Baker & McKenzie Alert

Client Alert April 2016

Download Forward Contact Us Visit Our Website

Government launches new Cyber Security Strategy

On 21 April 2016, the Federal Government launched a new $230 million Cyber Security Strategy (the Strategy),aimed at combatting the increasing number of online threats and assaults. The Strategy replaces the 2009 CyberSecurity Strategy, providing a four year program which draws on greater defence capabilities, private sectorinvolvement, global coordination and public awareness to improve Australia's cyber safety.

The Strategy

The Strategy has 33 initiatives, sorted under five pillars:

1.Building national cyber security partnership;2.Strengthening defences;3.Exercising global leadership;4.Driving growth and innovation; and5.Creating a cyber-smart nation.

1. National cyber security partnerships: private sector cooperation and consultation

The Strategy stresses the importance of the private sector in strengthening Australia's cyber security. $47 millionis to be spent on the development of Joint Cyber Threat Centres in key capital cities, to build online portals forbusinesses to share cyber security information. Several pilot centres will be built first to trial viability andeffectiveness.

The private sector will be asked to consult with the Government and research community to devise nationalvoluntary cyber security guidelines, based on the Australian Signals Directorate's Strategies to Mitigate TargetedCyber Intrusions. Business will also be able to undergo "health checks" to compare their information securitydefences against similar organisations. Although voluntary, ASX 100 listed businesses will be encouraged andfirst have the opportunity to complete these checks, with the plan to open the program up to small public andprivate organisations over time.

The Prime Minister will lead an annual security meeting with business leaders. Further, the Australian CyberSecurity Centre will be relocated from the Canberra ASIO building to a major capital centre to be more accessibleto businesses.

2. Strengthening defences: more funding and personnel

The 2016 Defence White Paper recognised the importance of bolstering Australia's cyber and intelligencecapabilities, committing $400 million over the next decade to the cyber security sector.

The Strategy adds to this, with the Australian Federal Police (AFP) and the Australian Crime Commission

receiving an additional $20.4 million and $16 million respectively for threat detection, technical analysis andforensic assessment. Both bodies will also receive about 50 more cyber security experts between them, withanother 50 new experts to be dispersed across other Government agencies. The capacity of the ComputerEmergency Response Team will also be increased to coordinate with businesses providing key national services.

The policy includes enhancement of Australia's cyber offensive capability. The new offensive capability is to beused strictly in compliance with international responsibilities. It is considered that development of offensivecapability will also help improve defensive capabilities.

Three new roles have been created to ensure continued focus on cyber security. Former AFP tech crime directorAlastair MacGibbon has been appointed as the new Special Advisor on Cyber Security at the Department ofPrime Minister and Cabinet. There will also be a Minister Assisting the Prime Minister for cyber security to leadthe dialogue between business leaders and the Government, and a Cyber Ambassador to work closely with theForeign Minister.

3. Global leadership in tackling online attacks

Recognising the global nature of the threat of cyber attacks, the Government seeks to "champion an open, freeand secure internet." Government organisations and centres of excellence will work with allied nations to devisestrategies for pre-empting the moves of cyber criminals (known as "cyber raiders"). This will include developingways of shutting down overseas "safe havens" where cyber raiders congregate to launch raids.

4. Lifting growth and innovation: building centres and a workforce

The Government plans to establish academic centres of excellence at universities to boost the numbers andquality of cyber security workers in Australia. They are also seeking to promote careers in cyber security at alllevels of education, and diversify the workforce, particularly by boosting female participation.

The centres of excellence will complement the $30 million national cyber security growth centre announced bythe Prime Minister in December 2015, acting as a centre of research and development. The centre is expected tohook up with existing Commonwealth and State initiatives and be operational by mid-2016.

5. Creating a cyber-smart nation: campaigns and guidelines

A public social media campaign will be launched to strengthen the cyber safety of Australians, from householdsto major businesses. Individuals will be alerted to dangers of common online threats, such as opening foreignemails, clicking on untested websites, and failing to guard against malware. Business will be aided by theproposed national guidelines to improve their cyber hygiene, threat detection, monitoring of administrativeprivileges to avoid unauthorised disclosure and testing malware precautions.

Comment

The Prime Minister was careful to position the Strategy as an important foundation for a successful digitaleconomy. Jennifer Westacott, Chief Executive of the Strategy of the Business Council of Australia, in her openingremarks referred to the successful implementation as a potential competitive advantage for Australia. Theannouncement of steps to enhance Australia’s capacity for cyber-offence, better cooperation with internationallaw enforcement to shut down cybercriminals and improved policy co-ordination through an Australian CyberAmbassador are actions that only government can take. Intended action on these issues appears timely andappropriate.

However, the success of the Strategy will depend on the effectiveness of implementation. Areas to watch include:

1. The Special Advisor: Government has set Special Advisor, Alistair MacGibbon, the challenging task of guidingthe coordination and disclosure of government agencies and programs underpinning the Strategy.

2. The Cyber Ambassador and Minister Assisting the Prime Minister: the appointment and official role of theCyber Ambassador and the Minister Assisting the Prime Minister is yet to be detailed.

3. The relocation of the Australian Cyber Security Centre: The new location of the Centre is yet to be announced,and details of how it will engage in greater consultation with businesses are unclear. It is notable that no newlegislation is proposed to underpin the secrecy regime necessary to facilitate sharing of threat informationbetween members of government. It will therefore be interesting to see the framework that is proposed.

4. Improving cyber security literacy: It is not clear whether and how the proposed support for the education sectorwill attract greater numbers and diversity into the cyber security workforce.

5. Increasing cyber awareness: It appears details of how increased cyber security awareness across the

community will be achieved practically are yet to be announced.

For the full report, click here.

To view our chart outlining the existing array of Commonwealth organisations and programs related to cybersecurity, please click here.

Download Alert Follow us

For more information

Patrick Fair

Partner

+61 2 8922 5534

patrick.fair

@bakermckenzie.com

Anne-Marie Allgrove

Partner

+61 2 8922 5274

anne-marie.allgrove

@bakermckenzie.com

Paul Forbes

Partner

+61 2 8922 5346

paul.forbes

@bakermckenzie.com

Adrian Lawrence

Partner

+61 2 8922 5204

adrian.lawrence

@bakermckenzie.com

Disclaimer

This communication has been prepared for the general information of clients and professional associates of Baker & McKenzie. You should not rely on the

contents. It is not legal advice and should not be regarded as a substitute for legal advice. To the fullest extent allowed by law, Baker & McKenzie excludes

all liability (whether arising in contract, negligence or otherwise) in respect of all and each part of this communication, including without limitation, any errors

or omissions.

This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in

professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an

"office" means an office of any such law firm.

This email is sent by Baker & McKenzie (ABN 32 266 778 912), an Australian partnership and member of Baker & McKenzie International, a Swiss Verein.

The contents may contain copyright. Personal information contained in communications with Baker & McKenzie is subject to our Privacy Policy and the

obligations of the Privacy Act. Emails sent to Baker & McKenzie are subject to automated email filtering. Should you receive this email in error, please

telephone us on +61 2 9225 0200 or email our Helpdesk.