The Federal Government has announced its intention to sign the Council of Europe Convention on Cybercrime.
Australia will join the European Union, the United States, Canada, Japan and South Africa after the EU pushed for its convention to become the international standard on cybercrime.
Among other things the treaty requires countries to have a representative available 24 hours a day to assist in investigations while also obliging them to create domestic laws. It also promises the facilitation of greater international cooperation.
To date, 27 countries have ratified the treaty, but more than 100 are using it as a basis for reforming their domestic legislative framework.
The treaty outlines four criminal offences:
- "Offences against the confidentiality, integrity and availability of computer data and systems, including illegal access to computer systems, illegal interception, data interference, systems interference and the misuse of devices;
- computer-related offences, including forgery and fraud;
- content-related offences, including child pornography; and
- offences related to the infringement of copyright and other related rights"
The announcement follows Australia's involvement in the negotiations for the controversial Anti-Counterfeiting Trade Agreement (ACTA) by 10 nations and the European Union.
In recent months, the issue of cyber security has hit the headlines with the revelation that mining giant, Rio Tinto, had its systems hacked and a corporate customer of Optus' was hit by a distributed denial of service (DDoS) attack.
A group calling itself ‘Anonymous’, also recently launched a denial of service (DoS) attack on two government websites to protest the Federal Government’s plans to introduce mandatory ISP-level Internet content filtering.
The attack, named “Operation Titstorm”, hit the Australian Parliament House and the Department of Broadband, Communications and the Digital Economy (DBCDE) websites.
Despite a lot of this recent spotlight revolving around attacks allegedly coming out of China, the greatest threat to Australian organisations is corporate espionage, rather than state-sponsored hacking, a security expert has warned.
Aside from the move to join the European cybercrime treaty, the Australian government has made several other moves to combat these threats and other potential cyber risks.
The rare move, which began in 2009, makes the country one of a few in the world with a centralised national critical infrastructure protection model.
The Critical Infrastructure Protection Modeling and Assessment (CIPMA) program was launched in 2007 and received a $23.4 million funding boost to 2012 in last year's budget.
It is spearheaded by the Federal Attorney-General which received a $15.2 million share and its research department Geoscience Australia which scored $800,000.
The CIPMA program is also an initiative of the Trusted Information Sharing Network formed to examine the relationships and dependencies between CI systems and how failures in one sector affect other sector operations.
In January, the Federal Government moved to step up its cyber warfare defence capabilities with the opening of the Cyber Security Operations Centre (CSOC) announced as part of the Defence White Paper released last year.
The centre, housed inside the Defence Signals Directorate (DSD) headquarters in Canberra, will provide critical understanding of the threat from sophisticated cyber attacks, according to the minister for defence, senator John Faulkner.
In November 2009, Computerworld revealed the CSOC had already reached some operational capability but an acute lack of information on the offensive capabilities being developed remains with the government and Defence department refusing to divulge details.
There is also little clarity around its governance or oversight mechanisms, a circumstance that sparked calls from academics and information security analysts for greater public debate and disclosure.
Also in early November, the Australian Security Intelligence Organisation (ASIO) confirmed that Internet-based attacks have been used by hostile intelligence services to gain confidential Australian Government and business information. That same month the Government created a new national computer emergency response team, CERT Australia.