{"id":17330,"date":"2014-12-09T11:18:23","date_gmt":"2014-12-09T00:18:23","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=17330"},"modified":"2014-12-10T09:19:07","modified_gmt":"2014-12-09T22:19:07","slug":"cyber-review-deeds-not-words","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/","title":{"rendered":"Cyber review: deeds, not words"},"content":{"rendered":"
\"At<\/a><\/figure>\n

My ASPI International Cyber Policy Centre (ICPC) colleagues have been quick off the mark in response<\/a> to the Prime Minister\u2019s recent announcement of the review into Australian Cyber Security. They warn against a \u2018cautious audit of existing structures\u2019 and recommending the development of an \u2018outward-facing cyber strategy\u2026that addresses how we as a country want to act in a non-traditional strategic environment beyond our own making\u2019.<\/p>\n

While there\u2019s little in the way of detail beyond the initial media release<\/a> as to how the review will be conducted, or its terms of reference, two areas of concern stand out. First, the term \u2018practical\u2019 used in the media release\u2014\u2018the review team will look for practical ways to improve Australia\u2019s security\u2019\u2014may overly restrict the review team\u2019s work. And second, the team might unnecessarily narrow their focus to e-commerce alone.<\/p>\n

An outward-facing cyber strategy must be the outcome sought from the review. The non-government sectors of the economy are looking for strong and consistent policy leadership from government\u2014the review can\u2019t be another low-risk activity that simply contributes to the status quo. Whilst acknowledging the earnest work undertaken by the folk at Australian Signals Directorate and the Australian Cyber Security Centre, to date more importance appears to have been placed on inward-looking government policy co-ordination rather than the need to build a robust national<\/em> cyber capability.<\/p>\n

The development of a national cyber posture, which is both robust and agile, is a task of growing urgency for government. But as the composition of the review team acknowledges, government can\u2019t achieve it alone.<\/p>\n

The government\u2019s role is to provide the necessary strategy and an unambiguous governance structure, within which the other actors in the non-government sector are empowered, encouraged, or if necessary compelled, to contribute effectively.<\/p>\n

As ASPI has recommended in other places<\/a>, there\u2019s a pressing need for a Cyber White Paper that sets out the national strategy for cyber. The first conclusion of the current review should be to deem the current Australian cyber-security strategy inadequate and recommend the development of a White Paper with a clear timeline and accountabilities for its production.<\/p>\n

While a governance structure would seem on the surface to be fairly straightforward, it has proven a particularly problematic topic for previous policy documents. Notwithstanding the apparent difficulty, there are two broad areas requiring attention and action. The first task is whole-of-government policy co-ordination; I\u2019ll leave it to others to explore that particular challenge but at its core is the need for a clear and consistent government policy lead.<\/p>\n

The second task and the one I\u2019ll focus on here is how to draw effectively on the expertise of the private sector and the emerging inter-disciplinary research community. The ICPC here at ASPI, the UNSW\u2019s Australian Centre for Cyber Security and Edith Cowan University\u2019s Security Research Institute are all examples of the latter, and demonstrate a concerted attempt from outside government to collaborate with both the government and the non-government sectors in an attempt to enrich the policy and technical discussion around cyber matters.<\/p>\n

Those organisations have an important part to play. They bring new ideas to the table. And they\u2019ll be key to growing the policy and technical skills that will underpin the sustained development of Australia\u2019s cyber capabilities.<\/p>\n

Effective collaboration with industry will be more challenging. The Attorney General\u2019s Department has been seeking the views of industry over the last 12 months\u2014in what\u2019s been a one-sided activity. One would hope that\u2019s not the engagement model embraced by the review team.<\/p>\n

Australia has world-class banks, the largest mining companies in the world and a vibrant technology sector. The views, knowledge and experience of those and other sectors of the economy need to be heard by government both at a board level and at a CERT or operational level. Regular board-level engagement should be led by the PM to reinforce the national importance of the issue. The technical level needs to address true collaboration not just a loose or voluntary sharing arrangement, it should be more assertive than previous policy papers have been.<\/p>\n

