Canberra is kicking its cyber security activities into high gear as federal government agencies look to boost their encryption technology to thwart off spooks by turning to the private sector for innovative solutions. The government is also looking to protect individuals’ private data, with new Australian Privacy Principles set to come online in mid-March. With new rules requiring government agencies and businesses to be more transparent about data collection, use, and storage, the new privacy regime will require concerted private sector reforms.
Transparency is a running theme this week in Oz, as Australian Information Commissioner John McMillan has suggested that the Freedom of Information Act 1982 should be extended to include intelligence agencies. (An idea raised earlier on The Strategist by Andrew Zammit.) With parallel organizations in the US, including the NSA and CIA, falling under similar transparency laws, McMillan argues that that exempting intelligence organisations like the Australian Security Intelligence Organization (ASIO), Australian Secret Intelligence Service (ASIS), and Australian Signals Directorate (ASD) sends ‘mixed messages’.
The US has also taken to the New Year with new cyber fervour. Despite limited mention in the State of the Union address, President Obama is expected to continue to use Executive powers to keep things moving forward, albeit slowly, on securing cyberspace. The work launched in last year’s State of the Union is expected to come to fruition as well, with the National Institute of Standards and Technology (NIST) cybersecurity framework to be released next week.
The NSA and CYBERCOM are also looking for a new start, with the President nominating Navy Vice Admiral Michael Rogers to serve as the dual-hatted leader of the organisations. Sure to face a bruising confirmation hearing process, a look into his past finds the Vice Admiral stating the ‘rights of the individual must remain paramount’. Not a bad start for the embattled organisations.
Despite this uptick in activity, it’s clear that major US cyber policies remain stymied in the fallout of the Snowden leaks. However, in such a dynamic and critical arena, stakeholders are no longer willing to remain silent. Military fellows at the Center for New American Security are calling for a Department level cyber strategy in the Pentagon and delineated roles and responsibilities for each of the service branches while the Secret Service is urging Congress to step up efforts against cybercrime.
In other news, we wish a hearty Happy Birthday to the Munich Security Conference! At 50 the annual event isn’t showing its age, responding to the changing global context by bringing cyber to the fore. Some of the top minds in the transatlantic relationship share their views on cyber, looking at the Western Alliance in the Digital Age, debating big data and the future of intelligence, and mulling over freedom vs. security in cyberspace. But as cybersecurity is more than an academic exercise Russia is launching efforts to stand-up special cyber-defence units and Israel is responding to the ‘biggest revolution in warfare’ (and recent cyber attacks) by setting up an emergency cyber task force.
In the end however, while nefarious actors do present a real threat to cyber security, a Super Bowl snafu reminds us that in many cases human error is the biggest cyber vulnerability.
Klée Aiken is an analyst in ASPI’s International Cyber Policy Centre.