The biggest news came on Thursday when Prime Minster Abbott travelled to the shores of Lake Burley Griffin to officially open the Australian Cyber Security Centre (ACSC). While the ACSC has already been working behind the scenes, the long-awaited official opening comes 23 months after the Centre was first announced in January 2013, by PM Julia Gillard.
The Australian Cyber Security Centre aims to bring together operational cyber capabilities from across government to improve coordination and cooperation. The Centre will be governed by an Attorney-General’s-led Cyber Security Operations Board, but will include elements from Defence, the Attorney-General’s Department (AGD), CERT Australia, the Australian Security Intelligence Organisation, the Australian Federal Police, and the Australian Crime Commission. Major General Steve Day will serve as the Centre’s inaugural coordinator. For a good read on how the ACSC fits into the larger Australian cybersecurity space, take a look back at our Special Report on the emerging agenda for cybersecurity.
During the official opening, the Prime Minister also announced the start of a Department of Prime Minister and Cabinet (PM&C) cybersecurity review process. The last cybersecurity review was conducted back in 2008 by AGD and eventually fed into the 2009 Cyber Security Strategy (PDF). While there were some signs that a Cyber White Paper might emerge back in 2012, the current review is a promising move toward a much needed update of the 2009 strategy.
The details of the review process have been quite scant, so we’ll let you make what you will of the aims of the process. The Review will:
- assess the risk of cyber attacks in the public and private sectors with a view to making our online systems more resilient to attack;
- examine how government and industry can better work together to reduce the risk of cyber attacks;
- assess how Government protects its networks and information; and
- work to ensure we are one step ahead of the threats to government networks and critical infrastructure.
Doing all that will be a tall order with only 6 months to conduct the review, but PM&C will have plenty of help from an external panel which includes ICPC’s Director, Tobias Feakin. The review represents a good first step in updating Australia’s cyber arrangements and policy. Still, as we’ve already cautioned, what Australia really needs is an outward-looking cyber strategy, not an inward-looking audit.
In the shadow of this announcement was another exciting development for Australian cybercrime fighters: the launch of ACORN. ACORN, or the Australian Cybercrime Online Reporting Network, will allow the public to report instances of cybercrime more easily, and provide advice on how to recognise and avoid cybercrime. The effort also aims to overcome the jurisdictional challenge that cybercrime presents by sharing information between Federal, State, and Territory governments and police agencies and aggregating data to understand better the trends in cybercrime.
And if that’s not enough excitement, on Friday the Australian Communications and Media Authority (ACMA) launched the Australian Internet Security Initiative (AISI) portal. AISI has existed in one form or another since 2005 and offers a mechanism to root-out malware and botnet-compromised computers. Working with ISP providers, ACMA identifies IP addresses that exhibit symptoms of infection. While voluntary, the intention is to create a security culture by which ISPs will then contact the customer associated with the infection and help them remedy the situation.
Clearly Christmas has come early for Canberra’s cyber wonks.