The Cyber White Paper, originally promised for release in the first half of 2012, has been delayed several times. In October last year, responsibility for its production was quietly transferred from the Prime Minister’s Department to the Department of Broadband, Communications and the Digital Economy. There, the focus of the white paper was said to be ‘broadened’ away from cybersecurity. Prime Minister Gillard told a conference in October 2012 that ‘we should be broadening that out so it is more a digital white paper and helps us capture some of the more profound and longer term issues that have been brought to the table’.
What was ultimately released on 12 June 2013 wasn’t a Digital Economy White Paper, but a more limited statement described as an ‘update to the national digital economy strategy’ which was released in 2011. A number of peak bodies were approached to provide submissions on what cyber security issues the 2013 document should address. The final product is however, very disappointing. A seven page chapter on ‘safety and security’ does little more than list a range of current initiatives, including countering cyber bullying and a number of outreach activities.
A Cyber White Paper should have delivered rather more than that. What’s been delivered instead is the same piecemeal aggregation of various cyber-related initiatives, and the promise—but no delivery—of yet more ‘principles’, ‘guidance’ and ‘plans’. The demise of the Cyber White Paper was a messy business, and its replacement has produced little clarity.
But the next Federal Government will have a chance to reverse this trend, are there are some (limited) positive signs. The 2013 National Security Strategy lists cyber as one of its key security concerns. The Defence White Paper 2013 also marks a new stage in how cyber issues are dealt with by the Australian Government.
Emphasising a whole-of-government approach by renaming the Defence Signals Directorate to the Australian Signals Directorate is another welcome but limited step, but more substance must be added through the practical policy and administrative changes hinted at in such a move. More work is needed to ensure effective cooperation between departments, create productive mechanisms for the private sector to play its part, and provide enough money to produce results.
The absence of the Cyber White Paper reflects a major gap in Australia’s national security policy. This must be addressed as a matter of urgency. In an environment of rapidly evolving technology, it’s unacceptable for cyber policy to be left without updating for four years.
Because the update to the national digital economy strategy failed to cover the necessary cybersecurity territory, a Cyber White Paper must be re-commissioned and delivered in no more than 12 months. It should contain a clear examination of the threat picture in cyberspace to help government and business respond appropriately to changed or increased security requirements.
Such a policy development effort, building on work already done, has the potential to jolt the system into more effective action. Failure to take this path would put Australia at risk of falling behind rapid cybersecurity developments in the US and other key friends and allies.
The need now is for quick-thinking political leadership to sustain Australia’s strong advantages in cyber and to build a cyber leadership position for us in the international community.
Tobias Feakin is a senior analyst and Peter Jennings is the executive director of ASPI. This post is adapted from their new Special Report publication The emerging agenda for cybersecurity.