Children’s e-Safety Commissioner and former Australian Federal Police tech crime director Alastair MacGibbon (pictured) has been named as the government’s new top public servant on cyber security matters, picking up the title of special adviser.
Prime Minister Malcolm Turnbull announced the new position in his speech launching the Cyber Security Strategy Thursday morning.
He cited recent cyber attacks on the Bureau of Meteorology and the Department of Parliamentary Services as signals that governments cannot continue the “hands-off” approach to the internet. The costs of cyber attacks could be as high as 1% of GDP, he added, and the need to protect Australians and their interests outweighed benefits of non-interference.
Friendly “white hat” attacks on agencies will help identify existing public sector vulnerabilities and build cyber security resilience.
MacGibbon will be responsible for encouraging a “cultural change” in government towards cyber issues, working with agencies and the private sector.
Another top public servant on cyber policy, Lynwen Connick in the Department of the Prime Minister and Cabinet, last week said shared wisdom would be key to the strategy’s success:
“We need close cooperation across government agencies and the private sector to defend systems and raise the standard of cyber security for all those we connect with. In particular a key issue raised has been the need to improve threat sharing between government and the private sector and across sectors. Business wants better access to government information on cyber threats and they have told us they have information they want to share. We have also heard that we need simple guidelines to help all organisations improve their cyber security to compliment the international standards that larger companies implement.”
— PM&C (@dpmc_gov_au) April 21, 2016
ASPI’s Tobias Feakin, who was one of the expert consultants for the strategy, added that successful engagement also means dropping some of the famous secrecy and security red tape governments employ. Accessibility is needed for the sharing to be effective, he said:
“New engagement in this strategy will focus first around moving the location of the Australian Cyber Security Centre from the highly classified ASIO building to a more flexible and accessible environment. That will allow for a broader range of private sector entities to quickly ‘plug and play’ with the centre, creating a more fluid interaction. The second initiative is focused on new Joint Cyber Threat Centres in key capital cities, to allow for real time public–private cyber threat information sharing.
“To ensure those plans are successful, they must quickly be shown to be accessible, productive and effective. Removing red tape surrounding security classifications and access to information is crucial, as is providing threat information that’s timely, relevant and actionable. Rules of engagement will need to be quickly established so that there’s a clear understanding of both expectations and realities of what can be achieved.”
The strategy allocates around $230 million to a range of measures, including establishing Joint Cyber Threat Centres to enable rapid sharing of critical threat information between sectors; additional resources for the Australian Cyber Security Centre to fight cybercrime and deal with other cyber threats; helping business to assess and develop their cyber security resilience; and to develop the cyber security skilled workforce of the future.
Additional resources will also flow to other agencies such as the Australian Signals Directorate and the Australian Federal Police.
A “cyber ambassador” will also be appointed to work with the Department of Foreign Affairs and Trade on international engagement.