• Enjoy the freedom to innovate and grow your business


    [ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.

  • IT Admin: No Time to Save Time?


    [ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!

  • Free Forrester analysis of CRM solutions


    [ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.

  • Great articles on other sites
  • RSS Great articles on other sites


  • Reader giveaway: Google Nexus 5


    We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.

  • News, Security - Written by on Wednesday, January 23, 2013 14:35 - 27 Comments

    Gillard spends big on cyber-security; including new centre

    news Prime Minister Julia Gillard this morning announced that the Federal Government would spend $1.46 billion through to 2020 on strengthening what she described as its “cyber security” capabilities, including establishing a dedicated Australian Cyber Security Centre.

    The terms “cyber” and “cyber security” are not widely used throughout the technology sector, with most in the industry preferring to refer to the security field as information security or IT security. “Cyber” is a term which was more widely used to refer to the Internet and other digital spaces throughout the 1980’s and 1990’s, after it was coined by science fiction author William Gibson. However, in a speech outlining the Federal Government’s new National Security Strategy this morning, Gillard used the term frequently to refer to the Government’s planned operations in the area.

    “As we roll out the National Broadband Network, we are deploying a more sophisticated focus on cyber security,” the Prime Minister said. “Australia is an attractive target for a range of malicious cyber actors, from politically-motivated hackers and criminal networks to nation-states.”

    “This not only has the potential to affect governments but businesses and the community alike. For the public sector, we must ensure that our most important networks are some of the hardest to compromise in the world. But government alone cannot develop a secure and safe digital environment. We must continue to work closely with industry and international partners to develop a set of global ‘norms’ for online behaviour. The Internet must remain open but also be secure.”

    Gillard said the Goevrnment had committed substantial funding and additional effort to strengthen Australia’s “cyber” capabilities, including $1.46 billion out to 2020 to strengthen our most sensitive networks, and establishing the office of the “Cyber Policy Coordinator” within the Prime Minister’s own department.

    “In the same spirit, tomorrow I will formally announce the development, by the end of this year, of a new Australian Cyber Security Centre,” said Gillard. “This will be a world-class facility combining existing cyber security capabilities across the Attorney-General’s Department, Defence, ASIO, the Australian Federal Police and the Australian Crime Commission in a single location.”

    “It will provide Australia with an expanded and more agile response capability to deal with all cyber issues — be they related to government or industry, crime or security. Importantly it will also create a hub for greater collaboration with the private sector, State and Territory governments and international partners to combat the full breadth of cyber threats. Malicious cyber activity will likely be with us for many decades to come, so we must be prepared for a long, persistent fight.”

    It’s not immediately clear precisely how the new Cyber Security Centre will relate to the Government’s existing operations in the area. Various departments, ranging from the Attorney-General’s Department, which houses the government’s national computer emergency response team (CERT Australia), to the Defence Signals Directorate, which established its own Cyber Security Operations Centre, and even the Australian Security Intelligence Organisation, already operate IT security organisations, and it is believed that they were already cooperating to some degree together.

    In addition, there has been little evidence presented by the Federal Government of widespread IT security attacks on either the government or the private sector that would justify the creation of a new organization to tackle such attacks.

    Greens response
    In a statement responding to Gillard’s speech this morning, Greens communications spokesperson Senator Scott Ludlam warned the Federal Government to avoid jeopardising civil liberties and human rights in the pursuit of security.

    “It’s a positive that the Prime Minister recognises that a secure international environment is built on trust, and reaffirmed the nation’s commitment to multilateralism, but some of her statements and much of the Government’s ‘security’ agenda causes concern,” said Ludlam.

    “The notion that online security threats are ‘the new terrorism’ is already generating an expensive overkill in cyber security measures. The Government has touted a series of troubling measures including the proposed retention of the electronic communications data of all Australians for a period of two years. What’s next?”

    “We are concerned by the implications of greater collaboration between Government and the private sector on online matters. While the idea sounds innocuous, what will be the implications for privacy, copyright, and freedom of communication?

    Ludlam said Gillard had glossed over Australia’s legislative response to the 9/11 attacks as though they were a resounding success.

