National Security Overview - Australia



Similar documents
Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

Commonwealth Organised Crime Strategic Framework: Overview

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate

Cyber Security Strategy

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

The UK cyber security strategy: Landscape review. Cross-government

Middle Class Economics: Cybersecurity Updated August 7, 2015

Business Plan 2012/13

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

S. ll IN THE SENATE OF THE UNITED STATES

Australian Government Cyber Security Review

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Good morning. It s a pleasure to be here this morning, talking with the NZISF. Thank you for this opportunity.

Cyber Security Strategy

How To Get A Security Degree In Australia

Of Citadels And Sentinels: State. Tim Legrand and Jeff Malone

Cyber Diplomacy A New Component of Foreign Policy 6

Home Security: Russia s Challenges

National Cyber Security Strategies: United States

Safeguarding your organisation against terrorism financing. A guidance for non-profit organisations

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Technology Strategy April 2014

Honourable members of the National Parliaments of the EU member states and candidate countries,

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Viewpoint: Implementing Japan s New Cyber Security Strategy*

Action Plan for Canada s Cyber Security Strategy

Standing Council on Police and Emergency Management

The Comprehensive National Cybersecurity Initiative

THE STRATEGIC POLICING REQUIREMENT. July 2012

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Records Authority. Australian Security Intelligence Organisation

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

2 Gabi Siboni, 1 Senior Research Fellow and Director,

CYBER SECURITY THREATS AND RESPONSES

The European Response to the rising Cyber Threat

BIG DATA AND CYBERSECURITY:

Financial Crimes Enforcement Network

1 FOCUS Foresight Security Scenarios

FAQs Organised Crime and Anti-corruption Legislation Bill

AT A HEARING ENTITLED THREATS TO THE HOMELAND

WRITTEN TESTIMONY OF

On the European experience in critical infrastructure protection

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

Cybersecurity and the Romanian business environment in the regional and European context

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

CRIME PROFILE SERIES ORGANISED CRIME IN PROFESSIONAL SPORT

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

Security Council. United Nations S/2008/434

Fighting Terrorism at its Source

RUSSIA CHINA NEXUS IN CYBER SPACE

National Cyber Security Strategy

CYBER SECURITY STRATEGY AN OVERVIEW

Cyber crime: Police Roles and Responsibilities Within a Collaborative Framework

2015docs\INSLM02. 1 See Intelligence Services Act 1994, s 5(1): No entry on or interference with property or with wireless telegraphy

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Inquiry into the ability of Australian law enforcement authorities to eliminate gun-related violence in the community

CORRUPTION. A Reference Guide and Information Note. to support the fight against Corruption. Safeguarding public sector integrity

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT

An Overview of Cybersecurity and Cybercrime in Taiwan

An Overview of Large US Military Cybersecurity Organizations

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

Cyber Attacks: Securing Agencies ICT Systems

Cyber Security Strategy for Germany

HMG Security Policy Framework

In an age where so many businesses and systems are reliant on computer systems,

Understanding the significance of the Asian Century. Andrea Haefner and Professor Andrew O Neill Griffith Asia Institute, Griffith University

Priority III: A National Cyberspace Security Awareness and Training Program

RUAG Cyber Security. More security for your data

Council of the European Union Brussels, 26 January 2016 (OR. en) Delegations Draft Council conclusions on migrant smuggling

Cybercrime Bedrohung, Intervention, Abwehr. Cybersecurity strategic-political aspects of this global challenge

Cybersecurity on a Global Scale

Cyber Security Strategy

Seoul Communiqué 2012 Seoul Nuclear Security Summit

W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation

Transcription:

