Home' Asia Pacific Defence Reporter : APDR November 2015 Contents 30 Asia Pacific Defence Reporter NOV 2015
Scare headlines abound on the threat breaches
of cyber security pose to Australian individuals,
organisations, critical networks, and Federal
and State governments.
Although these threats are taken seriously by the
Australian government through advice, monitoring
and remediation by the Australian Cyber Security
Centre (ACSC) and other groups, nowhere are they
responded to more seriously than in Defence.
The proliferation of intelligent devices in military
platforms, headquarters and supply chains, all linked
together by either the Defence Restricted Network or
the Defence Secret Network, is a challenge to keep
With the wholesale adoption by ADF of network
centric warfare, cyber-attacks have the potential to
cripple Australia’s military preparedness and response
options. Indeed, considerable planning is continuing in
Defence for operations in a satellite or network-denied
ACSC is the key national grouping of cyber
security capabilities from across Defence including
the Australian Signals Directorate (ASD), the Defence
Intelligence Organisation (DIO), the Attorney-
General’s Department, Australian Security Intelligence
Organisation (ASIO), Computer Emergency Response
Team (CERT) Australia, Australian Federal Police
(AFP) and Australian Crime Commission (ACC) in a
single Canberra location.
These days most nation states have offensive cyber-
attack and cyber defence resources. Information about
these is shared between coalition partners. As big a
threat comes from non-state actors, issue motivated
groups, criminal networks, and misguided individuals
dabbling for mischief making or personal gain.
Cyber security involves both communications
security and information security. Advice and
intervention by ACSC involves both of these domains.
The most recent report from ACSC stated that they
responded to 1131 incidents in 2014, up 20% from
the 940 figure. Sometimes these responses were to
give advice to remediate a situation, but many required
ACSC staff to go on site to restore integrity to stored
data, computer systems and networks.
AUSTRALIAN GOVERNMENT CS
‘The ACSC provides the Australian Government
with all-source cyber situational awareness and an
enhanced ability to facilitate operational responses
to cyber security events of national importance. The
ACSC will identify and analyse sophisticated cyber-
attacks, and assist in responses to cyber events
across government and critical private sector systems
and infrastructure.’ (extract from the Australian
Government’s Cyber Security Strategy)
CERT Australia, in the Attorney-General’s
Department, is the national coordination point for the
provision of cyber security information and advice
for the Australian community. It also cooperates
internationally with the CERTS of other countries.
These two bodies are key elements in the
Government’s cyber security strategy which is based
on national leadership; shared responsibilities across
all participants; partnerships across all Australian
governments, the private sector and the broader
community; risk management; protecting Australian
values including freedom of speech and the right to
privacy; and active international engagement.
Less known in the wider community is Australia’s
active diplomacy to ensure that internet issues and
cyber security incident responses can be shared
between like-minded countries. The August 22nd
ASEAN Regional Forum Ministerial meeting in Kuala
Lumpur did a lot of work on the sidelines in this field. A
ground-breaking Work Plan agreed between Malaysia,
Russia and Australia will facilitate dealing with issues
triggered by internet and communications technology,
and the necessary responses, so they can be dealt
with before they escalate to a national security level.
If these three governments with obviously dissimilar
views about how the internet should be managed
and used in their own countries could agree, then
Australia’s diplomatic efforts have been a quiet triumph.
AUSTRALIAN CYBER SECURITY
The ACSC with Clive Lines, a deputy director at
ASD, as the centre’s coordinator, will have around
300 officers when it reaches full strength by 2017.
Responsibility for the centre is shared between the
Minister for Defence and the Attorney-General.
As mentioned earlier in this article it combines the
resources of key cyber security capabilities from a
number of major government organisations. Its role is to
raise awareness of cyber security; report on the nature
and extent of cyber threats; encourage reporting of
cyber security incidents; analyse and investigate cyber
threats; coordinate national cyber security operations
and capability; and lead the Australian Government’s
operational response to cyber incidents.
Their website states ‘ACSC identifies malicious
activity conducted by sophisticated foreign hackers by
using advanced analytic capabilities and techniques.
The workforce includes staff highly trained in computer
information technology and analysis. This, together
with ASD’s high-powered computing resources,
ensures the centre is able to process large volumes
of data to identify cyber threats. ASD uses this
information to proactively and reactively respond to
Australia’s systems of national interest and critical
infrastructure are vulnerable to malicious cyber activity.
In 2014, CERT Australia responded to 11,073 cyber
security incidents affecting Australian businesses, 153
GEOFF SLOCOMBE // VICTORIA
AN AUSTRALIAN DEFENCE UPDATE
By December 2014 Australia had more than 12.6 million internet subscribers and there were 21 million subscribers to mobile
services with an internet connection. This is a huge proportion of the population, governments and industry, all with cyber
14/10/2015 10:39 pm
Links Archive APDR October 2015 APDR Dec15/Jan16 Navigation Previous Page Next Page