Information security professionals from Australia’s defence, law enforcement and intelligence services have finally started moving into the $630m ‘Ben Chifley’ building constructed for the Australian Security and Intelligence Operation (ASIO) to form the Australian Cyber Security Centre (ACSC).
Major General Stephen Day, deputy director of cyber and information security at the Australian Signals Directorate, told the AISA national conference today that he expected the new centre would be functional by November and fully operational by December.
Around 90 staff moved into the facility last Friday, he said, while a further 60 would move in tomorrow.
The ACSC will co-locate staff from the Australian Signals Directorate, CERT Australia, the Defence Intelligence Organisation, the Australian Crime Commission and the Australian Federal Police.
It subsumes the ASD’s Cyber Security Operations Centre (CSOC), which had been run out of space in Canberra’s Russell Office precinct.
Day promised that by bringing together each of these functions, the Government could ensure there would be “no significant compromise of any system of national importance”.
He stressed that while his staff could not stop attempts to penetrate systems, nor “stop every penetration”, they did have the capability to mitigate the impact of a penetration.
The number of incidents detected by the ASD rose 20 percent last year and looks to again be on the rise after nearly doubling year-on-year in the month of August, but Day said his staff's ability to detect the attempted intrusions and incidents had similarly increased.
Some 48 percent of the incidents were detected to have originated from state-sponsored actors, with only three percent from hacktivists. The ASD was unable to determine the source of around 40 percent of attacks.
Much of the attacks, Day said, were “adversaries seeking defence and national security information” by targeting government or commercial suppliers, but he said the “targeting of commercial information for economic gain was more preponderant.”
The most affected industries outside defence and its suppliers were resources and energy, telecommunications and banking and finance, he said.
Seeking industry links
Day said one of his top priorities was to create stronger links with information security functions in Australian industry.
One of the first products the centre will produce will be a national threat assessment, he said, which will be published for the first time as an unclassified report for general release.
“In time, we want to be able to prepare threat reporting tailored to specific sectors of the economy, for example the telecommunications or resources sector,” he said.
The Cyber Security Centre also wants to “be able to exchange real-time threat information with industry”, and on that score has already started discussions with the telecommunications sector.
“We want to have - as a permanent arrangement - key infrastructure providers inside the centre, and from time to time we would like an exchange of prisoners from key industry sectors to collectively lift the cyber security posture of those sectors,” he said.
[See poll below: Would your infosec function share data with the Australian Government?]
The Cyber Security Centre will want to learn from sectors that have strong infosec capabilities, such as banking and finance and telecommunications, to aid those that aren’t – such as the retail sector, he said.
Day was asked whether he saw any issues with moving security operations away from the ASD’s intelligence functions and co-locating with functions that have very different charters.
“We went into the ASIO building because there was space available,” Day said.
“The new centre is a co-location model. It brings together all these organisations, but they still act in accordance with their existing mandates and legislation.
“That said, if all I deliver is a change in postal address, I probably failed.”