Australian Government: Attorney-General's Department
Australian Government: Attorney-General's DepartmentAchieving a Just and Secure Society

Cyber Security

National Cyber Security Awareness Week 2011
Cyber Security week logo

www.staysmartonline.gov.au

The Attorney-General’s Department is the lead agency for cyber security policy across the Australian Government and chairs the Cyber Security Policy and Coordination (CSPC) Committee, which is the interdepartmental committee that coordinates the development of cyber security policy for the Australian Government.

The Australian Government’s cyber security policy is contained in its Cyber Security Strategy.

The Strategy was launched on 23 November 2009 and articulates the overall aim and objectives of the Australian Government’s cyber security policy and sets out the strategic priorities that the Australian Government will pursue to achieve these objectives. The Strategy also describes the key actions and measures that will be undertaken through a comprehensive body of work across the Australian Government to achieve these strategic priorities.

The Strategy was a key outcome of the E-Security Review 2008. The Review examined the Australian Government’s cyber security policy, programs and capabilities with the aim of developing a new Australian Government policy framework for cyber security – the Strategy.

The Australian Government defines cyber security as:

Measures relating to the confidentially, availability and integrity of information that is processed, stored and communicated by electronic or similar means.

The aim of the Australian Government’s cyber security policy is:

The maintenance of a secure, resilient and trusted electronic operating environment that supports Australia’s national security and maximises the benefits of the digital economy.

Australian Government Cyber Security Strategy

Cyber security is one of Australia’s top tier national security priorities and was announced by the then Prime Minister in his 2008 National Security Statement. The global community continues to experience an increase in the scale, sophistication and successful perpetration of cyber crime. As the quantity and value of electronic information has increased so too have the efforts of criminals and other malicious actors who have embraced the internet as a more anonymous, convenient and profitable way of carrying out their activities.

Australia’s national security, economic prosperity and social wellbeing are critically dependent upon the availability, integrity and confidentiality of a range of information and communications technologies (ICT). This includes desktop computers, the internet, mobile communications devices and other computer systems and networks.

A more insidious and damaging threat

The production, sale and distribution of malicious code has become a prolific criminal industry, making malware stealthier, more targeted, multi-faceted and harder to analyse and defeat. The risk to the Australian economy from computer intrusion and the spread of malicious code by organised crime has been assessed as high. This is particularly the case for financial transactions and sensitive commercial or personal identity information.

There are a growing array of state and non-state actors who are compromising, stealing, changing or destroying information and therefore potentially causing critical disruptions to Australian systems. The distinction between traditional threat actors – hackers, terrorists, organised criminal networks, industrial spies and foreign intelligence services – is increasingly blurred. With the borderless, anonymous nature of the internet, attribution of the source of attacks is difficult.

A government-led coherent, integrated approach

Confronting and managing these risks must be balanced against the civil liberties of Australians, including the right to privacy, and the need to promote efficiency and innovation to ensure that Australia realises the full potential of the digital economy.

The aim of the Australian Government’s cyber security policy is the maintenance of a secure, resilient and trusted electronic operating environment that supports Australia's national security and maximises the benefits of the digital economy.

While the Australian Government’s cyber security policy is primarily concerned with the availability, integrity and confidentiality of Australia’s ICT, it must be coordinated with those of other related policies and programs such as cyber safety which is focused on protecting individuals, especially children, from offensive content, bullying, stalking or grooming online for the purposes of sexual exploitation.

Guiding principles

Consistent with the enduring principles outlined in the 2008 National Security Statement, the Australian Government’s cyber security policy is based on the following guiding principles:

  • National leadership: The scale and complexity of the cyber security challenge requires strong national leadership.
  • Shared responsibilities: All users, in enjoying the benefits of ICT, should take reasonable steps to secure their own systems, exercise care in the communication and storage of sensitive information and have an obligation to respect the information and systems of other users.
  • Partnerships: In light of these shared responsibilities, a partnership approach to cyber security across all Australian governments, the private sector and the broader Australian community is essential.
  • Active international engagement: Given the transnational nature of the internet, in which effective cyber security requires coordinated global action, Australia must adopt an active, multi-layered approach to international engagement on cyber security.
  • Risk management: In a globalised world where all internet-connected systems are potentially vulnerable and where cyber attacks are difficult to detect, there is no such thing as absolute cyber security. Australia must therefore apply a risk-based approach to assessing, prioritising and resourcing cyber security activities.
  • Protecting Australian values: Australia must pursue cyber security policies that enhance individual and collective security while preserving Australians’ right to privacy and other fundamental values and freedoms. Maintaining this balance is a continuing challenge for all modern democracies seeking to meet the complex cyber security challenges of the future.