    “The Howard-Ruddock ‘anti-terror’ laws were extreme, damaged civil liberties and undermined our justice system. The tripling of security budgets the Prime Minister cited has entailed the expanded apparatus seeking new ways to justify its huge and growing money pot,” the Greens Senator added. “We will continue to subject the Government’s cyber security plans to intense scrutiny, to ensure the human rights and civil liberties of Australians are not sacrificed in the fervent pursuit of a largely questionable agenda.”

    opinion/analysis
    I am inclined to agree with Ludlam on this one. We’ve seen very little evidence that the Federal Government or the private sector has been under “cyber-attack” over the past while, and all of the major policing and defence organisations already have dedicated IT security organisations to tackle these kinds of issues. Why throw more than a billion dollars at this area? What, precisely, is this money going to be spent on? I have half a mind to file a Freedom of Information request for the budget of the proposed new Cyber Security Center, to find out what it’s actually going to be spending its money on.

    Image credits: Primus

    submit to reddit

    27 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Kevin Davies
      Posted 23/01/2013 at 2:45 pm | Permalink |

      Australians are increasingly oblivious to the escalating dangers in the cyber sphere. The quantity and sophistication of attacks we are seeing now are orders of magnitude greater than even two years ago. Identity theft and fraud are increasingly common. The sophisticated methods being used are challenging to most IT departments in this country as they do not have the resources or even the knowledge to deal with them. It is in the interest of the government to do so as these threats can ruin companies and cause a loss of consumer confidence in the market. All of which are serious ramifications for the economy of this country.

      • Joe
        Posted 23/01/2013 at 3:03 pm | Permalink |

        And of course you can provide proof for this!!! 1.46B proof?

        • Geoff
          Posted 23/01/2013 at 3:29 pm | Permalink |

          +1

          Too many “experts” are talking about escalating attacks and danger. But are not prepared to get into specifics. I want to know:

          Is it possible to steal military planning via the internet? Should there be better point to point encryption?
          Is it possible to control power plans via the internet? Do we even need controls to be on the internet vs a limited and separate network?
          Can businesses interested in protecting the information they store benefit from the government throwing millions on cyber security? Will there be services created that the public can use? Can they be privatised?

          Fundamentally what is the danger? What will be the benefit to government services? What benefit will there be to the private sector that has a track record of important details being stolen? A growing number of scripts trying to probe every site out there for a 5 year old phpbb security hole does not impress me as a national security risk

          • Kevin Davies
            Posted 23/01/2013 at 4:00 pm | Permalink |

            Fair enough. Here is a primer… http://goo.gl/1hMwV and here is a global report with contributions from the Australian Federal Police http://goo.gl/vhRQA

            Now this does not really cover highly targeted attacks which are generally not disclosed. In this country we are relatively lucky in that we do not have many high value targets so up until recently we havent had to face some of the larger groups. Anonymous and some others have recently shown interest in Australia and the ease at which they can target systems in this country shows we have a great deal of work to do. The Defence academy attack for example. And more recently Universities being compromised. You hear about these because they reach the press, corporations on the other hand do not want public exposure so you will not hear about them.

            Essentially, only a select few had the real skills and creativity to develop there own attack vectors into a organisation but that is changing as the hacker sphere becomes better educated and organised. It is this we have to defend against or you will one day be wondering why a debt collector is knocking on your door for a $12,000 on a credit card you never owned opened in your name.

    2. Haderak
      Posted 23/01/2013 at 3:39 pm | Permalink |

      “I have half a mind to file a Freedom of Information request for the budget of the proposed new Cyber Security Center, to find out what it’s actually going to be spending its money on. ”

      That’s a damn fine idea, Renai!

      Until then though, we should have a round of wild speculation as to what our money will be buying.

      One and a half billion could buy a lot of nerds a lot of coffee.

    3. PeterA
      Posted 23/01/2013 at 3:55 pm | Permalink |

      1.5 billion could just about cover the costs of the weekly government meeting of the oversight committee for the CyberSecurity program for the next 7 years. (Through to 2020).

      Maybe.

    4. Lawrence Lee
      Posted 23/01/2013 at 5:49 pm | Permalink |

      Renai, you must have been in quite a rush to get this article written as you’ve clearly misunderstood what has actually been announced here.

      Having just watched the statement and skimming through the strategy, according to the PM, “the Government has already committed substantial funding and additional effort to strengthen our cyber capabilities, including $1.46 billion out to 2020 to strengthen our most sensitive networks”. Nowhere is it implied that this funding is related to the establishment of the new Cyber Security Centre as your article suggests, but represents the government’s overall and pre-existing contribution to cyber.

