Former ASIO boss warns that Australia’s cyber defence is weak and uncoordinated…hardly a revelation with weak privacy and data security laws and even weaker regulation of those laws

January 19, 2018 |

It is enough to make a cat smile how the obvious poor state of cyber defence across the board is breathlessly reported as a revelation, again and again.  And how nothing really changes even though the problem grows worse each year.

The ABC reports in Australia’s cyber defences ‘relatively weak, uncoordinated’, former ASIO boss David Irvine warns in a submission through the Australian Cyber Security Research Institute that that Australia’s ability to counter cyber threats and criminal activity is relevantly week and uncoordinated.  That is not surprising, coming from a former public servant of long standing, the proposal is single Commonwealth led Co operative Agency.  The proposed entity will be either a separate body or associated with one or more of the Australian Cyber Security Centre, the Australian Federal Police, the Australian Criminal Intelligence Commission and Australian Signals Directorate.  As if Australia doesn’t have enough acronyms treading over the same ground.  Given public service and law enforcement bodies guard their patch it will probably be just another agency dotting this wide brown land.

It is an incomplete and flawed proposal.  It is very top down for starters.  While having expertise from a co ordinating agency is valuable this proposal ignores a basic problem, poor compliance at the organisational and agency level.  It is fine to have a complex of experts monitoring and trying to counter threats at a perimeter, so to speak, but that effort is undermined if the potential targets are easily attacked.  Which is the reality.  What is the point of mounting some form of high tech operation when many businesses have poor privacy practices, inadequate data security and generally no idea of what to do in the event of a cyber attack?  That lamentable state of affairs has been partly due to a failure to proper regulate what inadequate legislation is in place.  There has been a lack of incentive by organisations and agencies to spend what is required to maintain adequate data security.  There are very few hard and practical consequences of breaching the Privacy Act, which would include failing to maintain proper data security, based on experience to date.

The article provides:

A former spy boss has warned the country’s ability to counter cyber threats and criminal activity is “relatively weak and uncoordinated”, with current efforts scattered across the states and Commonwealth.

David Irvine, who ran ASIO until 2014 and was also the head of the overseas intelligence agency ASIS, has made the comments in a submission to a parliamentary inquiry examining the “impact of new and emerging information and communications technology”.

The submission, written on behalf of the Cyber Security Research Centre (CSRC), calls for the creation of a “single Commonwealth-led cooperative agency” charged with countering cybercrime in Australia.

“Australia’s national capacity to counter threats and criminal activity using cyber investigative tools is relatively weak, uncoordinated, and dispersed across a range of agencies in both Commonwealth and state jurisdictions,” the CSRC chairman argues.

“Countering cybercrime in Australia will be most effective when investigative support mechanisms are concentrated and coordinated on a national basis, utilising skills and technical capabilities developed in the national security area to strengthen law enforcement activity, and vice versa”.

In its submission to the Parliamentary Joint Committee on Law Enforcement, the CSRC suggests a new agency would provide “expert technical cyber investigative services in support of legal law enforcement and national security investigations carried out by Commonwealth and state agencies”.

The CSRC stresses its proposed new agency would “support, rather that supplant or duplicate the proper functioning of those agencies” but does not specify where the organisation should sit.

“Such an agency might fall within the ambit of the Department of Home Affairs, either as a separate entity or associated with the Australian Cyber Security Centre or the Australian Federal Police and Australian Criminal Intelligence Commission, and with a close working relationship with the skills-intensive Australian Signals Directorate.”

In a statement the new Minister Assisting the Prime Minister for Cyber Security, Angus Taylor, says the Federal Government considers cyber security and cyber crime to be among “the fastest growing threats to corporations, citizens and governments globally”.

“The rapid pace of technological change means that we need to be prepared to adapt the approaches, tools and techniques that we use in law enforcement and national security,” he said.

“The Government’s Cyber Security Strategy and the recent creation of the Home Affairs portfolio, are delivering the most significant reforms to the Australian national security community in over 40 years.”

The Minister argues these changes “will improve the 24/7 capability of the multi-agency Australian Cyber Security Centre to meet the needs of the community, business and government”.

Key points:

  • Former spy boss David Irvine has called for a “single Commonwealth-led cooperative agency” to counter cybercrime
  • The CSRC chairman says a new agency would provide support to both Commonwealth and state agencies rather than “duplicate” their operations
  • Minister Angus Taylor says cybersecurity and cybercrime are among the “fastest growing threats” globally

Leave a Reply