Moreover, issues such as mandatory reporting\u2014supported, if necessary, by regulation\u2014need to be considered. CERT and operational interoperability which enables the real-time exchange of information beyond a voluntary regime would not only be a good start, it would also be an important enabler of a truly robust, agile and interconnected national cyber response capability.<\/p>\n

Six months isn\u2019t much time\u2014but the expectations of the review\u2019s outcomes will grow rapidly during that period. Let\u2019s hope we\u2019re not disappointed.<\/p>\n

Michael Clifford is a senior fellow at ASPI. Image courtesy of Flickr Pacific Northwest National Laboratory<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

My ASPI International Cyber Policy Centre (ICPC) colleagues have been quick off the mark in response to the Prime Minister\u2019s recent announcement of the review into Australian Cyber Security. They warn against a \u2018cautious audit …<\/p>\n","protected":false},"author":274,"featured_media":17352,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[531],"tags":[17,1060,95,484,721],"class_list":["post-17330","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","tag-australia","tag-australian-cyber-security-centre","tag-cyber-security","tag-private-sector","tag-research-development"],"acf":[],"yoast_head":"\nCyber review: deeds, not words | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber review: deeds, not words | The Strategist\" \/>\n<meta property=\"og:description\" content=\"My ASPI International Cyber Policy Centre (ICPC) colleagues have been quick off the mark in response to the Prime Minister\u2019s recent announcement of the review into Australian Cyber Security. They warn against a \u2018cautious audit ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2014-12-09T00:18:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-12-09T22:19:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Clifford\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Clifford\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg\",\"width\":640,\"height\":480,\"caption\":\"At Pacific Northwest National Laboratory (PNNL) the science of cyber analytics supports better predictions and guides adaptive responses of computers and computer networks.\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/\",\"name\":\"Cyber review: deeds, not words | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#primaryimage\"},\"datePublished\":\"2014-12-09T00:18:23+00:00\",\"dateModified\":\"2014-12-09T22:19:07+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/bb5d666c22ddd18638a78c3b7db103ff\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber review: deeds, not words\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/bb5d666c22ddd18638a78c3b7db103ff\",\"name\":\"Michael Clifford\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/24e6c3bb5625a889c0a0fe5df86f771c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/24e6c3bb5625a889c0a0fe5df86f771c?s=96&d=mm&r=g\",\"caption\":\"Michael Clifford\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/michael-clifford\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber review: deeds, not words | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/","og_locale":"en_US","og_type":"article","og_title":"Cyber review: deeds, not words | The Strategist","og_description":"My ASPI International Cyber Policy Centre (ICPC) colleagues have been quick off the mark in response to the Prime Minister\u2019s recent announcement of the review into Australian Cyber Security. They warn against a \u2018cautious audit ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2014-12-09T00:18:23+00:00","article_modified_time":"2014-12-09T22:19:07+00:00","og_image":[{"width":640,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg","type":"image\/jpeg"}],"author":"Michael Clifford","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Michael Clifford","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/12\/4295162815_7c3a328d43_z.jpg","width":640,"height":480,"caption":"At Pacific Northwest National Laboratory (PNNL) the science of cyber analytics supports better predictions and guides adaptive responses of computers and computer networks."},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/","url":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/","name":"Cyber review: deeds, not words | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#primaryimage"},"datePublished":"2014-12-09T00:18:23+00:00","dateModified":"2014-12-09T22:19:07+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/bb5d666c22ddd18638a78c3b7db103ff"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-review-deeds-not-words\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber review: deeds, not words"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/bb5d666c22ddd18638a78c3b7db103ff","name":"Michael Clifford","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/24e6c3bb5625a889c0a0fe5df86f771c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24e6c3bb5625a889c0a0fe5df86f771c?s=96&d=mm&r=g","caption":"Michael Clifford"},"url":"https:\/\/www.aspistrategist.ru\/author\/michael-clifford\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/17330"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/274"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=17330"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/17330\/revisions"}],"predecessor-version":[{"id":17374,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/17330\/revisions\/17374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/17352"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=17330"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=17330"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=17330"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}