Cyber czar could create policy delays

Responsibility best left to agencies, thinktank suggests.

The head of the government-sponsored Australian Strategic Policy Institute Andrew Davies has urged against appointing a single 'cyber czar' to combat internet-borne security threats.

Davies told the a summit in Canberra last week that cyber security was best understood as a set of policy issues ranging from nuisance to national security.

He said those issues currently fell under the remit of three sets of Federal and State agencies.

Any attempt to consolidate responsibility would cause delays and introduce inflexible approaches to override otherwise practical approaches, Davies said.

Federal and state law enforcement authorities became involved in cyber crime policing for identity theft and credit card fraud issues.

Issues of lax user behaviour and unwise site searching made cyber security an educational and quasi-regulatory issue, bringing it under the auspices of the Australian Communications and Media Authority (ACMA) and the Department of Broadband, Communications and the Digital Economy (DBCDE).

Because cyber security was also associated with potential incursions by foreign governments, it became an issue for the Department of Defence and for the National Cyber Security Adviser within Prime Minister and Cabinet.

While Davies agreed it was important for the various agencies to communicate regularly with each other to stay alert to new developments in cyber crime, this was an inadequate argument for establishing a national cyber czar.

Davies argued there was a clear mandate for government intervention only on issues of Defence, national security or where it was clear a crime had been committed.

His view was countered by a general consensus at the summit that the Government had been too slow implementing a cyber security strategy, putting it years behind other nations.

No national picture

A perceived lack of official statistics on cyber security was seen by summit attendees as conflating the Government's cyber security woes.

While priding itself on evidence-based policy making, statistics and a systematic national perspective on cyber security provided by the Government and its various agencies remained elusive.

Attorney-General Robert McClelland, who opened the summit, offered little in terms of hard data, reprising a previous announcement by CERT Australia of its identification of 250,000 stolen records and advising organisations to take steps to minimise damage.

Australian Institute of Criminology research analyst Alice Hutchings submitted to the summit a wide range of estimates of the cost of cyber crime varying from $345 million to over $1 billion.

She also cited survey results from 2009 on the number of businesses said to have experienced a cyber "incident".

However, the summit did not turn up a clear and credible benchmark of what was happening, whether it was getting worse and what worked best in reducing cybercrime.

Read on to page two to find out why we shouldn't worry too much about the cyber threat posed by China.