Home / intel & cyber / Government to address ‘overclassification’ in cyber sector

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Government to address ‘overclassification’ in cyber sector

A more co-operative relationship between government intelligence agencies and the private sector is being pushed forward by the Australian Cyber Security Centre (ACSC).

In a review of the Australian government's cyber security strategy, the Australian Strategic Policy Institute (ASPI) has said the government is looking to drop its reputation for overclassifying material in a bid to enhance its relationship with industry.


"It has long been argued that overclassification of material, such as threat intelligence, by governments prevents easy information exchange with the outside world, including key partners such as industry," the report said.

"The government has recognised this and is positioning ‘Australian Cyber Security Centre (ACSC) 2.0’ to facilitate a more cooperative and informed relationship with the private sector."

The report, authored by head of the International Cyber Policy Centre Fergus Hanson and ASPI visiting fellow Tom Uren, also recommended the government could get more benefits by lowering classifications of information related to offensive cyber operations; operations that disrupt, deny or degrade the computers or computer networks of adversaries.

"The government should continue to scope the potential benefits from lowering the classification of information associated with offensive cyber operations. In particular, there are benefits in operating at the SECRET level for workforce generation and training and providing a ‘halfway house’ to usefully employ incoming staff as they wait during vetting procedures," the report argues.

"More broadly, excessive classification slows potentially valuable two‑way information exchange with the information security community."

The report also called for a review of the laws governing oversight for the ASD. Currently, the Australian government’s offensive cyber capability sits within ASD and works closely with each of the three services, which embed staff assigned to ASD from the ADF’s Joint Cyber Unit. Current legislation, policy and oversight ensures that ASD and the ADF work together in a lawful, collaborative and co-operative manner to support military operations. When seeking approval for operations from the Minister for Defence, ASD has to seek legal, foreign policy and national security advice from sources external to Defence.

Hanson and Uren argue that while this current arrangement works at present, the policy and legislative framework will need to be updated to allow for the employment of offensive cyber in ADF operations.

"While those oversight arrangements may be sufficient for now, the ADF will inevitably need to incorporate offensive cyber on the battlefield as a way to create local effects, including force protection measures and to deliver effects currently generated by electronic warfare (such as jamming communications technology)," the report said.

"It should not always be necessary to reach back to the national authorities for clear‑cut and time critical battlefield decisions. There appears to be scope to update the existing policy and legislative framework that governs the employment of offensive cyber in deployed operations to support those kinds of activities."

Government to address ‘overclassification’ in cyber sector
lawyersweekly logo

more from defence connect

Jun 14 2019
The Indo-Pacific's maritime choke points: Straits of Malacca
The Indo-Pacific is indisputably a maritime orientated region with maritime choke points serving as...
Jun 14 2019
Identifying and developing national strategic industries
Robust, innovative and globally competitive industry is critical to any national security equation ...
Jun 14 2019
On Point: Reflecting on a near two-decade career in the ADF
The Australian Defence Force has served as a genuine and exciting career path for generations of Aus...
Recommended by Spike Native Network