      According to your article, the facility will combine existing cyber security capabilities across the Attorney-General’s Department, Defence, ASIO, the Australian Federal Police and the Australian Crime Commission in a single location. So it seems this isn’t a matter of duplication, but consolidation to bring existing capabilities together in an effort to make them work more collaboratively. This doesn’t seem to be new money, but a realignment of existing money.

      You state that it’s not clear how the centre will relate to existing cyber capabilities like CERT Australia and DSD’s Cyber Security Operations Centre, but it seems fairly clear from the comment above that the centre will actually combine these existing capabilities. I’m not sure how this can be seen as anything but a good idea! Or do you prefer your bureaucracies to be disparate and divided?

      As for there being little evidence of cyber related threats, I am amazed that someone in an IT-related industry could be so naive. Perhaps, as a journalist, you should do some research – IT Security research organizations, Anti-Virus companies, the Federal Police, CERT Australia and DSD have all release figures on the scale and cost of cyber related activity. Even the Strategy itself refers to a figure of “438 cyber incidents in 2011–12 requiring a significant response by the Australian Government Cyber Security Operations Centre.” Sounds considerable to me!

      I suggest you also start by learning the difference between a cyber attack (ie: disruption of critical infrastructure and planes falling from the sky – which is highly unlikely) and malicious cyber activity, which is the language I saw used in the Strategy (ie: commercial and state-based espionage, identity fraud, cyber crime, DDoS, etc – which is prolific and estimated to already be costing the Australian economy billions).

      This article is an inaccurate and confused mess – doesn’t Delimiter proof articles before they are published?

      • Posted 23/01/2013 at 6:09 pm | Permalink |

        Very good comment. I’ll respond to this in full later; tied up right now.

      • Posted 24/01/2013 at 10:01 am | Permalink |

        “Having just watched the statement and skimming through the strategy, according to the PM, “the Government has already committed substantial funding and additional effort to strengthen our cyber capabilities, including $1.46 billion out to 2020 to strengthen our most sensitive networks”. Nowhere is it implied that this funding is related to the establishment of the new Cyber Security Centre as your article suggests, but represents the government’s overall and pre-existing contribution to cyber.”

        True; I’ve changed the headline to reflect this. Thanks for picking this up.

        “According to your article, the facility will combine existing cyber security capabilities across the Attorney-General’s Department, Defence, ASIO, the Australian Federal Police and the Australian Crime Commission in a single location. So it seems this isn’t a matter of duplication, but consolidation to bring existing capabilities together in an effort to make them work more collaboratively. This doesn’t seem to be new money, but a realignment of existing money.

        You state that it’s not clear how the centre will relate to existing cyber capabilities like CERT Australia and DSD’s Cyber Security Operations Centre, but it seems fairly clear from the comment above that the centre will actually combine these existing capabilities. I’m not sure how this can be seen as anything but a good idea! Or do you prefer your bureaucracies to be disparate and divided?”

        To be honest, I do not completely believe Gillard when she says that the cyber-security resources of the other departments will be consolidated into one new facility. It is apparent that most of the departments concerned – DSD, ASIO, AFP, etc – will need to maintain some of their existing resources to deal with issues in their own portfolios. To suggest that ASIO, the AFP and Defence would simply abolish their cybersecurity efforts and hand over all their resources in this area to a centralised group is, in my opinion, misleading.

        These external and internal authorities operate very differently. I would really not expect one facility to be able to serve all of the needs of the different agencies. Coordinate some joint efforts, yes, but each agency will still maintain their own operations to some extent. It is not clear why there is a need to establish a central cyber-security center here, or precisely which kind of pan-agency operations it will undertake. I am sure Gillard believes what she is saying, but I do not believe she understands this area well. There is just no way, to give one example, that Defence would suffer AFP intervention in protection of its operational networks — that’s a jurisdictional issue. Or, conversely, that the AFP would allow someone from Defence to tell it how to run its cybercrime unit.

        As for there being little evidence of cyber related threats, I am amazed that someone in an IT-related industry could be so naive. Perhaps, as a journalist, you should do some research – IT Security research organizations, Anti-Virus companies, the Federal Police, CERT Australia and DSD have all release figures on the scale and cost of cyber related activity. Even the Strategy itself refers to a figure of “438 cyber incidents in 2011–12 requiring a significant response by the Australian Government Cyber Security Operations Centre.” Sounds considerable to me!

