Australia Last Updated: July 2021

CYBERSECURITY POLICY

Strategy Documents

Digital Economy Strategy: A Leading Digital Economy and Society by 2030

Australian Government

The Strategy is built around three pillars:

Building the foundations to grow the digital economy;

Building capability in emerging technologies;
Setting Digital Growth Priorities to lift our ambition.

Source Source 2
12 May 2021

2021 International Cyber and Critical Technology Engagement Strategy

Australian Government

The Strategy identifies three main pillars to guide Australia's international cyber and critical technology engagement:

Values - Australia will always pursue a values-based approach to cyberspace and critical technology, and oppose efforts to use technologies to
undermine these values;
Security - Australia will always support international peace and stability, and secure, trusted and resilient technology;
Prosperity - Australia will always advocate for cyberspace and technology to foster sustainable economic growth and development to enhance
prosperity.

The pillars are interconnected and mutually reinforcing - 15 chapters sit within the pillars.

Source Source 2
21 April 2021

Australia’s Cyber Security Strategy 2020

Australian Government

Priorities of the Strategy include:

Protecting and actively defending the critical infrastructure that all Australians rely on, including cyber security obligations for owners and
operators.
New ways to investigate and shut down cyber crime, including on the dark web.
Stronger defences for Government networks and data.
Greater collaboration to build Australia’s cyber skills pipeline.
Increased situational awareness and improved sharing of threat information.
Stronger partnerships with industry through the Joint Cyber Security Centre program.
Advice for small and medium enterprises to increase their cyber resilience.
Clear guidance for businesses and consumers about securing Internet of Things devices.
24/7 cyber security advice hotline for SMEs and families.
Improved community awareness of cyber security threats.

Source Source 2
6 August 2020

International Cyber Engagement Strategy

Department of Foreign Affairs and Trade
Three year plan pursuing a comprehensive and coordinated international cyber affairs agenda, addressing areas of digital trade, cybercrime, and
international security and cyberspace
Source
4 October 2017
 Australia Last Updated: July 2021

ACSC 2017 Threat Report

Australian Cyber Security Centre

Notes challenges including cybercrime, ransomware, credentail-harvesting malware, social engineering, and targeting of trusted third parties and
repositories of large amounts of personally identifiable information

Source Source 2
October 2017

Defence White Paper 2016

Department of Defence

Government will strengthen the Defence cyber workforce and systems to deter and defend against the threat of cyber attack
Lists as a key driver of security environment "the emergence of new complex, non-geographic threats, including cyber threats to the security of
information and communications systems"
Notes "Cyber attacks are a direct threat to the ADF’s warfighting ability given its reliance on information networks"

Source
2016

Implementation Frameworks

Strategies to Mitigate Cyber Security Incidents

Australian Signals Directorate

Mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents
Replaces "Strategies to Mitigate Targeted Cyber Intrusions"

Source
February 2017

Australian Government Information Security Manual (ISM)

Australian Signals Directorate
Standard which governs the security of government ICT systems
Source
2016

National Plan to Combat Cybercrime

Attorney-General's Department
Identifies four key principles:

1. Understanding the problem

2. Partnerships and shared responsibility
3. Focusing on prevention
4. Balancing security, freedom and privacy

Source
2013

Overview of Australian implementation of norms of responsible state behaviour in cyberspace

With the intent of deepening common understandings and thereby increasing predictability and stability, this Fact Sheet contains a non-exhaustive list of
the ways in which Australia observes the eleven norms in the 2015 UNGGE report.

Source
 Australia Last Updated: July 2021

2019

STRUCTURE

National Centre or Responsible Agency

Australian Signals Directorate

Australian Government

Works across the full spectrum of operations required of contemporary signals intelligence and security agencies: intelligence, cyber security and offensive
operations in support of the Australian Government and Australian Defence Forces (ADF). As Australia’s cryptologic agency ASD:

Informs through covertly accessing information not publicly available (signals intelligence);
Protects by comprehensively understanding the cyber threat. The agency provides leading advice and proactive assistance to shape the
environment and influence others to ensure governments, business and the community are able to better manage cyber security risk;
Disrupts by delivering high-impact, full-spectrum offensive cyber operations to support a range of Australian Government priorities including
supporting military operations, law enforcement and criminal intelligence activity against cyber criminals, and responding to serious cyber
incidents against Australian networks.

