{"id":33079,"date":"2017-07-25T06:00:51","date_gmt":"2017-07-24T20:00:51","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=33079"},"modified":"2017-07-24T17:11:36","modified_gmt":"2017-07-24T07:11:36","slug":"intelligence-review-cybersecurity-dimensions","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/","title":{"rendered":"The intelligence review: the cybersecurity dimensions"},"content":{"rendered":"
<\/figure>\n

The cybersecurity dimensions of the 2017 intelligence review report<\/a> have been mostly overlooked, but it contains some interesting recommendations, as well as leaving considerable detail still to be worked out. The proposals don\u2019t fix all the issues faced by a system coming under heavy strain, but they add potentially helpful adjustments, several of them aligned with ASPI recommendations<\/a>.<\/p>\n

The big changes centre on the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). The ACSC will formally operate as part of the ASD, with one minister having primary responsibility for the ACSC and cybersecurity. That minister is likely to be the new super-duper minister, Peter Dutton, but that\u2019s still to be determined.<\/p>\n

The new head of the ACSC will be the prime minister\u2019s special adviser on cyber security, Alastair MacGibbon, who will serve \u2018as the single focus of accountability to the Government for cyber security\u2019. The review proposes merging his team in PM&C into the ASCS. While that move makes a lot of sense, it could create some potentially challenging ministerial reporting lines that the taskforce set up to implement the changes will need to resolve. For example, depending on who the head of the ACSC ultimately reports to, MacGibbon could be reporting to the Home Affairs minister with his ACSC hat on, to the PM with his special adviser hat on, and to the Defence minister with his ASD hat on (given that the ACSC sits under ASD). The big advantage of the move is that putting MacGibbon in charge of the ACSC joins up his policy role with the doing side of the equation.<\/p>\n

Centralising cybersecurity policymaking and drawing the operational agencies into one centre should improve MacGibbon\u2019s ability to encourage government departments to step up their cybersecurity defences. To facilitate that, the review suggests supporting more secondments from across government into the ACSC and allowing staff \u2018to retain their existing organisational authorities and ability to access data, information and capabilities from their home organisations\u2019.<\/p>\n

At present, MacGibbon faces what must be a very frustrating ritual of being hauled before Senate Estimates and asked to explain why government departments keep failing to meet minimum cybersecurity standards, while simultaneously having no authority to force them to step up their game. This change doesn\u2019t fix that disconnect, but it\u2019s a move in the right direction by combining policymaking with operational agencies.<\/p>\n

With MacGibbon\u2019s strong links to industry, the new arrangement should also help improve industry engagement, including within the Joint Cyber Security Centres, which the review proposes remain the responsibility of the government\u2019s computer emergency response team, CERT Australia (which is also likely to move from the Attorney-General\u2019s portfolio to Home Affairs and be placed within the ACSC).<\/p>\n

The suggested appointment of an intelligence coordinator for cybersecurity \u2018to meet and manage the growing expectations of the ACSC, particularly in safeguarding the security of government networks\u2019 also makes sense. That official would report to the head of the ACSC.<\/p>\n

The suggestion to stand up a 24\/7 \u2018capability to manage public messaging and policy advice in relation to rapidly emerging cyber events\u2019 is a strong one, given Australia\u2019s thus far advantageous time zone, which gives us a handy lead time to prepare for attacks that are first unleashed on the other side of the planet. It should also assist with communication deficiencies highlighted by recent cyber incidents.<\/p>\n

The move to officially broaden ASD\u2019s mandate is another important change, and updates its role to fit contemporary realities. As my colleague Andrew Davies has noted with encryption<\/a>, there are plenty of areas where our legislation is lagging.<\/p>\n

Finally, the review provides some striking assessments of the cyber-threat landscape, suggesting this is a beginning rather than the end:<\/p>\n

One of the most worrying aspects of technological change is the way it is helping to place enormously destructive capabilities within easier reach of rogue states and non-state actors. This trend is not reversible and it will lead to an even more threatening international environment than now exists.<\/p>\n

In our view, the challenge of protecting the integrity, confidentiality and availability of systems and data will only become more important and more complex. Defensive and proactive technical security measures will increasingly be at the core of strategies to secure systems and data. Whether it is in relation to data analytics, encryption, decryption, data protection generally or the use of cyberspace, collaboration and co-operation between Australia\u2019s intelligence agencies and the private sector will become increasingly necessary and relevant, not least because in important specific areas private sector ICT innovation and technology application are more advanced.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

The cybersecurity dimensions of the 2017 intelligence review report have been mostly overlooked, but it contains some interesting recommendations, as well as leaving considerable detail still to be worked out. The proposals don\u2019t fix all …<\/p>\n","protected":false},"author":685,"featured_media":33081,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1,531],"tags":[1060,1972,95,667],"class_list":["post-33079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","category-cyber-security-2","tag-australian-cyber-security-centre","tag-australian-signals-directorate","tag-cyber-security","tag-intelligence-reform"],"acf":[],"yoast_head":"\nThe intelligence review: the cybersecurity dimensions | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The intelligence review: the cybersecurity dimensions | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The cybersecurity dimensions of the 2017 intelligence review report have been mostly overlooked, but it contains some interesting recommendations, as well as leaving considerable detail still to be worked out. The proposals don\u2019t fix all ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-24T20:00:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-07-24T07:11:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"337\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fergus Hanson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fergus Hanson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg\",\"width\":640,\"height\":337},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/\",\"name\":\"The intelligence review: the cybersecurity dimensions | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#primaryimage\"},\"datePublished\":\"2017-07-24T20:00:51+00:00\",\"dateModified\":\"2017-07-24T07:11:36+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The intelligence review: the cybersecurity dimensions\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\",\"name\":\"Fergus Hanson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"caption\":\"Fergus Hanson\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The intelligence review: the cybersecurity dimensions | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/","og_locale":"en_US","og_type":"article","og_title":"The intelligence review: the cybersecurity dimensions | The Strategist","og_description":"The cybersecurity dimensions of the 2017 intelligence review report have been mostly overlooked, but it contains some interesting recommendations, as well as leaving considerable detail still to be worked out. The proposals don\u2019t fix all ...","og_url":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-07-24T20:00:51+00:00","article_modified_time":"2017-07-24T07:11:36+00:00","og_image":[{"width":640,"height":337,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg","type":"image\/jpeg"}],"author":"Fergus Hanson","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Fergus Hanson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/green-light-2326574_640.jpg","width":640,"height":337},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/","url":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/","name":"The intelligence review: the cybersecurity dimensions | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#primaryimage"},"datePublished":"2017-07-24T20:00:51+00:00","dateModified":"2017-07-24T07:11:36+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/intelligence-review-cybersecurity-dimensions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The intelligence review: the cybersecurity dimensions"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f","name":"Fergus Hanson","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","caption":"Fergus Hanson"},"url":"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/33079"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/685"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=33079"}],"version-history":[{"count":7,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/33079\/revisions"}],"predecessor-version":[{"id":33087,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/33079\/revisions\/33087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/33081"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=33079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=33079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=33079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}