Submission to the National Commission of Audit from the Australian Strategic Policy Institute (ASPI) regarding National Security Overview This submission addresses the National Commission of Audit s terms of reference in the area of national security with particular reference to policing and cyber security. Australian society s conception of security changed as it became richer and more technologically advanced over the last two decades or so. Today, security is no longer exclusively about existential threats like nuclear or major war, although these threats remain. A broader range of concerns now occupy our thinking, ranging from those posed by terrorism, crime and threats generated via the internet. This broadening of the concept of security introduces three new dynamics into Australia s political debates. These dynamics will continue to influence the priorities and resources of all Australian governments, and make closer cooperation necessary among them and with our international partners. The first dynamic concerns the broadening of the security agenda. During the Cold War, Australia policymakers grappled with the existential threat of nuclear war, and a very significant concern about how decolonisation in Asia might work against western interests. But this situation changed as the international community recognised China, Southeast Asian states became more internally coherent, and, ultimately, Soviet-US tensions reduced after 1990. These same changes also allowed different non-state and state actors to pursue their own interests with fewer constraints, leading to a number of internal wars and another round of international atomisation. As a consequence, Australia launched or participated in a number of overseas operations designed to meet political, economic and humanitarian objectives, and used a broad mix of national capabilities on these operations including diplomats, police, aid workers and the Australian Defence Force (ADF). The second major dynamic is the broader range of vulnerabilities inherent within today s society. Wealth, connectivity and convenience have increased the potential for disruptions to everyday life, and also the electorate s expectations of its government. Increasingly, the vulnerabilities of infrastructure critical for our highly-networked financial, energy, water and food systems are even harder to manage on a daily basis by their predominantly commercial operators. That these vulnerabilities can also be exploited by maleficent actors for political or economic gain, or by increasingly common and severe natural events, makes government s role essential. But demarcating the government s responsibility is difficult and far from objective as public expectations increase. The third major dynamic is the way security concerns can touch people, everyday. While the Australian people still remain affected by war and could be so again these relatively rare events have only required a little sacrifice from most. But today, and increasingly into the future, security threats such as organised crime, cyber-crime and the impact of border security challenges can and will present in Australian neighbourhoods and homes. Further, values, diasporas, increasing connectivity and the power of traditional and new media make 1

global problems more immediate. This dynamic makes security a mainstream concern and a regular not exceptional part of Australian political life. In short, people are looking to government to protect their way of life, and sometimes to advance their ideals, to a more individual and more immediate level. But our understanding of these dynamics, and importantly how Australian governments will work together to meet these challenges, is both not particularly well understood and only slowly evolving. What are Australia s key national security priorities? The first is to get a better understanding of how these dynamics affect Australia s interests. This means understanding change across the globe, across the region and within Australia itself. It requires detailed consideration of how information flows, technology, resources and money actually move. It also requires an ability to make a cold-eyed calculation about where change really affects Australia s security and an ability to explain why the latest problem should not consume our resources. At present, Australia s ability to perform this critical analysis is mature and generally very effective, although there is a bias towards understanding the interaction and intentions of nation-states over other important actors, especially sub-state groups who are not directly involved in conflict. Creating a twenty-first century response to these challenges is also important. Our constitution has proven relatively robust so far, in that it allows the Commonwealth government to act against most challenges. However, our national system of governance is proving less efficient and somewhat of a constraint when it comes to action. The crosscutting nature of contemporary security challenges means state and federal cooperation on security issues is even more important than ever. But the mechanisms for cooperation have grown in an ad-hoc, issue-by-issue way. This means we have a plethora of overlapping committees at the ministerial and officials levels, especially in the policy development space. It also means the Commonwealth must provide funds if the nation as a whole is to build security capabilities to manage these threats: it has done so in an inconsistent way to date. The need to develop consistent, nation-wide security capabilities can be seen in a number of key areas and Commonwealth leadership is essential. Today, we have a situation where criminals are able to exploit gaps in legislation among jurisdictions. Also, the ability of state and Commonwealth law enforcement and other relevant agencies to exchange information seamlessly is limited by technical, legislative and cultural barriers. While the state governments may show goodwill to change, they will be unlikely to take effective action without Commonwealth leadership. We ll return to this point later. The need for leadership is also clear in areas where the Commonwealth clearly has sole responsibility, such as in the cyber domain, coordination has been patchy at best. New thinking which builds national awareness, ensures capability is present to meet threats when and where needed, links the substantial criminal information holdings of Australian governments, and sensibly joins related challenges to enhance economies of effort, is needed. Also needed is a more effective way to engage the business and community sector in security efforts. There have been some good examples of this, especially in critical infrastructure protection, but the effort needs to come on a broader basis. This should see attention given to organised crime, as well as enhanced efforts in the cyber domain. Further efforts to counter violent extremism are also needed, and these need to be conducted in increasingly sophisticated ways. 2