        I suggest you also start by learning the difference between a cyber attack (ie: disruption of critical infrastructure and planes falling from the sky – which is highly unlikely) and malicious cyber activity, which is the language I saw used in the Strategy (ie: commercial and state-based espionage, identity fraud, cyber crime, DDoS, etc – which is prolific and estimated to already be costing the Australian economy billions).

        OK, firstly, we haven’t seen any evidence of what you call ‘cyber attacks’ in Australia, that being disruption of critical infrastructure. There are already government security efforts, and have been for years, to coordinate public and private sector responses to this kind of thing – such as Cyber Storm, coordinated by AGD:

        http://delimiter.com.au/2010/09/29/attorney-general-rings-in-cyber-storm-iii/

        When it comes to the second area you mentioned, cyber-activity, we do see this, but overwhelmingly so far the examples we have see so far publicly disclosed have been more in the nature of fairly harmless, script-kiddy type behaviour rather than serious efforts at spying or disrupting things (for example, Anonymous DDoS’ing the Government).

        Sure, some of the parliamentary computers got hacked, but this should be a matter for the parliament’s own IT department, which admittedly has an awful record when it comes to administering its own technology.

        http://delimiter.com.au/2011/03/29/spies-may-have-hacked-gillards-pc-says-telegraph/
        http://delimiter.com.au/2012/10/22/parliaments-it-systems-a-complete-shambles/

        We’ve also seen other examples, such as the mining giants claiming they had been hacked, people breaking into ISPs and so on, but in each example, what we usually see is that the activity wasn’t malicious or significantly disruptive. One of the worst examples I’ve seen was the ADFA hack, but that was a serious rarity in a field composed of quite minor incidents. And again, in each and every situation, there were existing IT security staff who hadn’t quite secured their systems properly. The techniques already exist to do this, and every major corporation and govt department knows this is an issue – establishing a national cyber-security centre isn’t going to stop these little things happening.

        In conclusion: I’m sorry, but personally, I still don’t see the need for the government to set up a massive cyber-security operations center. What I would prefer to happen would be for the Government to appoint more and highly qualified IT security staff in each department, to make sure each of its departments is secure, and to report any more serious incidents to existing pan-government security groups such as CERT Australia, DSD and so on. If it involves spying, bring in ASIO.

        IT security is a bottom up issue – you need to ensure good IT security in all of the government’s constituent arms. It’s not something that can be solved through a huge top-down approach.
        I hope this helps you understand my thinking on this :)

        One more thing I want to say.

        I personally have investigated many of the supposed major hacks on governments or private sector organisations around Australia over the past five years. Overwhelmingly, what I have found, is that at the heart of the matter there has always been very little information about what actually happened, but rather a lot of fear.

        Look at the mining giant hacks, for example, which supposedly came out of China.

        Despite many investigative reports into these hacks, it was never disclosed what systems were hacked, how they were hacked, what data was stolen, what was the IT failure which led to the hacks, how the companies were going to protect their IT systems in future, or anything. In fact, almost all of the supposed targets refused to admit the hacks happened at all.

        I am aware that many people don’t like talking about security, but there is a principle at work here: The fact that someone says something is an issue is not necessarily true, unless they present evidence to show that it is true. Delimiter is an evidence-based site, as many readers know, and I personally have seen almost no evidence that Australia is being targeted with serious cyber-security attacks, espionage or what have you. When I see that evidence, I will change my mind on the topic, and of course, regardless, I will always be an advocate for better IT security, as I have written many times.

        But in the absence of that evidence, I will continue my default position of being a skeptic on these issues. That, I think, is the reasonable position.

        • ferretzor
          Posted 24/01/2013 at 1:19 pm | Permalink |

          “But in the absence of that evidence, I will continue my default position of being a skeptic on these issues. That, I think, is the reasonable position”

          As a counterpoint, consider that it is rarely in the best interests of the investigating bodies to acknowledge even the existence of specific attacks, especially when they are continuing. It’s very difficult to form a “reasonable position” in this case.

