Telcos lobby Govt to fix 'piecemeal' approach to cyber security

Australia's telecommunications industry has called on the federal government to channel its 'fragmented' approach to cyber security into one lead agency, but recommended against that body being spy agency ASIO.

The Government is currently conducting a review of its six-year old national cyber security strategy to keep up with changes to the technological landscape.

It had been lobbied by multiple parties - including the Commonwealth Bank - for some time to update the policy and improve the nation's protections against expanding online security threats.

The Government has been taking submissions since late November.

Australia's representative body for telco and internet service providers, the Communications Alliance, today published its thoughts [pdf] on how the Government's cyber defences could be improved.

It is critical of the number of Government bodies that have responsibility for cyber security functions, and said this "piecemeal" approach needs to be replaced by a single port-of-call for cyber security issues.

"It appears that historic developments and an, at times, piecemeal approach have left Australia with a very large number of Government departments and agencies with partly overlapping and intersecting cyber security-related responsibilities," the Comms Alliance wrote.

"Better coordination of the current spread of agencies and programs and the creation of a single national point of access to Government’s cyber security agencies is likely to increase efficiencies and to deliver a clearer message to all stakeholders."

The Department of Communications currently employs a Cybersafety Commissioner and looks after 'Stay Smart Online' and other online safety initiatives; while CERT, the Australian Cybercrime Online Reporting Network (ACORN), SCAMWatch and Protect Yourself Online initiatives are located with the Attorney-General's Department.

Responsibility for the new Australian Cyber Security Centre is shared between the AGD and the Department of Defence.

It is currently unclear which agency is the arbiter of security risk, the organisation said.

"Industry believes that there ought to be a unified directory (or ‘single point of truth’) of information regarding cyber threats and responses where relevant professionals and members of the public can subscribe to receiving further targeted awareness information (and alerts depending on criticality)."

However, it urged against appointing Australian spy agency ASIO as the lead agency for cyber security.

"ASIO may not necessarily be the most appropriate single point of access for a future cyber security framework," the Comms Alliance wrote, without elaborating further.

It has been contacted for comment.

Australia has the opportunity to become best-in-class for identifying and managing cyber security threats, the organisation argued, but these opportunities will only arise if the country implements a single, nationwide approach to the issue.

"Given the fragmented and at times uncoordinated and piecemeal approach to cyber security industry fears that Australia is not positioning itself to fulfil aspirations of best-practice and becoming an exporter of cyber security related goods and services," it said.

"Quite to the contrary, it currently appears that Australia is losing qualified professionals to overseas locations without necessarily repatriating the expertise that those individuals have gained abroad."

The review of the policy is expected to be complete in six months.