Source

Australian Cyber Security Centre

Australian Signals Directorate

Drives cyber resilience across the whole of the economy, including critical infrastructure and systems of national interest, federal, state and local
governments, small and medium business, academia, the not-for-profit sector and the Australian community
The ACSC began operations in 2014; on 1 July 2018, expanded and formally became part of the Australian Signals Directorate
Brings together resources and includes staff from the Australian Criminal Intelligence Commission, Australian Federal Police, Australian Security
Intelligence Organisation, Australian Signals Directorate and Defence Intelligence Organisation
Works as a hub for private and public sector collaboration and information-sharing, to prevent and combat cyber security threats and to minimise
harm to all Australians
Specifically:
responds to cyber security threats and incidents as Australia’s computer emergency response team (CERT)
collaborates with the private and public sector to share information on threats and increase resilience
works with governments, industry and the community to increase awareness of cyber security
provides information, advice and assistance to all Australians

Source Source 2
November 2014 (replacing the Cyber Security Operations Centre); July 2018 (became part of the Australian Signals Directorate

Key Positions

Special Adviser to the Prime Minister on Cyber Security, Department of the Prime Minister and Cabinet

Source

Ambassador for Cyber Affairs, Department of Foreign Affairs and Trade

Source

Dedicated Agencies and Departments

Cyber Cooperation Program

 Australia Last Updated: July 2021

Department of Foreign Affairs and Trade

Designed to boost the resources behind Australia's cyber capacity building efforts in the Indo-Pacific
Source
May 2016

Cyber Security Operations Board

Board Members: Level of Secretary and Agency Head
Responsible for strategic oversight of the government’s operational cyber security capabilities and coordination of cyber security measures
Source
2014

Joint Cyber Security Centres program (JCSC)

Attorney-General's Department

Central initiative of the Australian Government’s Cyber Security Strategy to bring together business and the research community along with state,
territory and Commonwealth agencies in an open and cooperative environment
Joint Cyber Security Centres (JCSC) were established in Brisbane, Sydney, Melbourne, Perth and Adelaide
Objectives:
Sensitive information, including actionable cyber threat intelligence, is shared quickly between and among partners
Solutions to cyber security risks and issues are developed through collaboration and without commercial bias
A common understanding of the cyber security environment and optimal mitigation options is achieved through sharing and analysis of
incidents, threats and risks
Organizations at all levels have access to practical tools and resources to improve their cyber security
Consistent education and awareness messages are promoted with and among partners

Source Source 2
Starting from February 2017 (first JCSC launched)

Australian Cybercrime Online Reporting Network

Australian Government initiative
National online system that allows the public to securely report instances of cybercrime
Source
November 2014

National Cybercrime Working Group

Standing Council of Attorneys-General

Advises ministers on various matters related to cybercrime

Oversees implementation of the National Plan to Combat Cybercrime

Source
May 2010

Information Warfare Division

Department of Defence

Consists of four branches – Information Warfare Capability, C4 and Battle Management Capability, Capability Support Directorate and the Joint
Cyber Unit

Source
July 2017

Cyber and Electronic Warfare Division

Department of Defence
Undertakes research and development focused on identifying, analysing and countering threats to Australia’s defence and national security through
 Australia Last Updated: July 2021

electronic means.
Source

LEGAL FRAMEWORK

Legislation

Telecommunications and Other Legislation Amendment Act No. 111 of 2017

An Act to amend the law relating to telecommunications, and for related purposes.

Source
18 September 2017 (Assented on)

Privacy Act No. 119

Regulates how personal information is handled;

Includes thirteen Australian Privacy Principles (APPs);
Amended by the Privacy Amendment (Notifiable Data Breaches) Act No. 12 of 2017

Source Source 2
1988 (assented); 22 February 2017 (amended)

Cybercrime Legislation Amendment Act 2012, No. 120

To meet all Budapest Convention requirements

Amends Criminal Code Act 1995, Telecommunications Act 1997, Telecommunications (Interception and Access) Acts 1979, and Cybercrime Act
2001 to expand offences relating to telecommunication services and computer offences

Source
12 September 2012 (Assented to)

In Progress or Proposed

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018

Amends the Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence
agencies in relation to encryption technologies via the issuing of technical assistance requests, technical assistance notices and technical capability
notices.

Source
20 September 2018 (introduced on)

Views on International Law

Annex B: Australia's Position on how International Law applies to State Conduct in Cyberspace

The document states that the United Nations Charter (UN Charter) and associated rules of customary international law apply to activities
conducted in cyberspace;
International humanitarian law (IHL) (including the principles of humanity, necessity, proportionality and distinction) applies to cyber activities
within an armed conflict.
 Australia Last Updated: July 2021

Source

COOPERATION

Multilateral Agreements

Budapest Convention
PARTY
Source
1 March 2013 (entry into force)

UN Processes

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source
2012/2013, 2016/2017, 2019/2021

Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications
in the Context of International Security

Source
2011, 2014, 2016

Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source
2019/2020

Bilateral and Multilateral Cooperation

Pacific Cyber Security Operational Network (PaCSON), member

Ambassador for Cyber Affairs
Creation of network of government-designated cyber security incident response officials from across the Pacific
Source
30 April 2018

Cooperation, Australia-France
Prime Minister
Strengthening of cooperation in cybersecurity.
Source
2 May 2018

