Cyber security framework Australia

Due to the varying nature of offences which can be committed in cyberspace, the Australian framework spans over state and federal legislation and is not limited to one particular legal provision. For example, similar offences can be found in NSW and Commonwealth provisions.

This article explores cyber security laws in Australia and which agencies are responsible for investigating cybercrime.


Who investigates cybercrime in Australia?


The Australian Federal Police

The Federal Police are responsible for investigating and responding to cybercrime of national significance. These are referred to as high tech crime and classified into the following:

– Computer Intrusions: unauthorised access of a computer or network of computers.
– Unauthorised modification of data, including destruction of data.
– Creation and distribution of malicious software (viruses, worms, trojans).
Distributed denial of service (DDOS) attacks using botnets: the deliberate disruption or impairment of a service or communication using malicious software.

They also are responsible for child protection and investigate crimes associated with online child sex exploitation and travelling child sex offenders.


State and Territory Police

The NSW Police have jurisdiction to investigate and prosecute offences that occur on the cyber sphere. Police are able to investigate a range of matters, from child sexual exploitation to cyber bullying. Within the field of cyber security, they focus on online fraud which includes internet banking, mobile banking, phishing, mule recruitment, shopping and auction site fraud, scams, spam and identity theft. The AFP will have jurisdiction where online fraud affects a government department.



The Australian Criminal Intelligence Commission (ACIC) discovers, understands and prioritises cybercrime threat intelligence to enhance response options.


Australian Security Intelligence Organisation

ASIO has strategic intelligence analysts that investigate cyber and telecommunication threats that affect national security.


Who prosecutes cybercrimes?

The Office of the Commonwealth Director of Public Prosecutions commonly prosecute offences within sections 478.1(1), 477.3(1) and 474.17 of the Criminal Code Act 1995 (Cth). They relate to unauthorised access to data, impairment of electronic communication and using carriage service to harass or cause offence. Offences that fall within a state or territory are prosecuted by the corresponding state Director of Public Prosecutions.


In which legislation can cyber security laws and cybercrime offences in Australia be found?

Crimes Act 1900 (NSW) s66EB: Procuring or grooming child under 16 for unlawful sexual activity

s91H: Production, dissemination or possession of child abuse material
s91K: Filming a person engaged in private act
s91L: Filming a person’s private parts
s91M: Installing device to facilitate observation or filming

s192E: Fraud (including online fraud)
s192J: Dealing with identification information
s192K: Possession of identification information

s308C: Unauthorised access, modification or impairment with intent to commit serious indictable offence
s308D: Unauthorised modification of data with intent to cause impairment
s308E: Unauthorised impairment of electronic communication
s308F: Possession of data with intent to commit serious computer offence
s308G: Producing, supplying or obtaining data with intent to commit serious computer offence
s308H: Unauthorised access to or modification of restricted data held in computer (summary offence)
s308I: Unauthorised impairment of data held in computer disk, credit card or other device (summary offence)

Surveillance Devices Act 2007 (NSW) s7: Prohibition on installation, use and maintenance of listening devices
Crimes (Domestic and Personal Violence) Act 2007 (NSW s13: Stalking or intimidation with intent to cause fear of physical or mental harm (Bullying)
Criminal Code Act 1995 (Cth)

Amended in 2001 by the Cybercrime Act 2001

134.1: Obtaining property by deception

372.1: Dealing in identification information

372.1A: Dealing in identification information that involves use of a carriage service

372.2: Possession of identification information

474.14: Using a telecommunications network with intention to commit a serious offence

474.15: Using a carriage service to make a threat

474.16: Using a carriage service for a hoax threat

474.17: Using a carriage service to menace, harass or cause offence

474.19: Using a carriage service for child pornography material

474.20: Possessing, controlling, producing, supplying or obtaining child pornography material for use through a carriage service

477.1: Unauthorised access, modification or impairment with intent to commit a serious offence

477.2: Unauthorised modification of data to cause impairment

477.3: Unauthorised impairment of electronic communication

478.1: Unauthorised access to, or modification of, restricted data

478.2: Unauthorised impairment of data held on a computer disk etc.

478.3: Possession or control of data with intent to commit a computer offence

478.4: Producing, supplying or obtaining data with intent to commit a computer offence


Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.

Contact us if you require assistance.