Feds five years behind on cyber security: AusCERT

The Federal Government was well behind other countries in managing internet threats with several speakers at a two-day cyber security summit in Canberra alleging Government action was 'too little, too late'.

AusCERT general manager Graham Ingram told attendees that Australia was up to five years behind when it came to planning for cyber security incidents.

“I want to leave you with a very bad feeling...The threat of a cyber attack is high and it has been so for some time," he said.

Queensland University of Technology hacker specialist Dr Nicholas Chantler said Australia was "not moving at the speed that technology was moving" when it came to addressing cyber security.

"We are slipping back,” Chantler said.

"Cyber security is everybody’s problem. But perhaps we need an Australian Cyber Czar – someone that brings everything together. The US were ahead of Australia in appointing a cyber security chief who reported to the national security council."

While agreeing that Government had been tardy in responding to cyber crime, the Australian Strategic Policy Institute's operations and capability program director Andrew Davies sought to defend Canberra's position.

Davies accused several of speakers of being alarmist, deceptive and impractical in their demands.

“This (cyber security) community broadly is not good at talking with Government. When it does the policy advocacy often lacks an understanding of economics, lacks an understanding of politics and sometimes lacks an understanding of Government,” Davies said.

Characterising cyber crime as “Cyber Pearl Harbour” or saying “the next 9-11 will be in cyber space” was a good for attention-seekers but led to a tendency to exaggerate the nature of the concerns", he said.

“Making every problem with a cyber prefix a national security problem is actually antipathetical to clear thinking,” Davies said.

Davies was unswayed by calls for a single cyber czar and said it made sense to have three separate Ministers oversighting a single cyber security strategy.

He rated the Government as C-  for timeliness, B+ for its conceptual framework, B- for Governance and said the jury was still out on whether resources were appropriate applied.

“Overall that’s a solid result but it could do it better," he said.

AusCERT’s Ingram said what was missed most was a “real public-private partnership” on cyber security between Government and industry.