Powered by MOMENTUM MEDIA

Government to address ‘overclassification’ in cyber sector

A more co-operative relationship between government intelligence agencies and the private sector is being pushed forward by the Australian Cyber Security Centre (ACSC).

In a review of the Australian government's cyber security strategy, the Australian Strategic Policy Institute (ASPI) has said the government is looking to drop its reputation for overclassifying material in a bid to enhance its relationship with industry.

"It has long been argued that overclassification of material, such as threat intelligence, by governments prevents easy information exchange with the outside world, including key partners such as industry," the report said.

"The government has recognised this and is positioning ‘Australian Cyber Security Centre (ACSC) 2.0’ to facilitate a more cooperative and informed relationship with the private sector."

The report, authored by head of the International Cyber Policy Centre Fergus Hanson and ASPI visiting fellow Tom Uren, also recommended the government could get more benefits by lowering classifications of information related to offensive cyber operations; operations that disrupt, deny or degrade the computers or computer networks of adversaries.

"The government should continue to scope the potential benefits from lowering the classification of information associated with offensive cyber operations. In particular, there are benefits in operating at the SECRET level for workforce generation and training and providing a ‘halfway house’ to usefully employ incoming staff as they wait during vetting procedures," the report argues.

"More broadly, excessive classification slows potentially valuable two‑way information exchange with the information security community."

The report also called for a review of the laws governing oversight for the ASD. Currently, the Australian government’s offensive cyber capability sits within ASD and works closely with each of the three services, which embed staff assigned to ASD from the ADF’s Joint Cyber Unit. Current legislation, policy and oversight ensures that ASD and the ADF work together in a lawful, collaborative and co-operative manner to support military operations. When seeking approval for operations from the Minister for Defence, ASD has to seek legal, foreign policy and national security advice from sources external to Defence.

Hanson and Uren argue that while this current arrangement works at present, the policy and legislative framework will need to be updated to allow for the employment of offensive cyber in ADF operations.

"While those oversight arrangements may be sufficient for now, the ADF will inevitably need to incorporate offensive cyber on the battlefield as a way to create local effects, including force protection measures and to deliver effects currently generated by electronic warfare (such as jamming communications technology)," the report said.

"It should not always be necessary to reach back to the national authorities for clear‑cut and time critical battlefield decisions. There appears to be scope to update the existing policy and legislative framework that governs the employment of offensive cyber in deployed operations to support those kinds of activities."

 

 

Government to address ‘overclassification’ in cyber sector
lawyersweekly logo
FROM THE WEB
Recommended by Spike Native Network

more from defence connect

Dec 10 2018
JFD Australia and Navy wrap up submarine rescue tests
JFD Australia and the Royal Australian Navy have finalised the annual Black Carillon exercise, whic...
Dec 10 2018
F-35 countdown: JSF Joint Program Office kicks of mission capability test
The F-35 program has reached another milestone with the start of formal initial operational test an...
Dec 10 2018
Task Group Taji 7 completes training mission in Iraq
The seventh rotation of Task Group Taji, around 300 soldiers, has returned to Brisbane after a succe...