The government’s cyber threat sharing platform has received a 10-times funding boost just days after it was officially launched and more than four years after it was first announced.
As part of the government’s $1.3 billion, 10-year cybersecurity package, partially revealed on Tuesday morning, Prime Minister Scott Morrison said a new cyber threat-sharing platform would be established with more than $35 million in funding.
The new platform is to enable “industry and government to share intelligence about malicious cyber activity and block emerging threats in near real-time”. But the announcement is actually for enhancements to an existing commitment from the 2016 Cyber Security Strategy that was finally delivered on 26 June.
The original cyber threat sharing platform had a budget of $2.98 million over four years, running until the end of June this year, with the government planning to purchase an off-the-shelf solution from the private sector.
A spokesperson for the Australian Cyber Security Centre (ACSC) confirmed that the new funding is for “enhancements” to the existing platform, which is housed on cyber.gov.au, and will help it run for the next decade.
“Since the announcement of the 2016 strategy, ASD’s ACSC has identified necessary enhancements to its existing cyber threat intelligence sharing capabilities,” the spokesperson told InnovationAus.
“The enhanced platform will provide new multi-directional threat information sharing feeds between government and industry and will expand the volume and types of information shared.”
In an answer to a Senate Estimates question on notice, the Department of Defence said that the Attorney-General’s Department had received $2.98 million over four years from 1 July 2016 to deliver a cyber threat intelligence management and sharing capability.
This was transferred to the Australian Signals Directorate following machinery of government changes. The ASD undertook an approach to market to pick a commercial off-the-shelf cyber threat intelligence management and sharing capability.
This was slated to replace three existing intelligence sharing platforms: the Australian Cyber Security Centre’s Partner Portal, the Cyber-Threat Intelligence System and the Australian Internet Security Initiative.
The platform was delivered through enhancements to cyber.gov.au on 26 June. Just days later, the Prime Minister re-announced the cyber threat sharing platform with a funding price tag 10 times higher.
The 2016 cyber strategy, unveiled by former Prime Minister Malcolm Turnbull and running until April this year, called for the establishment of a “layered approach for sharing real time public-private cyber threat information”, through joint cyber threat sharing centres and an “online cyber threat sharing portal”. This portal was to be co-designed with the private sector.
“It will enable participants in joint cyber threat sharing centres to quickly publish threat information and practical advice that Australian organisations can use to strengthen their cyber defences,” the strategy said.
This goal was assessed as “ongoing” in the Department of Home Affairs’ status update on the strategy last year, which stated that an interim public-private communications platform had been established while a longer-term solution was being developed.
While the original threat-sharing platform was given just under $3 million, the new version will have more than $35 million in funding.
Speaking about the cyber announcement on Tuesday, shadow home affairs minister Kristina Keneally accused the government of copying its own earlier strategy.
“Some of the measures announced in today’s package are announcements of things that government promised to do in 2016. For example, the threat-sharing platform with the private sector,” Senator Keneally told the media.
Shadow assistant minister for cyber security Tim Watts also pointed out the apparent re-announcement on Tuesday. He said the 2016 strategy lacked leadership and accountability.
“The 2016 Cyber Security Strategy had money also, but because there was no leadership, many of its commitments were ignored, abandoned or reversed,” Mr Watts told InnovationAus.
“So as well as funding, the government needs to reinstate a dedicated minister, improve the cybersecurity of its own departments and agencies which the ANAO has shown to be poor, it needs to increase the baseline of all Australians’ cybersecurity by treating this as a national health issue and it also needs to release its new Cyber Security Strategy, which Australia has been without for more than two months now,” he said.
“Otherwise it will repeat the failures of the 2016 strategy and will be another example of the government over-promising, but under-delivering.”