Australia-Israel Leaders' Roundtable on Cybersecurity, and Memorandum of Understanding on cyber security cooperation
Minister Assisting the Prime Minister for Cyber Security
Exchange of views on challenges and best practice responses in the field of cyber security in the government and commercial context
 Australia Last Updated: July 2021

Source Source 2
30 October 2017

Continuation of Republic of Korea-Australia Cyber Policy Dialogue

Minister for Foreign Affairs

Agreement to continue dialogue on a regular basis, and on the necessity fo exploring further cooperative measures through the next dialogue

Source
13 October 2017; 10 April 2014 (established)

Australia-India Cyber Policy Dialogue (Second)

Ambassador for Cyber Affairs
Reaffirmed commitment to an open, free, secure, stable, peaceful and accessible cyberspace enabling economic growth and innovation and reiterated
support for the multi-stakeholder approach to internet governance
Source Source 2
13 July 2017

Joint U.K.-Australia Statement on Cyber Co-Operation

Commitment to promoting an international stability framework for cyberspace
Source
11 July 2017

Cybercrime Agreement, Australia-Thailand

Ambassador for Cyber Affairs
Intensification of co-operation on cybercrime; Australia will also provide support in "cybercrime digital forensic development" to the Thai Royal Police,
national security, and foreign affairs officials.
Source
8 June 2017

Memorandum of Understanding, Australia-Singapore

Cyber Security Agency
Sharing of information and best practices, cybersecurity training, joint cybersecurity exercises with a focus on the protection of Critical Information
Infrastructure and a commitment to promote voluntary norms of responsible state behaviour in cyberspace
Source
2 June 2017

Framework for Operational Collaboration (FOC) on Cyber Security, CERT Australia-Tonga National CERT
Tobias Feakin,
Understanding to assist addressing of threats and achieving goals in terms of cyber security
Source
23 May 2017

Australia-Indonesia Cyber Policy Dialogue (First)

Ambassador for Cyber Affairs
Discussed the full range of cyber issues including the respective visions of the internet and cyberspace, exchanging cyber threat perceptions, policies and
strategies, regional and international developments
Source
4 May 2017
 Australia Last Updated: July 2021

Australia-China Cyber Agreement

Head of State

Agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with
the intent of obtaining competitive advantage

Source
24 April 2017

Joint Statement, Australia-Israel

Prime Minister
Agreed, inter alia, to explore opportunities for bilateral cooperation in the field o cyber as well as promote global cybersecurity efforts that enhance an
open, free and secure internet.
Source
22 February 2017

Australia-U.S. Cyber Security Dialogue (First)

Head of State
Engage senior representatives from both countries’ business, academic and government sectors to discuss common cyber threats, promote cyber security
innovation and shape new business opportunities
Source
22 September 2016

Japan-Australia Cyber Policy Dialogue (Second)

Assistant Secretary, Strategic Issues and Intelligence Branch, Australian Department of Foreign Affairs and Trade
Discussed their respective cybersecurity strategies and policies, as well as possible bilateral cooperation in areas such as information sharing, critical
information infrastructure protection, CERT, enhancing capacity on cybersecurity, combating cybercrime and conducting joint exercises
Source
2 August 2016

Australia-China Cyber Policy Dialogue (Second)

First Assistant Secretary, International Security Division, Department of Foreign Affairs and Trade

Ddiscussed the full range of issues on the international cyber agenda including the development of norms of responsible state behaviour

Source
3 February 2016

Australia-New Zealand Cyber Policy Dialogue (Biannual)

Lynwen Connick, First Assistant Secretary Cyber Policy and Intelligence, Department of the Prime Minister and Cabinet
Platform for practical cooperation to advance shared interests, promote the benefits of an open, free and secure internet and look for opportunities for
cyber security innovation and growth in economies.
Source
6 November 2015

Global Forum on Cyber Expertise, Member

A global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building
Source
2015 (established)
 Australia Last Updated: July 2021

Memorandum of Understanding, Australia-Malaysia

CERT Australia
Agreement to assist in mitigating cyber threats, through sharing of information and technology knowledge in ICT security such as reported incident, new
threats, and best practices against cyber crime
Source
March 2014

Cyber Safety Pasifika (CSP) Program

Australian Federal Police
Partnership between Australian Federal Police (AFP) and the Pacific Islands Chiefs of Police, to ensure that the people of the Pacific will be safe and secure
by providing the knoweldge to navigate the digital landscape safety and responsibly, establishing strong legislation and policies, and enhancing Pacific
Police investigation skills
Source Source 2
2011 (established)

Select Activities

Cyber Security Challenge Australia

Department of the Prime Minister and Cabinet
Annual ‘hacking’ competition run by an alliance of Australian Government, business and academic professionals who are committed to finding the next
generation of Australian cyber security talent
Source
2012 (started)

Membership

Commonwealth

International Telecommunications
Union (ITU)

United Nations (UN)