Cyber Security
We live in a modern world. As we increasingly do business online, cyber security continues to be at the forefront of the Government's agenda.
Cyber intrusion, while a distinct method of accessing otherwise private information or disrupting critical systems, cannot be considered in isolation. It forms an important part of the broader security landscape. Ultimately, cyber security is a people problem – as people hack computers.
For this reason, we must continually invest in enhanced capabilities that will bolster our resilience to such threats. The 'Cyber Security Strategy' that I launched in November 2009 underpins the way in which the Government is seeking to achieve this.
CERT Australia — Australia's national computer emergency response team — is at the forefront of that response. Together with other Government agencies and a growing network of international partners, CERT Australia seeks to improve cyber security for all Australian Internet users and businesses. It places a special emphasis on assisting the owners and operators of systems of national interest — that is, those that, if compromised, could result in significant impacts on Australia's economic prosperity, international competitiveness, public safety, social wellbeing or national defence and security.
CERT Australia works closely with the Cyber Security Operations Centre (CSOC), based within the Defence Signals Directorate (DSD), which focuses on identifying and responding to cyber incidents of national significance.
ASIO is also working to guard against foreign interference and espionage, including via technical means. This cooperation is crucial especially to countering the threat posed by those using the Internet as a modern espionage tool with the potential to facilitate access to large volumes of sensitive government and commercial information.
ASIO's close co-operation with CERT Australia and the CSOC seeks to identify developing threats and determine appropriate responses. For this reason, ASIO has also established a specialist cyber investigations unit to investigate and provide advice on state-sponsored cyber attack against, or involving, Australian interests.
Cyber activity is increasingly attracting considerable interest within the community. For example, work by the University of Toronto in 2009 uncovered 'GhostNet', which was believed to have infected computers belonging to Tibetan non- governmental organisations and the private office of the Dalai Lama.
Similarly, threats such as the 'Stuxnet' worm which worked by changing code in systems that control critical infrastructure and events in Estonia where an entire nation state was virtually brought to a stand-still by a sort of denial of service attack give an insight into the extent and capabilities of some hacking efforts.
These attacks and the threat to critical infrastructure such as banking, telecommunications and government systems is not something we can be complacent about.
The Government is taking active steps to improve international arrangements for cyber investigations. The Government has announced its intention to accede to the Council of Europe Convention on Cybercrime – the only binding international treaty on cybercrime.
Accession to the Convention is a critical step as it facilitates international co- operation between signatory countries and establishes procedures to make investigations more efficient. As such, it will help Australian agencies to better prevent, detect and prosecute cyber intrusions.
Emergency Management
I have often been asked 'why natural disasters are considered to require a national security response?'
Last week, I was in Christchurch with the New Zealand Minister for Earthquake Recovery Gerry Brownlee. He took me through the city's CBD which has been cordoned off by the police – a ghost town with crumbling buildings and bricks splayed across the roads. Urban Search and Rescue Teams from around the world – including Australia – continued to pick through the rubble. It felt almost like a war zone without the soldiers.
These kinds of catastrophic events – just like the recent floods and cyclone in Queensland - have shown that nature can be just as damaging as any man-made threat.
I put it to anyone asking this question that, it is our integrated crisis coordination and national security capabilities that our country depends on. Distinguishing between man-made and natural threats does not help us take the most coordinated approach to capability development about which I'll talk briefly in a moment.
Mitigation and ensuring our communities bounce back, and bounce back stronger, is therefore crucial. As a result, national security policy is increasingly focussed on the idea of resilience.
It is a concept that has been explicitly recognised by the Council of Australian Governments (COAG) as fundamental to enhancing Australia's capacity to withstand and recover from emergencies and disasters. Last month, COAG endorsed the 'National Strategy for Disaster Resilience', which provides high-level guidance on disaster management and the development of disaster resilient communities.
The Strategy recognises that resilience is the collective responsibility of all elements of society — governments, business and the community— given their shared responsibility in preparing for, and responding to, disasters.
Forward Agenda
With a constantly evolving national security environment, we need to remain agile with the ability to foresee and respond to key threats and major developments. Improving our national security architecture and enhancing our capability remain the key priorities.
For example, the Prime Minister has commissioned an independent review of the Australian Intelligence Community to ensure our agencies are working effectively together and are well positioned for challenges in this constantly evolving security environment. The review is in full-swing, with consultations with intelligence agencies focusing on working arrangements, relationships and practices.
Recognising that the global security environment is increasingly complex and interconnected, we need to work ever more closely across national security agencies to ensure our capabilities most effectively address the risks we face. Our national security agencies have demonstrated an unprecedented level of coordination to help prevent and respond to threats to Australia's security. It is important that we continue this effort into the future.
Building on our Counter-Terrorism White Paper, the Government is developing Australia's first non-Defence National Security Capability Plan. The Plan will ensure all non-defence national security agencies agree on the security risks facing our country and the capabilities required to respond to those risks in the future.
The Government has also committed to developing a National Security Fusion Capability which will provide our border security, law enforcement and intelligence agencies with opportunities to expand and quickly link information to support the fight against threats such as terrorism, espionage, cyber intrusion and organised crime.
Conclusion
The prominent UK intelligence professional, Sir David Omand defined national security as: '...a state of trust on the part of the citizen that the risks to everyday life, whether from man-made threats or impersonal hazards, are being adequately managed to the extent that there is confidence than normal life can continue'.
Applying these expectations to our role, I am proud of progress the Government has made in protecting the safety and security of all Australians.
Obviously, we will continue to face challenges from a continually evolving national security environment.
As such, we rely on you as our rising leaders in the national security community to be creative and flexible in meeting those challenges.
I have great confidence that you will.
Thank you.
This is the text of a prepared speech delivered by Australian Attorney-General Robert McClelland unveiling a new cyberwarfare unit within ASIO.