          “Despite many investigative reports into these hacks, it was never disclosed what systems were hacked, how they were hacked, what data was stolen, what was the IT failure which led to the hacks, how the companies were going to protect their IT systems in future, or anything. In fact, almost all of the supposed targets refused to admit the hacks happened at all.”

          And all with good cause, unfortunately. This is going to be a major stumbling block into the future. I can’t see why the groups involved in investigating this would ever tell you anything, because quite simply you don’t need to know. On the other hand those groups expect to have their statements accepted with blind faith, which history shows us is an utterly stupid thing to do – everyone has their own agenda. About all you can do reasonably is look at the “top 10 security” type lists that are put out and assume they have some basis. All this stuff is incredibly murky, having a “reasonable position” is all but unreasonable.

        • SMEMatt
          Posted 24/01/2013 at 2:46 pm | Permalink |

          Where I see the failure in cyber security is actually in law enforcement efforts, or more actually the ability of law enforcement to actually find and prosecute offenders. There is a significant amount of crime in this area but very little actually can get done about it. Local gang thugs break into your business steal information and extort money from you, go to the police they investigate and might be able to make an arrest. International gang breaks into your IT assets and steal information and holds it for ransom, the local police don’t have the skills to investigate and there is very little chance of them finding someone they are even able to prosecute.

          There is also a expectation in tech circles that the victim in case B should have prevented the crime and are just as guilty as the perpetrator. While this is true to an extent not very much is being done educate potential victims and IT security has been seen as an expensive proposition that even the big companies can’t get right.

          Local police are generally are not resourced to deal with it and in most cases aren’t even in a position to chase perpetrators across borders and at the Federal police level unless it’s kiddy porn or a massive credit card breaches they don’t appear to be interested(might not be the case but this is the public impression). To top it off you also have “cyber” equivalent of pointing out to someone you left your door open resulting in civil and criminal prosecution of citizens just trying to do the right thing.

    5. Morpheus
      Posted 23/01/2013 at 7:42 pm | Permalink |

      Sorry, you aren’t cleared for that information…..

    6. myne
      Posted 23/01/2013 at 10:18 pm | Permalink |

      I’m stunned that no one has mentioned the content filter.

      Not wanting to be too sensationalist, but this is a classic play.

      First you set up a “cyber security” centre.
      Then you discover a severe threat requiring action.
      Then you push everyone behind the firewall.

      Initially, at $100m/year I’d be guessing it’s aiming for a staff of around 700 (~100k*700=700m+other overheads) – which frankly, is a pretty decent sized organisation. It’ll be interesting to hear via the grapevine what the inside story is.

    7. Michael
      Posted 23/01/2013 at 11:12 pm | Permalink |

      I was initially shocked at the amount of spending with very little description on how the funds were being spent.

      But then I re-read the statement and saw that the price tag was including funds out to 2020.

      As a general question, why are some announcements included with funds for the next 5-10 years but in other situations the government refuses to look beyond the mandated 4 year budgetary window?
      Why isn’t this expenditure annualised so that it is more relevant to us today? Depending on how the funds are allocated between years it can (and will change) with 2-3 elections between now and the end date of the spending.

    8. Diachronic
      Posted 24/01/2013 at 1:08 am | Permalink |

      Sorry Renai, I think Lawrence Lee might have made a number of very good points.

    9. Mr.B
      Posted 24/01/2013 at 3:42 am | Permalink |

      I have to agree with Lawrence Lee on this one Renai. It seems you have overlooked some of the basics on this one.

      “We’ve seen very little evidence that the Federal Government or the private sector has been under “cyber-attack” over the past while”
      Not exactly sure how you can say this Renai – let me draw your attention to some of Delimiter’s own articles “over the past while”:
      http://delimiter.com.au/2012/12/12/adfa-hack-a-national-security-failure-expert/
      http://delimiter.com.au/2013/01/22/two-sydney-universities-get-hacked/
      http://delimiter.com.au/2012/10/22/trainhack-students-crack-ticketing-system/
      http://delimiter.com.au/2012/08/03/why-is-anonymous-hacking-australia/
      http://delimiter.com.au/2012/07/30/anonymous-posts-hacked-aapt-data/
      http://delimiter.com.au/2012/07/03/govts-new-e-health-platform-already-hacked/

      And some more listed over at hack labs:
      http://www.hacklabs.com/ausecdb-entries/category/australia

      I understand there must be a need for balance between ALp/LNP articles, but when balance comes at the cost of fact and good reporting, you do your readers an injustice.

