Last week progress was made on three initiatives announced in April’s Cyber Security Strategy. First up, Foreign Minister Julie Bishop and Minister Assisting the PM for Cyber Security Dan Tehan announced last Thursday that ICPC’s Tobias Feakin will be Australia’s first Ambassador for Cyber Affairs. The new role will promote Australia’s position on key policy issues including international law and norms, and coordinate regional cyber capacity building work. Feakin will also develop the International Cyber Engagement Strategy which the government committed to back in April, a process that ICPC will be following closely. Congratulations, Toby!
Second, the Cyber Security Strategy also committed to move the Australian Cyber Security Centre (ACSC) from its current digs in ASIO’s headquarters to a facility that would be more accessible to partners from the private sector, research and academic communities. Reporting says that government will fit out a building just down the road from ASIO at Canberra Airport’s Brindabella Business Park at a cost of $38.8 million. The submission to the Parliamentary Public Works Committee notes that there are about 260 people in the ACSC at the moment, with the new facility to be designed to accommodate a maximum of 700. It’s planned to be a ‘multi-classification environment’ as much of ACSC’s work doesn’t involve highly classified information. That will help overcome the recruitment bottleneck created by the extensive clearance processes required for workers in the ACSC’s current home.
And third, the Australian Securities Exchange and Australian Securities and Investment Commission invited the ASX100 companies to participate in a Cyber Health Check. The voluntary Health Checks, led by industry, will benchmark cyber security awareness, capability and preparedness for cyber incidents.
Also last week, the government tabled the Telecommunications and other legislation Amendment Bill, putting into effect the long running Telecommunications Sector Security Reform program. The legislation requires telcos to advise government about changes to their networks and facilities that would have potential security implications—including equipment purchases and outsourcing agreements. It also gives the Attorney-General the power to direct telcos to cease using or supplying services when they’re ‘prejudicial to security’. During previous consultation, industry groups have criticised the legislation for its onerous compliance requirements and vagueness in previous drafts, and it remains to be seen if that criticism will need to be repeated. The Bill has been referred to the Parliamentary Joint Committee on Intelligence and Security for review.
Professional networking site LinkedIn has been banned in Russia this week for failing to comply with the country’s privacy laws that require its citizens’ data to be stored in Russia. However, LinkedIn’s block may only be the start of big things for western companies seeking Russian audiences, with Facebook, WhatsApp and Twitter also named as targets of Russian regulator Roskomnadzor.
Facebook is also under pressure in the US from critics who are angry that the company has allowed ‘false’ news from non-traditional and highly partisan websites to spread through the social media platform. Founder Mark Zuckerberg released a statement defending Facebook and its content, but the company is apparently wrangling with the issue internally.
Finally, the US elections seem to have passed without any of the major cyber incidents that had been anticipated. Donald Trump’s big win means there’ll likely be some interesting and consequential changes in US cybersecurity policy. The actual direction Trump will take in this area isn’t entirely clear (as with most of his policies), but there’s plenty of speculation on the general direction of the Trump administration. During the campaign, Trump’s responses to cyber questions were vague and often weird, but he did release a short cybersecurity policy statement with a focus on strengthening cybersecurity and offensive cyber capabilities. Wired notes that Silicon Valley firms are worried that Trump will make even more insistent demands for government access to customer data. Gizmodo has warned that Rudolph Giuliani’s suggestion that he might take over as White House Cyber Czar would be disastrous due to his poor understanding of the issues, and further adds that ‘strong cybersecurity and a Trump administration are not compatible’ due to the patience and respect for privacy it requires. And over at CFR, David Fidler has assessed that Trump’s hostility towards trade agreements, such as the Trans-Pacific Partnership, will undermine the growth of stability of digital trade as his protectionist impulses build barriers to digital trade, signalling an end to US leadership of trade and digital commerce.