Just 14 months after the launch of the Australian Government’s Cyber Security Strategy, the Prime Minister Malcolm Turnbull has begun a process of refreshing the plan, and has looked outside of government for strategic design support.
The cyber security roundtable hosted by Mr Turnbull in Canberra last week proposes an embedded role for industry at the frontline of cyber-based national security efforts through the creation of a council on cyber issues reporting directly to the Prime Minister.
Government is also considering widening the range of intelligence materials related to cyber threats that will be shared with these private sector partners, creating mechanisms by which the Australian Signals Directorate could more easily share the highest levels of threat information.
There is an active discussion around telecommunications and internet industries creating industrial-scale, nationwide opt-in security services for Australian businesses and consumers that automatically blocks known threats and malicious sites based on the intelligence sharing.
The proposal is not straight-forward, not least because of the limitations on the ASD’s ability to share materials that come in as classified. But according to people in the room, the intent is there for intelligence services to provide better access to its risk analysis.
The Prime Minister’s cyber roundtable coincided with the release of a stinging assessment of the Cyber Security Strategy released last week by the ANU’s Australian Strategic Policy Institute.
The report card gives the government poor marks for implementation, and highlighted the patchy nature of the government-industry partnerships on cyber issues.
“Progress towards a national cyber partnership has been undermined by the ad hoc nature of government’s communications and insufficient expectation management with industry partners,” the ASPI report said.
“While some companies could show more initiative, the government also needs to more clearly delineate the division of responsibility within the national cyber partnership.”
According to people inside the room, the 70 minute roundtable included some discussion about the creation of an industry committee, with some ideas for some early tasks but government has not yet proposed a structure for the group.
The makeup of last week’s Cyber Security roundtable was telling, a mix of telecommunications, IT, government, and intelligence agencies.
The meeting was hosted by the Prime Minister and his assistant minister for cyber security Dan Tehan, and included Mr Turnbull’s cyber adviser Alastair MacGibbon, and Australian Signals Directorate chief Paul Taloni.
Also in attendance was Children’s eSafety Commissioner Julie Inman Grant, perhaps suggesting a broadening of her role.
Telecommunications companies in the room included Telstra, Optus, Vodafone, TPG, Macquarie Government, NBN CO and Verizon, while the technology platforms Amazon Web Services, Facebook and Microsoft.
Australia’s internet regulatory body AuDA attended the roundtable, as did the Australian Information Industry Association and the Communications Alliance. The Attorney-General’s department and its various attached intelligence services were also in the room.
It is understood the industry representatives will potentially come together again in a teleconference to try to agree on a manageable set of priorities for potential industry-wide work, while government sorts out a possible structure for the information sharing.
“We need to work more closely together … we have always worked closely, but we need to be more cohesive,” the Prime Minister told the roundtable in his opening remarks.
“What we’re looking for today is an open discussion as to how all of us – telco’s, the big over the top providers, the big web-based platforms; Amazon, Facebook, infrastructure providers like NBN – can work together to ensure that we can better protect Australians, their businesses, their families, keep them safe and online.”
Meanwhile, Mr Turnbull has made good on the commitments made in the original Cyber Security Strategy to increase the Commonwealth cooperative activities across the region.
The Australian Ambassador for Cyber Affairs Tobias Feakin signed an memorandum of understanding with the Cyber Security Agency of Singapore as a part of the leadership bilateral meetings between Mr Turnbull and Prime Minister Lee Hsien Loong.
The agreement covers cybersecurity cooperation in key areas including regular information exchanges on cybersecurity incidents and threats, sharing of best practices to promote innovation in cybersecurity, training in cybersecurity skillsets, joint cybersecurity exercises with a focus on the protection of Critical Information Infrastructure as well as collaboration on regional cyber capacity building and confidence building measures.
Dr Feakin will this morning address an Australian Chamber of Commerce meeting in Bangkok this morning on cyber issues.