Australia’s cyber security strategy 2019

The Australian Government recently released it 2019 progress report, outlining Australia’s achievement in line with the objectives of the inaugural International Cyber Engagement Strategy.

We look at Australia’s key goals, strategies and achievements outlined in the report, in the areas of cyber security, cybercrime, and the international security of cyberspace.

 

Cyber Security

Australia’s primary goal in the area of cyber security as outlined in the report is:

a strong and resilient cyber security posture for Australia, the Indo-Pacific and the global community”.

To achieve this goal, Australia implements the following strategies and corresponding actions:

 

Strategy 1: Maintain strong cyber security relationships with international partners

 

Action 1: Strengthen and expand Australia’s international cyber security information sharing partners and trusted networks

Key achievements:

  • Strengthening of Australian Cyber Security Centre (ACSC) global information sharing network
  • Providing technical assistance and cyber security workshops to Fiji, Samoa and Indonesia

 

Action 2: Strengthen and expand Australia’s network of computer emergency response team (CERT) relationships, especially in the Indo-Pacific

Key achievements:

  • Through the Cyber Cooperation Program, DFAT supported countries such as Tonga, Vanuatu and Myanmar to strengthen their cyber security capacity through technical capability development of CERTs and the delivery of educational campaigns

 

Action 3: Be a prominent contributor to the APCERT community

Key achievements:

  • In October 2018, the ACSC was re-elected Chair of the Asia Pacific Computer Emergency Response Team (APCERT) Steering Committee, leading the regional effort to create a safe and reliable cyberspace in the Asia Pacific region

 

Strategy 2: Encourage innovative cyber security solutions and deliver leading cyber security advice

 

Action 1: Promote cyber security as a fundamental input in the design and delivery of ICT products, systems and services

Key achievements:

  • ACSC educational engagements with industry partners and ICT security vendors in Australia and internationally
  • Participation in the 2017 Global Conference on Cyberspace held in New Delhi, where Austrade and DFAT jointly delivered the Significance of Cyber Security in a Disruptive Digital Era event

 

Action 2: Support the development of international standards that improve cyber security and encourage harmonisation of standards for digital products

Key achievements:

  • Assisting Indo-Pacific countries to bring their Internet standards in line with International Organization for Standardization (ISO) 27000 Information Management System standards.
  • Assisting in the development of ISO standards to evaluate and certify security of ICT products and systems in Australia and New Zealand

 

Action 3: Publish translations of key cyber security information in the official languages of ASEAN members

Key achievements:

  • Translation of the Australian Signals Directorate’s Essential Eight strategies and companion documents assisted cyber security professionals and organisations to mitigate cyber security incidents and protect their systems

 

Strategy 3: Develop regional cyber security capability

 

Action 1: Work with regional partners in the Pacific to establish the Pacific Cyber Security Operational Network (PaCSON)

Key achievements:

  • PaCSON enables cooperation and collaboration between Pacific technical experts, and empowers them to share cyber security threat information, tools, techniques and ideas

 

Strategy 4: Promote Australias cyber security industry

 

Action 1: Showcase Australias cyber security capabilities to international customers and investors

Key achievements:

·        Delivery of an annual Australian Cyber Week

 

Action 2: Promote and encourage cyber security start-ups

Key achievements:

  • Supported Australian cyber security companies to participate in a U.S. program helping start-ups

 

Action 3: Partner with the private sector

Key achievements:

  • At Australian Cyber Week in 2018, Austrade and AustCyber delivered a workshop with representatives from the Australian cyber security industry, providing an opportunity for the Australian Government to engage directly with industry to discuss ways to best promote their products and expertise internationally

 

Cybercrime

Australia’s primary goal in the area of cybercrime as outlined in the report is:

Stronger cybercrime prevention, prosecution and cooperation, with a particular focus on the Indo-Pacific”.

