Last Thursday the Australian Strategic Policy Institute, in partnership with the Commonwealth Bank, launched its new International Cyber Policy Centre (ICPC).
A packed audience of key public and private sector stakeholders, all with a direct responsibility for elements of cybersecurity policy development and delivery, gathered at the launch. Catherine McGrath, Asia Editor at the ABC facilitated the lively dialogue which ensued from a panel of experts, including amongst others, Director-General of ASIO David Irvine, Malcolm Turnbull MP and the Commonwealth Bank’s security chief, Gary Blair.
After the centre was officially launched by ASPI CEO Peter Jennings, Gary Blair and myself (TF), the panel discussed the topic ‘What is Australia’s current response to cybersecurity and how should it evolve to promote a vibrant and dynamic digital economy into the future?’
The discussion that followed focused upon several key topics, including where the key threats were emerging from, government ownership of the cyber issue, cybercrime, cyber as a national security and foreign policy issue, and public–private collaboration on cybersecurity issues.
Sharing their unique perspectives on the issues, the panel spoke about current responses to cybersecurity and the rapid evolution and increasing frequency of cyberattacks from both state and non-state actors. Reflecting his perspective as a leading security chief, David Irvine especially reinforced this point, and was keen to underline that this created blurred boundaries between the two attack sources, which was of course what the perpetrators often intend, creating difficulties in attribution and response. He also emphasised that the cyber domain provides the means for actors to interfere with national security issues and that this creates concerns for government—something that will only become more acute in years to come when the potential for cyber war would be greater.
Tony Sheehan of the Attorney-General’s Department focused on the threat to critical national infrastructure and the fact that the Computer Emergency Response Team in AG’s provides a conduit to share threat data with managers of critical national infrastructure. However, understanding vulnerabilities and how to plug those gaps was vital to the work his teams were doing.
A long discussion ensued around emerging threats in cybercrime. Tim Morris of the AFP and Judith Lind of the ACC both spoke about online file trading systems and currencies that had emerged in recent years and the illicit economies that were flourishing around them. The ‘Dark Net’, which is distinct from other distributed Peer2Peer networks as file sharing is anonymous (i.e. IP addresses are not publicly shared), creates a space where illicit trading can take place in drugs, malicious codes and child pornography with a lower probability of a criminal being caught. There was mention of Australia’s ascension to the European Convention on Cybercrime and how this was a positive step in international collaboration on combating cybercrime threats which gives Australia cross-border reach in apprehending criminals remotely targeting Australia.
Members of the group spoke about how energy traditionally devoted to the prevention of cyber-attacks was now being diverted towards improving cyber resilience—the ability to effectively absorb and recover rapidly from cyber incidents. The panel agreed that cyber resilience would only be improved by engaging in cross-sector and international collaboration. Malcolm Turnbull felt that in terms of government responses to the issue of cyber, a ‘whole-of-government approach’ was necessary, rather than just one particular section of government, as this would increase resilience in this area.
A key aim of the ICPC is to link government, business, and the public on cyber issues, and building cooperation remained a strong overarching theme on the night. When the panel was asked how the private sector can best work with government on cyber issues, the overwhelming response was that the best vehicle was the sharing of data and vulnerabilities, a point championed by Gai Brodtmann MP. By sharing more of this information, software exploits can be closed faster, cybercrime prevention improved, critical infrastructure protection built and overall cyber resilience increased.
Gary Blair called for the private sector to step up and become more involved in the dialogue around cybersecurity issues in Australia and internationally. He suggested taking advantage of national and international fora such as the Seoul Conference on Cyberspace to voice private sector opinions and ideas, but added that this could only happen if the private sector began to see the broader strategic picture around cyber issues. At the international level, Malcolm Turnbull insisted that Australia needs to be ‘upfront’ and have a discussion around legitimate international cyber boundaries, which is one of the most important issues in the current international arena.
The evening demonstrated how much work there is to do in this area, but also how much willingness there is from across the public and private sectors to take the issue on and develop preventative and response mechanisms. The next step for the ASPI ICPC is to develop a program for building increased awareness and dialogue around the international aspects of cybersecurity, with an initial emphasis on engaging with the International Cyberspace Conference in Seoul in 2013.
Tobias Feakin is the Director of ASPI’s International Cyber Policy Centre. Jessica Woodall is an analyst at ASPI. Image credit: Luke Wilson, ASPI.