The Australian Government defines cyber security as:
'Measures relating to the confidentially, availability and integrity of information that is processed, stored and communicated by electronic or similar means.'
Cyber security is one of Australia's national security priorities under the Prime Minister's 2008 National Security Statement. Australia's national security, economic prosperity and social wellbeing rely on the availability, integrity and confidentiality of a range of information and communications technology. This includes desktop computers, the internet, telecommunications, mobile communications devices and other computer systems and networks.
The risk to the Australian economy from computer intrusion and the spread of malicious code by organised crime has been assessed as high. An increase in the scale, sophistication and perpetration of cyber crime has made it increasingly difficult to identify and defeat.
The growing array of state and non-state actors who are compromising, stealing, changing or destroying information, potentially causing critical disruptions to Australian systems, the distinction between traditional threat actors – hackers, terrorists, organised criminal networks, industrial spies and foreign intelligence services – is increasingly blurred.
The Australian Government's approach to cyber security is contained within its Cyber Security Strategy. The aim of the strategy is to promote a secure, resilient and trusted electronic operating environment that supports Australia's national security and maximises the benefits of the digital economy.
There are a range of agencies that make a significant contribution to the implementation of the Australian Government Cyber Security Strategy, including:
- the Department of Prime Minister and Cabinet that provides whole-of-government coordination on cyber security policy under the Cyber Security Strategy. This responsibility for cyber security policy coordination was transferred from the Attorney-General's Department under the Administrative Arrangements Order of 14 December 2011.
- The Attorney-General's Department supports the Australian Government's cyber security policy and has lead agency functions in:
- adapting law and law enforcement in the digital economy to combat criminal activity in the online environment. This includes the implementation of an Australian Cybercrime Online Reporting Network and the Cybercrime Strategic Framework, as well as accession to the Council of Europe Convention on Cybercrime.
- improving identity security in the online environment and supporting the growing number of services which make use of new and emerging information and communication technologies. This includes the Document Verification Service and a biometric interoperability framework.
- assisting businesses to manage cyber threats through CERT Australia, and for ensuring the protection of Australia's critical national infrastructure from cyber threats. This involves administration of existing policy measures on critical infrastructure resilience from cyber threats.
- disseminating protective security policy for Australian Government agencies.
For more information about the government's cyber security capabilities visit the CERT Australia website.
For more information about the Cyber Security Operations Centre visit the Defence Signals Directorate website.
Australian Government's Cyber Security Strategy
The strategy was launched on 23 November 2009, as an outcome of the E-security Review 2008. The strategy articulates the aims and objectives of the Australian Government's cyber security policy.
The objectives of the Australian Government's cyber security policy are that:
- all Australians are aware of cyber risks, secure their computers and take steps to protect their identities, privacy and finances online
- Australian businesses operate secure and resilient information and communications technologies to protect the integrity of their own operations and the identity and privacy of their customers
- the Australian Government ensures its information and communications technologies are secure and resilient.
The policy is based on the following principles, outlined in the 2008 National Security Statement:
- National leadership: The scale and complexity of the cyber security challenge requires strong national leadership.
- Shared responsibilities: All users, in enjoying the benefits of information and communications technologies, should take reasonable steps to secure their own systems, exercise care in the communication and storage of sensitive information and have an obligation to respect the information and systems of other users.
- Partnerships: In light of these shared responsibilities, a partnership approach to cyber security across all Australian governments, the private sector and the broader Australian community is essential.
- Active international engagement: Given the transnational nature of the internet, in which effective cyber security requires coordinated global action, Australia must adopt an active, multi-layered approach to international engagement on cyber security.
- Risk management: In a globalised world where all internet-connected systems are potentially vulnerable and where cyber attacks are difficult to detect, there is no such thing as absolute cyber security. Australia must therefore apply a risk-based approach to assessing, prioritising and resourcing cyber security activities.
- Protecting Australian values: Australia must pursue cyber security policies that enhance individual and collective security while preserving Australians' right to privacy and other fundamental values and freedoms. Maintaining this balance is a continuing challenge for all modern democracies seeking to meet the complex cyber security challenges of the future.
What the Australian Government is doing for cyber security
The Australian Government applies the following strategic priorities to its programs:
- improve the detection, analysis, mitigation and response to sophisticated cyber threats, with a focus on government, critical infrastructure and other systems of national interest
- educate and empower all Australians with the information, confidence and practical tools to protect themselves online
- partner with business to promote security and resilience in infrastructure, networks, products and services
- model best practice in the protection of government information and communications technologies systems, including the systems of those transacting with government online
- promote a secure, resilient and trusted global electronic operating environment that supports Australia's national interests
- maintain an effective legal framework and enforcement capabilities to target and prosecute cyber crime
- promote the development of a skilled cyber security workforce with access to research and development to develop innovative solutions.