • coordinates Australian Government cyber security policy internationally.

If you require an alternative format for these documents please ring 02 6141 2962.