Govt plots national IT security policy

The science and technology offshoot of Australia's Defence department is preparing to introduce a nation-wide policy governing science and IT related to national security.

The framework will include a policy outlining the Government’s strategic direction for national security-related IT innovation over the next ten years, and an accompanying “National Security S&T Program” aimed at delivering “tangible operational and capability outcomes” for national security agencies.

The framework is being developed, and later managed, by the DSTO and will be presented to the Government for consideration at some point this year. 

In the meantime, the agency will spend the next month consulting with relevant stakeholders from government agencies, universities, research bodies and industry and taking feedback on a consultation paper outlining the development of the policy.

The previous Labor Government last introduced a cyber security strategy in 2009.

The aim of the new framework is to improve coordination and delivery of science and technology when addressing Australia's national security challenges. The DSTO wants the nation to respond to threats in a interdisciplinary and cross-sectoral manner “beyond the capability and capacity of any single agency’.

“The intention is to transition from poorly coordinated and under-resourced S&T effort to a collaborative co-investment approach between government, academia and industry that effectively and efficiently delivers innovative S&T solutions in priority national security areas for Australia,” the DTSO’s consultation paper states. 

The DSTO is the lead agency for national security science and technology, a role it was given in February 2012 after the then-Labor Government transferred the function out of the Department of Prime Minister and Cabinet into Defence. 

The DSTO said a 2013 survey into the types of challenges facing national security agencies in regards to IT and science revealed deficiencies in transparency, visibility and accessibility of science and technology efforts and expertise.

The DSTO will rely heavily on a 2009 “National Security Science and Innovation Strategy” released by the Federal Government - which failed to get funding and was not implemented - in creating its new framework. 

The new framework will align with current Government priorities, namely improving foreign affairs in the region, tackling terrorism and serious and organised crime, improving border security, and strengthening Australia’s alliance with the US.

“The policy must create the environment and mechanisms to facilitate a more coherent whole-of-government coordinated approach to delivering national security S&T. Currently, there is no national, strategic and coordinated approach to planning and funding S&T to support national security in the most efficient manner.”

- DSTO discussion paper.

The national security S&T policy will lay out the Government's priorities for the next decade, establish a governance framework, champion shared public and private investment, and offer a means to scale investment between times of immediate and longer-term security challenges.

“This serves three important purposes. First, it will ensure our S&T efforts are directed to our most significant national security challenges. Second, it will guide the allocation of resources towards addressing Australia’s most pressing national security priorities. Third, it will help give universities, industry and other S&T providers’ clarity and some certainty around where they can focus and best serve Australia’s national security agencies.”

- DSTO discussion paper.

Such a framework will be significant in light of a “number of complex” national security problems facing Australia over the next ten years, the DSTO said, which will require significant support and resourcing across both the public and private sector.

It singled out the ready availability of new technology like 3D printing to those with malicious intent, weapons of mass destruction, harmful cyber activity, espionage and bioengineering as challenges the country will face.

The five themes proposed by the DSTO as priorities for the framework - all open to discussion - included cyber security, intelligence exploitation (agencies’ ability to extract intelligence from a “deluge” of data), border security and identity management, the ability to respond to and protect citizens from national security incidents, and investigative support and analysis (technology supporting nationally significant investigations).

Oversight of the national security S&T program will be delivered via a two-tiered arrangement involving a steering committee and working groups.

The DSTO proposed the steering committee - which would advise on investment priorities and be led by Chief Defence Scientist Dr Alexander Zelinsky - should be made up of representatives from Defence, Attorney-General, Industry, and Prime Minister and Cabinet departments as well from ASIO, the AFP, Customs, CSIRO, and ANSTO. 

The committee would oversee working groups tasked with collating requirements from user agencies and determining the most appropriate response within specific areas of the priorities listed in the framework. They will also facilitate information sharing across relevant agencies.