Powered by MOMENTUM MEDIA

Government to address ‘overclassification’ in cyber sector

A more co-operative relationship between government intelligence agencies and the private sector is being pushed forward by the Australian Cyber Security Centre (ACSC).

In a review of the Australian government's cyber security strategy, the Australian Strategic Policy Institute (ASPI) has said the government is looking to drop its reputation for overclassifying material in a bid to enhance its relationship with industry.

Advertisement
Advertisement

"It has long been argued that overclassification of material, such as threat intelligence, by governments prevents easy information exchange with the outside world, including key partners such as industry," the report said.

"The government has recognised this and is positioning ‘Australian Cyber Security Centre (ACSC) 2.0’ to facilitate a more cooperative and informed relationship with the private sector."

 

The report, authored by head of the International Cyber Policy Centre Fergus Hanson and ASPI visiting fellow Tom Uren, also recommended the government could get more benefits by lowering classifications of information related to offensive cyber operations; operations that disrupt, deny or degrade the computers or computer networks of adversaries.

"The government should continue to scope the potential benefits from lowering the classification of information associated with offensive cyber operations. In particular, there are benefits in operating at the SECRET level for workforce generation and training and providing a ‘halfway house’ to usefully employ incoming staff as they wait during vetting procedures," the report argues.

"More broadly, excessive classification slows potentially valuable two‑way information exchange with the information security community."

The report also called for a review of the laws governing oversight for the ASD. Currently, the Australian government’s offensive cyber capability sits within ASD and works closely with each of the three services, which embed staff assigned to ASD from the ADF’s Joint Cyber Unit. Current legislation, policy and oversight ensures that ASD and the ADF work together in a lawful, collaborative and co-operative manner to support military operations. When seeking approval for operations from the Minister for Defence, ASD has to seek legal, foreign policy and national security advice from sources external to Defence.

Hanson and Uren argue that while this current arrangement works at present, the policy and legislative framework will need to be updated to allow for the employment of offensive cyber in ADF operations.

"While those oversight arrangements may be sufficient for now, the ADF will inevitably need to incorporate offensive cyber on the battlefield as a way to create local effects, including force protection measures and to deliver effects currently generated by electronic warfare (such as jamming communications technology)," the report said.

"It should not always be necessary to reach back to the national authorities for clear‑cut and time critical battlefield decisions. There appears to be scope to update the existing policy and legislative framework that governs the employment of offensive cyber in deployed operations to support those kinds of activities."

 

 

Government to address ‘overclassification’ in cyber sector
lawyersweekly logo

more from defence connect

Feb 15 2019
Defence selects SEA 5000 Australian Aegis systems integration agent
Defence Minister Christopher Pyne has announced a limited request for tender to establish a deed of ...
Alex Zelinsky
Feb 14 2019
PODCAST: The process, rigour and role of a chief defence scientist, Professor Alex Zelinsky AO, University of Newcastle
In this episode of the Defence Connect Podcast, the now vice-chancellor and president of the Univers...
Feb 15 2019
Quickstep to appoint non-executive director
Leanne Heywood will be appointed non-executive director of Sydney-based company Quickstep, and is e...
FROM THE WEB
Recommended by Spike Native Network