Resourcing national security The Commonwealth government s allocation of resources to their stated risk is currently heavily skewed towards defence spending. This is understandable given the long lead-times and increasing cost of defence capability. But the Commonwealth s own National Security Strategy shows that six of the seven major risks are not primarily some, not even slightly defence related. While we can t compare the risks objectively as there is no detail about either the likelihood or consequence of each, we can infer a two points that have a great importance for resource allocation across the national security community. Figure 1: The National Security Budget 2012-13 Foreign Affairs - 1 3% ASIO 1% ASIS 1% ONA 0% Federal Police 4% Foreign Aid 16% Defence 75% Source: 2013-14 Cost of Defence, ASPI Defence Budget Brief Firstly, national security risks with a primarily domestic focus receive only a small part of the Commonwealth s money. Indeed, it would be fair to infer that risks such as domestic terrorism, organised crime, critical infrastructure and cyber security might only account for three or four per cent of the Commonwealth s national security spending. Of course, state governments bear a reasonable share of the burden too in some risk areas. But any objective assessment of the risk is likely to find that these dimensions of security are not sufficiently resourced and therefore may not be addressed in a way that seeks to reduce the actual level of risk. It s also important to note that the language used in the paragraph above was heavily qualified. That s because the Commonwealth has not presented a clear explanation of the relative risk between each of the eight challenges listed in the National Security Strategy. This means it is impossible to identify whether resource allocations are actually following risk assessments, or whether these allocations remain bound by historic spending patterns. So the second major point is that better information would help to create more rational arguments for resourcing priorities. The National Commission of Audit might wish to consider asking for this assessment as its members consider where the Commonwealth can best place its emphasis in the security realm. 3

Policing and law enforcement One clear trend of the past century has been a steady expansion of the range of crimes that can be perpetrated against both the community and the nation. Australia s state governments were able to deal with most major crime areas at Federation: and most of these major crime areas still exist today. But the onward march of technology, Australia s increasing absolute and relative prosperity, and the growing irrelevance of domestic and international borders to criminal enterprise have increased the importance of the Commonwealth s role in law enforcement. This continuity and change has major implications for all Australian governments, and makes close cooperation among them essential for the continued development of Australia s society, economy, security and reputation. The change in the extent, vectors and nature of crime have made the Commonwealth s powers bought more directly relevant to law enforcement at the local level. For example, the Commonwealth s responsibility for telecommunications is now critical to combatting cyberfraud and identify theft; its corporations powers are used to prosecute major economic crimes; and its responsibility to protect the states from domestic violence has acted as a rallying-point in the national fight against terrorism. Less noted has been the generation of criminal intelligence, which is shared among the jurisdictions and is both an efficient and effective way of handling this delicate material. Also similarly efficient is the way the Commonwealth leads on overseas law enforcement partnership arrangements, and provides practical assistance to develop policing and legal capability for neighbours and others. These trends are unlikely to be reversed, and they may be accelerated in some places. In particular, the number of instances where the states may actually refer powers to the Commonwealth could increase as it becomes clear that new legal innovations such as unexplained wealth laws are best pursued from a national basis. There is also a pressing need for the Commonwealth to lead the multi-jurisdictional effort against organised crime by encouraging consistent, nation-wide policing capabilities. Overseas, the increasing fragility of some states, and the need to build effective rule of law in these, is likely to see governments wish to use their law enforcement instruments to achieve national policy objectives perhaps in place of, or at least in addition to, the traditional military contributions to these situations. While the Commonwealth should not seek new power unjustifiably, it must be alert to where its mandate and resources can be best used to ensure a national approach to fighting crime. One particularly important contribution that the Commonwealth government makes, and makes available to the state governments and international partners, is criminal intelligence. The Commonwealth has already made a major contribution to this function and product. Notably, the breadth of inputs to this intelligence is expanding, with the inclusion of taxation, immigration, customs and social security information. This kind of aggregation will require careful management, especially in relation to privacy, but it will provide an essential weapon for law enforcement officers. Yet the resources being devoted to this function, especially through the Australian Crime Commission, is decreasing. This is a false economy. Cyber Security In a globalised, world, the key that keeps much of our economies, infrastructures, lines of communication, defence, security, intelligence and social capital enabled is the cyber domain. Cyberspace has created intimate interdependencies between states and new 4

