Turnbull's cyber threat sharing centres to model UK

Prime Minister Malcolm Turnbull will look to the UK when implementing the threat sharing centres outlined in the federal government's $230 million cyber security strategy, according to one of his main policy advisors. 

Lynwen Connick.

The private-public threat information sharing centres, along with an associated online portal, form one of the five main pillars of the strategy revealed last month. They will be housed in capital cities around the country.

At the CeBIT conference in Sydney this week, first assistant secretary of cyber policy and intelligence at the Department of Prime Minister and Cabinet, Lynwen Connick, said the centres would be modelled on the UK's cyber security information sharing partnership (CiSP). 

The CiSP facilitates the real-time exchange of threat information between public and private sector bodies through its 'Fusion Cell' joint team of industry and government analysts.

CiSP members can also receive free network monitoring reports, as well as alerts, advisories, summaries and bespoke malware and phishing email analysis.

Since launching in March 2013, the UK scheme's membership has grown to 2000 organsiations and 5300 individuals. 

"Our plan is for it to be quite similar to what the UK has done with their information sharing portal, in that Australian organisations can join up [and] subscribe to particular communities of interest and get information about threats," Connick said. 

Australian businesses, government agencies, and researchers will be co-located within the centres and help produce data and advice for organisations to help improve their security posture. 

Connick described the aim of the centres as allowing different organisations to feel comfortable sharing information, with "government acting in some cases as an honest broker to enable that sharing". 

"The first thing we'll do is set up a pilot with a threat sharing centre in one of the regions, while at the same time working on the online portal," shek said. 

"The threat sharing centres – both the [existing] Australian Cyber Security Centre and the ones in the capital cities – will put information into the portal for people to access. 

"And that's part of getting information out to people who are not necessarily in big business or in the capital cities but who still want threat information." 

Adequate funding 

Connick also defended the adequacy of the funding provided to Australia's cyber security strategy when compared to similar programs in the US and UK. 

It was revealed overnight that little new funding had been allocated to the strategy, with the government pulling over $122 million out of existing Defence funding in its latest federal budget.

"We think $230 million plus $400 million in the defence white paper is significant for Australia, and we're building on a very significant base," Connick said. 

US President Barack Obama earlier this year set out a US$5 billion (A$6.62 billion) increase in cyber security funding for his fiscal 2017 budget to US$19 billion, and the UK government last year pledged£1.9 billion (A$3.5 billion) towards cyber security.

Connick predicted that local government and private sector spending on cyber security would likely grow in the years ahead. 

"I'm sure that investment in cyber security will keep growing, because this is our future. This is a very important area for both government and business," Connick said. 

"One of the things we've heard from businesses is that most businesses want to help contribute to our inititatives. 

"We think, in areas like awareness raising programs, we'll be able to join up private sector awareness raising programs with government programs, and you'll see quite substantial capabilities when we do that."