Australia’s cyber readiness has received high scores but more work is needed to improve cyber policy leadership by the Abbott government, according to a new report by the Australian Strategic Policy Institute (ASPI).
The report, Cyber Maturity in the Asia Pacific Region 2014 (PDF) assessed 16 different countries including Australia, the United States, United Kingdom, South Korea, Japan, Singapore, China, Malaysia, India, Philippines, Indonesia, Thailand, Myanmar, Papua New Guinea, North Korea and Cambodia.
Australia received a score of 75.8 which placed it third behind the UK (81.2) and the US (86.3). This score was based on the following criteria:
This covers the government’s organisational structure for cyber matters, including policy, security, critical infrastructure, computer emergency response teams (CERTs), crime and consumer protection.
“There is uncertainty about the leadership of cyber policy within government since the abolition of the National Security Adviser position in October 2013 by the [Abbott] government. Australia’s score would improve with greater clarity on policy leadership, and with the effective implementation of the Australian Cyber Security Centre [ACSC] which is expected in 2014," read the report.
The Sydney Morning Herald reported at the time that Prime Minister Tony Abbott decided to scrap the National Security Adviser and Deputy National Security Adviser roles which were set up by former PM Kevin Rudd in December 2008.
The story quoted unnamed government security sources who said that National Security Adviser Margot McCarthy was stripped of the title and was now referred to as associate secretary. Deputy National Security Adviser Allan McKinnon was moved to the people-smuggling taskforce called Operation Sovereign Borders.
The Australian Cyber Security Centre was announced by former Prime Minister Julia Gillard in January 2013. It is intended as a new hub for security professionals from the Defence Signals Directorate, Defence Intelligence Organisation, Australian Security Intelligence Organisation (ASIO), the Attorney-General’s Department’s Computer Emergency Response Team (CERT) Australia, Australian Federal Police (AFP) and the Australian Crime Commission (ACC).
This covers the dialogue between government and industry on cyber issues.
According to the report, there are several government-industry services such as the cyber safety StaySmartOnline Alert service but most of the initiatives “appear to be one-way, not two-way dialogues".
"The iCode is a notable two-way success for public and private engagement.”
The iCode is a voluntary code of conduct for ISPs. According to the report, the code provides a “consistent approach” for ISPs when addressing cyber security issues and covers 90 per cent of the Australian consumer Internet market.
End users are redirected to iCode's home page if their ISP's systems show their computer has been infected by malware. Consumers can receive resources such as online tools to diagnose and fix infected machines or home visits for the technically inept. The iCode commenced operation in December 2010.
This covers the military’s role in cyber space, cyber policy and cyber security.
“The Department of Defence maintains sophisticated cyber security capabilities and the Australian Signals Directorate (ASD) is responsible for the development of the nation’s signals intelligence capability,” read the report.
ASD is the Commonwealth Information Security Authority and maintains the Information Security manual for federal government agencies. It also runs the ACSC which is responsible for defending against threats to Australian interests in cyber space.
The report follows a similar report called the Cyber Readiness Index 1.0 published in November 2013 by Hathaway Global Strategies on behalf of Cisco.
The report examined 35 countries that have readily adopted ICT and the Internet. It measured national cyber security strategy, formal incident response capability, commitment to fighting electronic crime, information sharing and cyber initiatives investment.
Australia was placed at number 11 as it has a national strategy, critical incident response team, crime treaties, information sharing, a research & development agenda and funding.
Follow Hamish Barwick on Twitter: @HamishBarwick