avenues for governments to achieve their policy objectives. As cyberspace empowers individuals, non-state actors and the private sector, a large-scale cooperative approach between public and private sector stakeholders is required. And as technology develops in quantum leaps, questions remain about how we should manage the cyber front both at home and abroad. The ability to leverage cyberspace is one of the twenty first century s most important sources of power. State and non-state actors can use this power to achieve financial, military, political, ideological or social objectives in cyberspace or the physical world. These objectives can be for both positive and negative purposes. Like most technologies, cyberspace is agnostic to politics and ideology, but is a powerful transfer mechanism for both. The twenty first century is going to be defined by the cyber domain. There will be a great responsibility to ensure that those that wish to exploit cyberspace for negative purposes are denied as much operating space as possible. This must be achieved without reducing the openness and freedom that the cyber domain has enabled. Cyber power is attractive to the whole spectrum of actors, be they large nation states, or small non-state actors, primarily because of its low relative cost, high potential impact and general lack of transparency. Powerful actors can combine cyber power with existing military capabilities, economic assets. Less powerful actors states, organisations, individuals, can gain asymmetrically in cyberspace by inflicting extensive damage on vulnerable targets. For a relatively small investment, networks can be bought down, valuable information stolen and interfered with. The threats in cyberspace are crossing multiple national jurisdictions with increasing frequency. This places stress upon the state to be able to cope with the cross-boundary nature of the threat, and requires states to cooperate with other to achieve mutually beneficial outcomes. It is up to the different levels of government to work with counterparts in other jurisdictions to achieve success in the prevention and alleviation of cyber insecurity. Australian Context Cybersecurity is rapidly emerging as a high-priority policy challenge for the Australian Government. The National Security Strategy released in January 2013 listed malicious cyber activity as the third of seven key national security risks and called for closer partnerships with the business community to develop a more effective response. One of the problems inherent in cybersecurity is the sheer number of government and private sector entities that have a legitimate interest in the field. This adds enormously to the complexity of cyber policy development. The Australian Government s 2009 Cyber Security Strategy lists nine agencies, units or committees with critical cybersecurity responsibilities, but the number s really much larger and growing. i The Intelligence Services Act 2001, which governs DSD s operations, gives the agency responsibility for information security across all government operations, not simply Defence. DSD s Cyber Security Operations Centre was established in 2009 to create a single gathering and reporting point for information on detecting and defeating cyberthreats. Within the Attorney-General s Department (AGD), a computer emergency response team was rebranded in 2010 as CERT Australia, to provide a single point of contact on cybersecurity information for Australian businesses and individuals. 5

In January 2013, the then Prime Minister announced the creation of the ACSC, which, she said: will be the hub of the government s cyber security efforts. It will include, in one place, cyber security operational capabilities from the Defence Signals Directorate, Defence Intelligence Organisation, Australian Security Intelligence Organisation, the Attorney-General s Department s Computer Emergency Response Team Australia, Australian Federal Police and the Australian Crime Commission. These measures point to a consolidation of cyber functions, particularly at the operational level, where information technology specialists detect cyber intrusions and deploy countermeasures. The bulk of government investment in strengthening cyber capability has happened at that highly technical level. The ACSC also aims to build stronger, practically focused links with the private sector. The goal to have the new stand-alone facility operating by the end of 2013 looks unlikely to be achieved, but the focus on practical technical matters is one important part of a holistic policy response. Sadly, the story is much less positive at the level where governments, agencies and businesses develop cyber policy the handling strategies needed to support good-quality decision-making on cyber matters. As cyber lifts in national priority, the need is to ensure that our policy development capacities also increase. In the past few years, however, responsibility for cyber policy has been shifted between no fewer than three departments. The most recent organisational reshuffles in cyber policy were announced in May in the 2013 Defence White Paper with the renaming of DSD to the Australian Signals Directorate, and in the announcement of the creation of the ACSC in January 2013. The white paper said that the Centre will be overseen by a Board, led by the Secretary of the Attorney-General s Department, with a mandate to report regularly to the National Security Committee of Cabinet. ii In effect, we ve returned to the situation that applied in 2009: AGD has the lead in reporting cybersecurity issues to government, this time through a board rather than through the Cyber Security Policy and Coordination Committee. Most concerning, though, is that the drive for a Cyber White Paper has been lost and the skill base for policy work in the major departments has been eroded through constant changes of role. The new ACSC will focus on operational matters rather than on policy, so AGD will report to government on cyber incidents rather than on shaping policy choices. The answer to the question Who owns cyber policy? is that no department or agency has a strong grasp on that area right now. It s not surprising that the Business Council of Australia s submission on the Digital Economy White Paper rather sharply said that the white paper should present a coherent government strategy to deal with cyber security, drawing together multiple existing initiatives. iii 6

i Australian Government, Cyber Security Strategy, 2009, available from http://www.ag.gov.au/rightsandprotections/cybersecurity/documents/ag%20cyber%20security%20strategy%20- %20for%20website.pdf. ii DoD, Defence White Paper 2013, para. 2.90, p. 21, available from http://www.defence.gov.au/whitepaper2013/docs/wp_2013_web.pdf. iii Business Council of Australia, Submission to the Department of the Prime Minister and Cabinet regarding the Digital Economy White Paper, January 2013, available from http://bca.com.au/content/102083.aspx. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information