Objectives

The objectives of the Australian Government’s cyber security policy are that:

  • All Australians are aware of cyber risks, secure their computers and take steps to protect their identities, privacy and finances online.
  • Australian businesses operate secure and resilient information and communications technologies to protect the integrity of their own operations and the identity and privacy of their customers.
  • The Australian Government ensures its information and communications technologies are secure and resilient.

Strategic priorities

To achieve these objectives the Australian Government applies the following strategic priorities to its programs:

  • Improve the detection, analysis, mitigation and response to sophisticated cyber threats, with a focus on government, critical infrastructure and other systems of national interest.
  • Educate and empower all Australians with the information, confidence and practical tools to protect themselves online.
  • Partner with business to promote security and resilience in infrastructure, networks, products and services.
  • Model best practice in the protection of government ICT systems, including the systems of those transacting with government online.
  • Promote a secure, resilient and trusted global electronic operating environment that supports Australia's national interests.
  • Maintain an effective legal framework and enforcement capabilities to target and prosecute cyber crime.
  • Promote the development of a skilled cyber security workforce with access to research and development to develop innovative solutions.

Capabilities

At the forefront of the Australian Government’s Cyber Security Strategy are two key organisations: CERT Australia and the Cyber Security Operations Centre, both established in early 2010.

CERT Australia – Australia’s national computer emergency response team

CERT Australia is the national coordination point within the Australian Government for the provision of cyber security information to the Australian community.

CERT Australia assists the owners and operators of critical infrastructure and systems of national interest.  CERT Australia is also the official Australian point of contact in the global community of computer emergency response teams (CERTs) to support international collaboration in regards to cyber security issues.

CERT Australia complements the work of the Cyber Security Operations Centre (CSOC).

For more information visit CERT Australia’s webpage

Cyber Security Operations Centre (CSOC)

The Cyber Security Operations Centre (CSOC) was established in the Defence Signals Directorate (DSD) as an initiative of the Australian Government’s 2009 Defence White Paper to mitigate the cyber threat to Australia’s national security. The centre meets two needs. It provides Defence with a cyber warfare capability and provides a resource designed to serve all government agencies.

In the past decade, the growing importance of operations in cyber space has become increasingly apparent. Our national security is under threat from a range of cyber actors. Our adversaries are often well resourced, highly skilled and able to defeat commercially available security solutions.

The role of the Cyber Security Operations Centre

CSOC has two main roles:

  • to provide government with a better understanding of sophisticated cyber threats against Australian interests
  • to coordinate and assist operational responses to cyber events of national importance across government and systems of national importance.

CSOC operations also complement DSD’s other information security activities.

Detecting and responding to sophisticated cyber threats

CSOC identifies malicious activity conducted by sophisticated foreign hackers by using advanced analytic capabilities and techniques. The workforce includes staff highly trained in computer information technology and analysis. This, together with DSD’s high powered computing resources, ensures the centre is able to process large volumes of data to identify cyber threats. DSD used this information to proactively and reactively respond to cyber threats.

Partners

CSOC has embedded representation from a number of Defence and other government agencies involved in assessing the threat to, and the protection of, Australian interests from sophisticated foreign threats. CSOC includes personnel from the:

For more information visit the Defence Signals Directorate website.

Roles and responsibilities of Australian Government agencies

A range of agencies make a significant contribution to the implementation of the Australian Government Cyber Security Strategy and the operation of CERT Australia and the CSOC. Recognising that all Australian Government agencies have an important role to play in ensuring the security and resilience of Australian Government systems, the following agencies have clear responsibility for the delivery of Australian Government cyber security outcomes.

The Attorney-General’s Department (AGD) is responsible for Australian Government protective security policy and for criminal law and law enforcement policy, including:

  • providing whole of government coordination on cyber security policy, including crisis management and international collaboration
  • promulgating protective security policy for Australian Government agencies
  • taking a leadership role in advancing business-government partnerships, including national CERT arrangements, and
  • providing cyber security guidance to owners and operators of critical infrastructure and other businesses of national interest.

CERT Australia has officers placed in the CSOC and contributes to a shared understanding of major events, provide a pathway to the national crisis management arrangements, and be able to provide alerts and guidance to the private sector.

