Former spy chief David Irvine says Australia’s capacity to counter threats and criminal activity using cyber investigative tools is “relatively weak” and has called for the creation of a new central cyber agency to better co-ordinate the nation’s cyber resources.
Mr Irvine, who is a former director-general of ASIO and head of Australia’s overseas spy agency ASIS, says consideration should be given to a Commonwealth-led agency that provides “expert technical cyber investigative services” in support of law enforcement and national security investigations being carried out by federal and state agencies.
In a submission to a Joint Committee on Law Enforcement’s inquiry into the impact of new and emerging ICT, Mr Irvine wrote on behalf of the Cyber Security Research Centre – where he is chairman – that fighting cyber criminals would be most effective when expertise and capability were concentrated in a single national body.
“Australia’s national capacity to counter threats and criminal activity using cyber investigative tools is relatively weak, uncoordinated and dispersed across a range of agencies in both Commonwealth and State agencies,” the submission said.
It says “countering cybercrime will be most effective when investigative support mechanisms are concentrated and coordinated on a national basis, utilising skills and technical capabilities developed in the national security areas to strengthen law enforcement activity, and vice versa.”
Mr Irvine said such a central agency would ideally support – rather than duplicate or replace – the functions of those other law enforcement and national security organisations.
“It would also have a training function, to help develop national cyber resilience across the government, private and individual Internet-user sectors.”
“Such an agency might fall within the ambit of the Department of Home Affairs, either as a separate entity or associated with the Australian Cyber Security Centre or the Australian Federal Police and Australian Criminal Intelligence Commission, and with a close working relationship with the skills-intensive Australian Signals Directorate.”
In addition to his role as chair of the Australian Cyber Security Research Institute, Mr Irvine is a visiting fellow of the National Security College within the Australian National University, and of the Australia Strategic Policy Institute. He is also a non-executive director of ASX-listed cybersecurity specialist Covata.
Meanwhile the Adelaide-based Data-to-Decisions cooperative research centre told the committee that Australia’s law enforcement and intelligence communities urgently needed a new approach to capability development.
D2D CRC chief executive Sanjay Mazumdar said via a submission that traditional cyber capability development tended to be done “within single agency wall and stove-piped” and was too slow to meet the speed and sophistication of the threats.
“The mismatch between the rapid uptake of new technologies by threat actors and the less agile capability development activities in agencies will only increase unless new approaches to fostering capability development [within law enforcement and intelligence agencies] are developed.”
“Cooperative relationships must be forged between national security agencies, academia and industry partners to foster a culture of capability ‘co-creation’ where like technical needs are identified and addressed openly.”
The D2D CRC is proposing the creation of an ongoing CRC that would both improve cooperation between agencies and better coordinate capability and resources, particularly in solution development.
Newly-promoted Minister for Law Enforcement and Cybersecurity Angus Taylor said cyber security and cybercrime were among the fastest growing threats to corporations, citizens and governments globally.
“The rapid pace of technological change means that we need to be prepared to adapt the approaches, tools and techniques that we use in law enforcement and national security,” Mr Taylor said.
The government’s cyber security strategy coupled with the recent creation of the Home Affairs portfolio was delivering “delivering the most significant reforms to the Australian national security community in over 40 years.”
“These reforms will improve the 24/7 capability of the multi-agency Australian Cyber Security Centre to meet the needs of the community, business and government,” he said.