Home' Asia Pacific Defence Reporter : APDR April 2017 Contents 56 Asia Pacific Defence Reporter APR 2017
intelligence and information security. It is the peak
body in these roles although it works closely with
other national intelligence agencies including the
Defence Strategic Policy and Intelligence Group,
the Australian Intelligence Community, Australian
Government cyber security.
The government has strengthened its consultation
mechanism domestically by appointing Alastair
MacGibbon as Australia’s first Cyber Security
Special Adviser to the Prime Minister
Internationally, the ASD partners with the
(CSE), Canada; Government Communications
Headquarters (GCHQ), United Kingdom;
Government Communications Security Bureau
(GCSB), New Zealand; and the National Security
Agency (NSA), United States of America.
Australia’s first Ambassador for Cyber Affairs,
Tobias Feakin, has been appointed to promote our
interests on the world stage.
Major publications available publicly from the ASD
website include the 2016 Australian Government
Information Security Manual; Strategies to Mitigate
Cyber Security Incidents (new in February 2017);
and other documents and bulletins covering a range
of vital topics in the cyber security field.
ASD sets the standards for data interchange
between external organisations and government
bodies. Where Australian defence industry firms are
working with Defence’s capability project teams as
well as delivering products and support to the ADF,
strict policies are to be followed and continuing
surveillance of traffic is maintained.
ASD endorses qualified information and
communications technology (ICT) professionals,
who have met ASD’s strict requirements,
to provide ICT security ser vices which aim to
secure Australian Government information and
associated ICT systems. The Information Security
Registered Assessors Program (IRAP) is a
defensive step towards maximising the security
of Australian Government information, including
the ICT infrastructure storing, processing and
communicating this information.
ASD state that ‘IRAP provides the framework
by which individuals are endorsed from across the
private and public sectors to provide information
security assessment services for use by, but not
limited to, the Australian Government. Endorsed
IRAP Assessors are engaged to provide an
independent assessment of ICT security, suggest
mitigations and highlight associated residual risk.’
Australia’s defence industry, that necessarily
works with government information, including two
way traffic associated with capability projects and
subsequent support, are among the organisations
most likely to benefit by having their own IT staff
endorsed through IRAP or employing such qualified
people as contractors.
ACSC is Australia’s national cyber coordinating
body. Initially it was located within the ASIO
Ben Chifley offices in Canberra, but because of
the stringent positive vetting required to get the
necessary security clearance for ICT academics,
professionals and government IT, the time taken
created problems in getting the best people to work
on cyber problems.
Currently there are plans to move ACSC to
Defence-leased buildings in the Brindabella
Business Park. After adaptation of the building
to allow dedicated office space for multiple levels
of security clearance, but also including space
for public meetings. There will be office space
provided for an ultimate total ACSC workforce of
around 650 people.
In a separate but associated cyber security
development, the Government has started funding
a Cyber Security Growth Centre (CSGC) and
geographic nodes which will develop and support
Australia’s academics, IT professionals and small-to-
medium enterprises to ensure a world leading cyber
security industry. Minister Tehan has said the Centre
will open early 2017 and should lead to the export
of products and ser vices in a market reckoned to be
worth $200 billion world-wide by 2020.
The ACSC premises move and the launch of
CSGC) are very important steps in ensuring Australia
can capitalise on securing its own information
security, and gaining economies of scale that can
be reached in the export market.
NEXT GENERATION TECHNOLOGIES
On 16 March the $730 million Next Generation
Technologies Fund, a new investment in Australian
defence capability and innovation, was launched by
Minister for Defence Industry, the Hon Christopher
Pyne MP, who said:
“As our enemies devise new ways to attack,
our Defence Force must have advanced ways to
respond and overcome new threats.”
This fund is designed to provide the creative
solutions Defence needs and at the same time
benefit Australian industry.
“This is a ten year strategic research and
development program that will deliver game-
changing capabilities for the Australian Defence
Force (ADF) of the future,” Minister Pyne said.
“This fund will draw on the collective scientific
expertise of our nation across both industry and
university sectors, to give the ADF a winning edge
with advanced technologies.”
Minister Pyne said the Government would invest
$16.8 million to kick off the program by June 2017.
Defence’s Science and Technology Group will
lead the forward-looking research program focused
on nine transformational technology areas, led by
cyber security, highlighted in the 2016 Defence
ASD has been a long-term centre of excellence
for all matters related to cyber security including
protection of classified information. They will
continue to play this leading role.
Often in the past most of government’s efforts in
cyber security seemed to follow ASD’s motto “Reveal
Their Secrets - Protect Our Own.” Fortunately that
is changing rapidly as it has been realised that there
is considerable knowledge and skill available in
academia and private industry which has not been
The ACSC move to Brindabella, and creation
of the Cyber Security Growth Centre are
excellent moves in the right direction, as is the
creation of the Next Generation Technologies
Fund. The challenge is now for academics and
IT professionals to embrace the opportunities
now being created to make a real difference in
Australia and, through exports to other country
partners, to our economy.
The mandatory requirement to notify data
breaches will give the Privacy Commissioner and
other permitted partners an idea of the scale and
trends of cyber-attacks perpetrated in Australia.
Defence and its industrial base are not immune
from sophisticated attacks by state-sponsored
teams or criminals, but as long as both employees
and military personnel follow the guidance of ASD
and observe the security practices promulgated, the
risks of cyber-attack will be minimised.
One of the frustrations for those charged with ensuring Australia’s
cyber security is the number of breaches reported is always less
than the number that actually occur.
6/04/2017 4:15 PM
Links Archive APDR March 2017 APDR May 2017 Navigation Previous Page Next Page