The Australian Communications and Media Authority (ACMA) is responsible for the regulation of broadcasting, the internet, radiocommunications and telecommunications. It contributes to cyber security objectives by:

  • gathering evidence and assisting in protecting Australians from computer fraud and identity theft
  • ensuring internet service providers (ISPs) and telecommunications providers are meeting their regulatory obligations regarding criminal misuse and illegal content
  • encouraging the development of codes of practice for ISPs and online content service providers and monitoring compliance with these codes
  • working with ISPs for the identification of compromised computers, and
  • identifying, investigating and acting against those involved in the distribution of spam.

For more information visit the Australian Communications and Media Authority website.

The Australian Federal Police (AFP) enforces Commonwealth criminal law and protects Commonwealth and national interests from crime in Australia and overseas. In relation to cyber security, the AFP:

  • provides a specialised investigative capacity to support the identification, investigation and prosecution of complex technology enabled crime offences
  • works in partnership with the Australian law enforcement community to respond to organised and complex technology enabled crime
  • actively engages in the implementation of crime prevention strategies aimed at raising awareness of cyber security risks in the Australian community, and
  • cooperates with international agencies to investigate and prosecute technology enabled crime and address cyber crime issues.

AFP also has officers placed in the CSOC.

For more information visit the Australian Federal Police website.

The Australian Security Intelligence Organisation’s (ASIO) responsibilities are defined by the Australian Security Intelligence Organisation Act 1979 and, in relation to
cyber security, include:

  • investigating electronic attacks conducted for purpose of espionage, sabotage, terrorism or other forms of politically motivated violence, attacks on the defence system and other matters that fall under the heads of security in the ASIO Act
  • collecting intelligence both domestically and internationally on such matters, assessing the capabilities and intentions of persons and groups of security interest
  • contributing to the investigation of computer network operations directed against Australia’s national interests, including those targeting government and critical infrastructure assets
  • producing threat assessments and protective security advice for government and critical infrastructure, and
  • liaising with business on behalf of the Australian intelligence community through the Business Liaison Unit.

ASIO also has officers placed in the CSOC.

For more information visit the Australian Security Intelligence Organisation website.

The Defence Signals Directorate (DSD) is the national authority on the security of ICT across government. DSD provides a range of information security services to ensure that sensitive government electronic information systems are not susceptible to unauthorised access, compromise or disruption. Pursuant to the Intelligence Services Act 2001, DSD’s functions include:

  • providing material, advice and other assistance to Commonwealth and State authorities on matters relating to the security and integrity of information that is processed, stored or communicated by electronic or similar means, and
  • providing assistance to Commonwealth, State and Territory authorities in relation to cryptography and communications technologies.
  • DSD, through the CSOC, is responsible for maintaining a comprehensive national picture of cyber security threats, through monitoring and analysis of all information sources. It provides a central point for sharing information across government and coordinates with other agencies on response activities.
  • DSD is responsible for developing and maintaining the Australian Government Information and Communications Technology Security Manual (ISM).

The CSOC is hosted within DSD.

For more information visit the Defence Signals Directorate website.

The Department of Broadband, Communications and the Digital Economy (DBCDE) has responsibility for creating an environment that supports Australians in taking full advantage of the opportunities offered by the digital economy by:

  • working with the internet industry and the community to raise awareness of cyber security risks with a view to improving their online practices and behaviours
  • working with the ISPs to enhance the security of their subscribers, including through the development of codes of practice
  • working across the BCDE portfolio to promote the alignment of activities that have cyber security synergies with whole of government cyber security policy objectives, and
  • collaborating internationally to address cyber security issues, ensuring that DBCDE international activities align with whole of government objectives.

For more information visit the Department of Broadband, Communications and the Digital Economy website.

The Department of Finance and Deregulation’s Australian Government Information Management Office (AGIMO) works with Australian Government agencies to ensure the productive application of information and communication technologies (ICT). It contributes to cyber security objectives by:

  • ensuring that Australian Government ICT proposals have adequately considered cyber security risks
  • working with agencies to adopt a whole of government approach to the management of common assets and data sharing
  • promoting security and resilience as essential requirements of e-government initiatives
  • developing whole of government strategies to help meet shortfalls in skilled cyber security practitioners, and
  • coordinating a strategy for managed internet gateways for Australian Government agencies.

For more information visit the Australian Government Information Management Office website.

The Cyber Security Policy and Coordination (CSPC) Committee is the Australian Government interdepartmental committee that coordinates the development of cyber security policy for the Australian Government. The CSPC Committee:

  • provides whole of government strategic leadership on cyber security
  • determines priorities for the Australian Government
  • coordinates the response to cyber security events, noting that its coordination and policy functions do not extend to the oversight of operations, and
  • coordinates Australian Government cyber security policy internationally.

If you require an alternative format for these documents please ring 02 6141 2962.