To achieve this goal, Australia implements the following strategies and corresponding actions:

 

Strategy 1: Raise cybercrime awareness in the Indo-Pacific

 

Action 1: Deliver cybercrime awareness training across the Indo-Pacific

Key achievements:

  • Programs such as Cyber Safety Pasifika have provided cybercrime awareness training to police officers from 18 Pacific countries. Cybercrime fact sheets have also been translated and printed in regional languages.

 

Strategy 2: Assist Indo-Pacific countries to strengthen their cybercrime legislation

Key actions and achievements:

  • Promotion of the Budapest Convention as a best practice model for legislative responses to cybercrime and supporting accession to the Convention across the Indo-Pacific
  • Being active in the negotiation of an Additional Protocol to the Budapest Convention on trans-border access to information
  • Working with the Pacific Islands Law Officers’ Network to help strengthen cybercrime legislation in the region

 

Strategy 3: Deliver cybercrime law enforcement and prosecution capacity building in the Indo-Pacific

 

Action 1: Provide cybercrime training to law enforcement officers, prosecutors and judges across the Indo-Pacific

Key achievements:

  • The 2018 International Cybercrime Investigations Workshops saw the AFP, together with Indonesian, Canadian and New Zealand Police, train police officers from 11 countries on a range of policing issues and skills development including on cryptocurrencies, online covert engagement, and digital forensics.

 

Strategy 4: Enhance diplomatic dialogue and international information sharing on cybercrime

 

Action 1: Seek further opportunities to participate in strategic-level engagement on combatting transnational cybercrime

Key achievements:

  • At the Intergovernmental Expert Group (IEG) on cybercrime in Vienna, which fosters collaboration on cybercrime issues at the global level, Australia encouraged the adoption of the Budapest Convention

 

Action 2: Share cybercrime threat information and enhance operational collaboration with international partners to fight transnational crime

Key achievements:

  • Joint Cybercrime operations have resulted in a number of successful prosecutions both in Australia and internationally

 

International Security (Cyberspace)

Australia’s primary goal in the area of international and national security (in the context of cyberspace) is:

A stable and peaceful online environment”.

To achieve this goal, Australia implements the following strategies and corresponding actions:

 

Strategy 1: Set clear expectations for state behaviour in cyberspace

Key actions and achievements:

  • Periodically publishing Australia’s position on the application of relevant international law to state conduct in cyberspace
  • Facilitating advanced policy development and promoting informed public discussion on acceptable state behaviour in cyberspace through engagement with academics and experts in this field
  • Seeking high-level reaffirmations from states that they will act in accordance with international law and identified norms of responsible state behaviour in cyberspace. Examples include Joint statements and Memoranda of Understanding.
  • Partnering with countries in the Indo-Pacific to advance our combined understanding of how international law and norms of responsible state behaviour apply in cyberspace through bilateral engagement and regional and multilateral forums

 

Strategy 2: Implement practical confidence building measures to prevent conflict

Key actions and achievements:

  • Developing a framework to exchange policy and diplomatic contacts, including bilaterally, to facilitate communication in times of crisis or tension arising from significant cyber incidents that have the potential to threaten international peace, security and stability
  • Working with regional organisations to conduct risk reduction workshops to enhance our capacity to manage and respond to cyber incidents that threaten international peace, security and stability, including exercising national and regional responses to severe cyber incidents
  • Holding cyber policy dialogues to discuss and work with partners to achieve priority goals on international cyber issues, including international law, norms of responsible state behaviour and confidence building measures
  • Fostering recognition through diplomatic outreach and defence engagement that military offensive cyber capabilities are subject to the same limitations and obligations as any other military capability

 

Strategy 3: Deter and respond to unacceptable behaviour in cyberspace

Key actions and achievements:

  • Reviewing Australia’s range of options to deter and respond to unacceptable behaviours in cyberspace, particularly those involving state actors
  • In December 2017, Australia joined with five countries to attribute the “WannaCry” ransomware campaign to North Korea

Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime cases.

Contact us if you require assistance.