Professional Documents
Culture Documents
Australia: Cybersecurity Policy
Australia: Cybersecurity Policy
CYBERSECURITY POLICY
Strategy Documents
Source Source 2
12 May 2021
The Strategy identifies three main pillars to guide Australia's international cyber and critical technology engagement:
Values - Australia will always pursue a values-based approach to cyberspace and critical technology, and oppose efforts to use technologies to
undermine these values;
Security - Australia will always support international peace and stability, and secure, trusted and resilient technology;
Prosperity - Australia will always advocate for cyberspace and technology to foster sustainable economic growth and development to enhance
prosperity.
The pillars are interconnected and mutually reinforcing - 15 chapters sit within the pillars.
Source Source 2
21 April 2021
Protecting and actively defending the critical infrastructure that all Australians rely on, including cyber security obligations for owners and
operators.
New ways to investigate and shut down cyber crime, including on the dark web.
Stronger defences for Government networks and data.
Greater collaboration to build Australia’s cyber skills pipeline.
Increased situational awareness and improved sharing of threat information.
Stronger partnerships with industry through the Joint Cyber Security Centre program.
Advice for small and medium enterprises to increase their cyber resilience.
Clear guidance for businesses and consumers about securing Internet of Things devices.
24/7 cyber security advice hotline for SMEs and families.
Improved community awareness of cyber security threats.
Source Source 2
6 August 2020
Notes challenges including cybercrime, ransomware, credentail-harvesting malware, social engineering, and targeting of trusted third parties and
repositories of large amounts of personally identifiable information
Source Source 2
October 2017
Government will strengthen the Defence cyber workforce and systems to deter and defend against the threat of cyber attack
Lists as a key driver of security environment "the emergence of new complex, non-geographic threats, including cyber threats to the security of
information and communications systems"
Notes "Cyber attacks are a direct threat to the ADF’s warfighting ability given its reliance on information networks"
Source
2016
Implementation Frameworks
Mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents
Replaces "Strategies to Mitigate Targeted Cyber Intrusions"
Source
February 2017
Source
2013
With the intent of deepening common understandings and thereby increasing predictability and stability, this Fact Sheet contains a non-exhaustive list of
the ways in which Australia observes the eleven norms in the 2015 UNGGE report.
Source
Australia Last Updated: July 2021
2019
STRUCTURE
Works across the full spectrum of operations required of contemporary signals intelligence and security agencies: intelligence, cyber security and offensive
operations in support of the Australian Government and Australian Defence Forces (ADF). As Australia’s cryptologic agency ASD:
Informs through covertly accessing information not publicly available (signals intelligence);
Protects by comprehensively understanding the cyber threat. The agency provides leading advice and proactive assistance to shape the
environment and influence others to ensure governments, business and the community are able to better manage cyber security risk;
Disrupts by delivering high-impact, full-spectrum offensive cyber operations to support a range of Australian Government priorities including
supporting military operations, law enforcement and criminal intelligence activity against cyber criminals, and responding to serious cyber
incidents against Australian networks.
Source
Drives cyber resilience across the whole of the economy, including critical infrastructure and systems of national interest, federal, state and local
governments, small and medium business, academia, the not-for-profit sector and the Australian community
The ACSC began operations in 2014; on 1 July 2018, expanded and formally became part of the Australian Signals Directorate
Brings together resources and includes staff from the Australian Criminal Intelligence Commission, Australian Federal Police, Australian Security
Intelligence Organisation, Australian Signals Directorate and Defence Intelligence Organisation
Works as a hub for private and public sector collaboration and information-sharing, to prevent and combat cyber security threats and to minimise
harm to all Australians
Specifically:
responds to cyber security threats and incidents as Australia’s computer emergency response team (CERT)
collaborates with the private and public sector to share information on threats and increase resilience
works with governments, industry and the community to increase awareness of cyber security
provides information, advice and assistance to all Australians
Source Source 2
November 2014 (replacing the Cyber Security Operations Centre); July 2018 (became part of the Australian Signals Directorate
Key Positions
Special Adviser to the Prime Minister on Cyber Security, Department of the Prime Minister and Cabinet
Source
Source
Central initiative of the Australian Government’s Cyber Security Strategy to bring together business and the research community along with state,
territory and Commonwealth agencies in an open and cooperative environment
Joint Cyber Security Centres (JCSC) were established in Brisbane, Sydney, Melbourne, Perth and Adelaide
Objectives:
Sensitive information, including actionable cyber threat intelligence, is shared quickly between and among partners
Solutions to cyber security risks and issues are developed through collaboration and without commercial bias
A common understanding of the cyber security environment and optimal mitigation options is achieved through sharing and analysis of
incidents, threats and risks
Organizations at all levels have access to practical tools and resources to improve their cyber security
Consistent education and awareness messages are promoted with and among partners
Source Source 2
Starting from February 2017 (first JCSC launched)
Source
May 2010
Consists of four branches – Information Warfare Capability, C4 and Battle Management Capability, Capability Support Directorate and the Joint
Cyber Unit
Source
July 2017
electronic means.
Source
LEGAL FRAMEWORK
Legislation
An Act to amend the law relating to telecommunications, and for related purposes.
Source
18 September 2017 (Assented on)
Source Source 2
1988 (assented); 22 February 2017 (amended)
Source
12 September 2012 (Assented to)
In Progress or Proposed
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018
Amends the Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence
agencies in relation to encryption technologies via the issuing of technical assistance requests, technical assistance notices and technical capability
notices.
Source
20 September 2018 (introduced on)
Annex B: Australia's Position on how International Law applies to State Conduct in Cyberspace
The document states that the United Nations Charter (UN Charter) and associated rules of customary international law apply to activities
conducted in cyberspace;
International humanitarian law (IHL) (including the principles of humanity, necessity, proportionality and distinction) applies to cyber activities
within an armed conflict.
Australia Last Updated: July 2021
Source
COOPERATION
Multilateral Agreements
Budapest Convention
PARTY
Source
1 March 2013 (entry into force)
UN Processes
Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security
Source
2012/2013, 2016/2017, 2019/2021
Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications
in the Context of International Security
Source
2011, 2014, 2016
Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security
Source
2019/2020
Cooperation, Australia-France
Prime Minister
Strengthening of cooperation in cybersecurity.
Source
2 May 2018
Australia-Israel Leaders' Roundtable on Cybersecurity, and Memorandum of Understanding on cyber security cooperation
Minister Assisting the Prime Minister for Cyber Security
Exchange of views on challenges and best practice responses in the field of cyber security in the government and commercial context
Australia Last Updated: July 2021
Source Source 2
30 October 2017
Agreement to continue dialogue on a regular basis, and on the necessity fo exploring further cooperative measures through the next dialogue
Source
13 October 2017; 10 April 2014 (established)
Framework for Operational Collaboration (FOC) on Cyber Security, CERT Australia-Tonga National CERT
Tobias Feakin,
Understanding to assist addressing of threats and achieving goals in terms of cyber security
Source
23 May 2017
Agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with
the intent of obtaining competitive advantage
Source
24 April 2017
Ddiscussed the full range of issues on the international cyber agenda including the development of norms of responsible state behaviour
Source
3 February 2016
Select Activities
Membership
Commonwealth
International Telecommunications
Union (ITU)