Despite many of the information security threats faced by Australian governments and the private sector coming from known sources, not enough is not being done to block bad actors, according to the minister for cyber security and law enforcement, Angus Taylor.
Taylor said that he was not calling for an “Internet filter” but said he would push for increased collaboration between the government and businesses, including telcos, cloud providers, data centre operators and software providers, to block known malicious domains.
“Between us we see much of the activity and many of the threats,” the minister said in remarks prepared for the Technology in Government conference.
“It is my intention to develop this model within the government, as an exemplar, and then roll it out to our key partners,” Taylor said.
The minister said he would work towards the creation of a “threat picture”, based on data from Defence, law enforcement, government agencies and the private sector.
“Under this concept we would have a common threat picture, a known target list and a set of priorities that best meet the particular capabilities of each member,” Taylor said.
“Law enforcement targets the criminality, Defence conducts national security, telcos actively block threats and everyone works to raise the default security posture of their customers.”
Australia needs to adopt a posture of “forward defence” as part of its approach to “national cyber defence,” according to Taylor.
“We have effectively been debating, in a digital context, the merits of Fortress Australia vs Forward Defence – an isolationist policy versus a more interventionist one,” Taylor said.
“And I believe we have landed, in the cyber domain, just where we have landed in the physical domain.”
Australia can’t “hide behind our firewalls and our gateways” in “glorious isolation”, Taylor said. “We must build a system that is active, interventionist and collaborative.”
That system needs to be based on collaboration with Australia’s allies and, especially, with the private sector, the minister said: “For too long government has viewed the private sector as a service provider or as a piece of infrastructure that must be protected. And in traditional national security that was correct – and there is the problem we must address.”
Keeping Australia’s safe requires an “economy wide” wide view and an approach of “defence in depth”.
When it comes to cyber security, unlike other sectors, the government has not begun to “regulate or assure the market”.
“And that is because of the roots of cyber – cyber comes out of the intelligence world,” Taylor said.
“The wide-scale defence of a nation is a new thing to intelligence agencies. It’s bigger than critical infrastructure, it’s bigger than protecting key secrets and it brings a new set of challenges.”
The minister said that he was focused on delivering a “new national cyber agenda” and building a “national cyber defence network”.
Taylor said that national cyber defence comprised both layered defence and an “interventionist element” with six core elements:
• Blocking and targeting both “major and criminal” threats;
• A framework for strong attribution and response to cyber attacks;
• Increased data sharing on threats;
• An insurance market that recognises investment in security, and the data necessary to support this;
• Effective awareness campaigns; and • A government that is able to lead by example.