The Australian Government recently released it 2019 progress report, outlining Australia’s achievement in line with the objectives of the inaugural International Cyber Engagement Strategy.
We look at Australia’s key goals, strategies and achievements outlined in the report, in the areas of cyber security, cybercrime, and the international security of cyberspace.
Cyber Security
Australia’s primary goal in the area of cyber security as outlined in the report is:
“a strong and resilient cyber security posture for Australia, the Indo-Pacific and the global community”.
To achieve this goal, Australia implements the following strategies and corresponding actions:
Strategy 1: Maintain strong cyber security relationships with international partners
Action 1: Strengthen and expand Australia’s international cyber security information sharing partners and trusted networks
Key achievements:
- Strengthening of Australian Cyber Security Centre (ACSC) global information sharing network
- Providing technical assistance and cyber security workshops to Fiji, Samoa and Indonesia
Action 2: Strengthen and expand Australia’s network of computer emergency response team (CERT) relationships, especially in the Indo-Pacific
Key achievements:
- Through the Cyber Cooperation Program, DFAT supported countries such as Tonga, Vanuatu and Myanmar to strengthen their cyber security capacity through technical capability development of CERTs and the delivery of educational campaigns
Action 3: Be a prominent contributor to the APCERT community
Key achievements:
- In October 2018, the ACSC was re-elected Chair of the Asia Pacific Computer Emergency Response Team (APCERT) Steering Committee, leading the regional effort to create a safe and reliable cyberspace in the Asia Pacific region
Strategy 2: Encourage innovative cyber security solutions and deliver leading cyber security advice
Action 1: Promote cyber security as a fundamental input in the design and delivery of ICT products, systems and services
Key achievements:
- ACSC educational engagements with industry partners and ICT security vendors in Australia and internationally
- Participation in the 2017 Global Conference on Cyberspace held in New Delhi, where Austrade and DFAT jointly delivered the Significance of Cyber Security in a Disruptive Digital Era event
Action 2: Support the development of international standards that improve cyber security and encourage harmonisation of standards for digital products
Key achievements:
- Assisting Indo-Pacific countries to bring their Internet standards in line with International Organization for Standardization (ISO) 27000 Information Management System standards.
- Assisting in the development of ISO standards to evaluate and certify security of ICT products and systems in Australia and New Zealand
Action 3: Publish translations of key cyber security information in the official languages of ASEAN members
Key achievements:
- Translation of the Australian Signals Directorate’s Essential Eight strategies and companion documents assisted cyber security professionals and organisations to mitigate cyber security incidents and protect their systems
Strategy 3: Develop regional cyber security capability
Action 1: Work with regional partners in the Pacific to establish the Pacific Cyber Security Operational Network (PaCSON)
Key achievements:
- PaCSON enables cooperation and collaboration between Pacific technical experts, and empowers them to share cyber security threat information, tools, techniques and ideas
Strategy 4: Promote Australia’s cyber security industry
Action 1: Showcase Australia’s cyber security capabilities to international customers and investors
Key achievements:
· Delivery of an annual Australian Cyber Week
Action 2: Promote and encourage cyber security start-ups
Key achievements:
- Supported Australian cyber security companies to participate in a U.S. program helping start-ups
Action 3: Partner with the private sector
Key achievements:
- At Australian Cyber Week in 2018, Austrade and AustCyber delivered a workshop with representatives from the Australian cyber security industry, providing an opportunity for the Australian Government to engage directly with industry to discuss ways to best promote their products and expertise internationally
Cybercrime
Australia’s primary goal in the area of cybercrime as outlined in the report is:
“Stronger cybercrime prevention, prosecution and cooperation, with a particular focus on the Indo-Pacific”.
To achieve this goal, Australia implements the following strategies and corresponding actions:
Strategy 1: Raise cybercrime awareness in the Indo-Pacific
Action 1: Deliver cybercrime awareness training across the Indo-Pacific
Key achievements:
- Programs such as Cyber Safety Pasifika have provided cybercrime awareness training to police officers from 18 Pacific countries. Cybercrime fact sheets have also been translated and printed in regional languages.
Strategy 2: Assist Indo-Pacific countries to strengthen their cybercrime legislation
Key actions and achievements:
- Promotion of the Budapest Convention as a best practice model for legislative responses to cybercrime and supporting accession to the Convention across the Indo-Pacific
- Being active in the negotiation of an Additional Protocol to the Budapest Convention on trans-border access to information
- Working with the Pacific Islands Law Officers’ Network to help strengthen cybercrime legislation in the region
Strategy 3: Deliver cybercrime law enforcement and prosecution capacity building in the Indo-Pacific
Action 1: Provide cybercrime training to law enforcement officers, prosecutors and judges across the Indo-Pacific
Key achievements:
- The 2018 International Cybercrime Investigations Workshops saw the AFP, together with Indonesian, Canadian and New Zealand Police, train police officers from 11 countries on a range of policing issues and skills development including on cryptocurrencies, online covert engagement, and digital forensics.
Strategy 4: Enhance diplomatic dialogue and international information sharing on cybercrime
Action 1: Seek further opportunities to participate in strategic-level engagement on combatting transnational cybercrime
Key achievements:
- At the Intergovernmental Expert Group (IEG) on cybercrime in Vienna, which fosters collaboration on cybercrime issues at the global level, Australia encouraged the adoption of the Budapest Convention
Action 2: Share cybercrime threat information and enhance operational collaboration with international partners to fight transnational crime
Key achievements:
- Joint Cybercrime operations have resulted in a number of successful prosecutions both in Australia and internationally
International Security (Cyberspace)
Australia’s primary goal in the area of international and national security (in the context of cyberspace) is:
“A stable and peaceful online environment”.
To achieve this goal, Australia implements the following strategies and corresponding actions:
Strategy 1: Set clear expectations for state behaviour in cyberspace
Key actions and achievements:
- Periodically publishing Australia’s position on the application of relevant international law to state conduct in cyberspace
- Facilitating advanced policy development and promoting informed public discussion on acceptable state behaviour in cyberspace through engagement with academics and experts in this field
- Seeking high-level reaffirmations from states that they will act in accordance with international law and identified norms of responsible state behaviour in cyberspace. Examples include Joint statements and Memoranda of Understanding.
- Partnering with countries in the Indo-Pacific to advance our combined understanding of how international law and norms of responsible state behaviour apply in cyberspace through bilateral engagement and regional and multilateral forums
Strategy 2: Implement practical confidence building measures to prevent conflict
Key actions and achievements:
- Developing a framework to exchange policy and diplomatic contacts, including bilaterally, to facilitate communication in times of crisis or tension arising from significant cyber incidents that have the potential to threaten international peace, security and stability
- Working with regional organisations to conduct risk reduction workshops to enhance our capacity to manage and respond to cyber incidents that threaten international peace, security and stability, including exercising national and regional responses to severe cyber incidents
- Holding cyber policy dialogues to discuss and work with partners to achieve priority goals on international cyber issues, including international law, norms of responsible state behaviour and confidence building measures
- Fostering recognition through diplomatic outreach and defence engagement that military offensive cyber capabilities are subject to the same limitations and obligations as any other military capability
Strategy 3: Deter and respond to unacceptable behaviour in cyberspace
Key actions and achievements:
- Reviewing Australia’s range of options to deter and respond to unacceptable behaviours in cyberspace, particularly those involving state actors
- In December 2017, Australia joined with five countries to attribute the “WannaCry” ransomware campaign to North Korea