      Mr.B

      • Posted 24/01/2013 at 10:03 am | Permalink |

        I very much doubt that spending billions on a special “cyber security center” would help prevent any of the hacks you link to. Better to spend a much smaller amount and just beef up the existing security teams (of which there are plenty).

        “The Howard-Ruddock ‘anti-terror’ laws were extreme, damaged civil liberties and undermined our justice system. The tripling of security budgets the Prime Minister cited has entailed the expanded apparatus seeking new ways to justify its huge and growing money pot.”

        Ludlam gets it right. If only he would also notice the way Green policy damages our liberties… but can’t win them all.

    10. JayZ
      Posted 24/01/2013 at 6:33 am | Permalink |

      Renai,
      Have a read of this article recently published on Ars technica before making judgement of Australia being too cautious with cyber security. I think you might have jumped the gun a bit with this article.

      It is VERY scary to think this went un-detected for FIVE YEARS.

      http://arstechnica.com/security/2013/01/red-october-computer-espionage-network-may-have-stolen-terabytes-of-data/

      • Posted 24/01/2013 at 10:04 am | Permalink |

        This sort of thing can be addressed by strengthening the security resources in individual IT departments and corporations in a bottom-up approach — a top-down approach is never going to be able to address it.

        • Paul Thompson
          Posted 24/01/2013 at 10:40 am | Permalink |

          A top down approach can, if done correctly, direct what the bottom is doing.

        • ferretzor
          Posted 24/01/2013 at 1:37 pm | Permalink |

          I doubt any corporation has the budget to address this reliably, its not feasible. Computers within embassies will have been secured by the military of the relevant countries, if they with all their expertise can’t prevent this sort of thing what hope has a BHP or Coca Cola?

          How sure are you that your smartphone has not been compromised? How can you even check, given that your can’t use any process listing on the phone itself to see? This is where some of the statements from chinese network equipment manufacturers fall down. Yes we can see the code for the OS. Can we also see the content of every chip, every ASIC? The hardware itself can contain surprises. Its a real problem.

          A secondary thing with a red-october type scenario is that it may well have been known about. Just because Kapersky published the info doesn’t mean they were the first to find it.

    11. Gareth
      Posted 24/01/2013 at 9:34 am | Permalink |

      Now commences the state government ‘we are the cyber state’ feeding frenzy. With all the states having such a strong IT track record it will be a tough choice.

    12. Posted 24/01/2013 at 2:20 pm | Permalink |

      Here’s Gillard’s speech at DSD this morning on the opening of the new facility:

      I can see this is going to take a bit of neck-craning from me to be able to include everybody as I speak, but I’m very pleased to be here today and I’m here with the Minister for Defence, Stephen Smith, and of course with the Secretary of Defence too, Dennis is with us as well.

      I’ve never been here before as you know so it’s a great opportunity to come and say hello and a great opportunity to say thank you too.

      I’ve chosen today to come here to the Defence Signals Directorate, to you, because yesterday we launched our National Security Strategy.

      There’s no more important role for government, for any of us, than keeping our nation safe.

      And that means we always have to have the strategic analysis which is up with the times. We’ve always got to make sure that we are doing the deep thinking necessary to guide our national security efforts.

      And we’ve done that work and put it into the National Security Strategy, which we want people across the Australian Public Service, but across the Australian community too, to understand and absorb.

      As we’ve looked at the challenges ahead, the challenges in the next decade, the decade beyond 9/11, we have identified cyber security as a principal challenge.

      Which is why it’s been a great opportunity for me to meet with and better understand some of the work that you do down in the pit, to use the terminology, the Cyber Security Operations Centre, and thank you to the staff down there for their time this morning in explaining their world to me as best they could with television cameras rolling.

      The importance of cyber security isn’t just reinforced by a visit to the pit.

      We’ve also reinforced it from yesterday’s National Security Strategy where we have said it will be a key focus of the work ahead and that we will by the end of this year launch a new Australian cyber security centre which will bring together people across all arms and agencies of government who work on cyber security.

      An important initiative because cyber security encompasses so much, so much in terms of threats, the threats that we see from state and non-state actors, and so much in terms of the security of our community.

      Not only government networks but business networks; critical networks across our community.

      I was joking with Stephen Smith as I walked round. I’m someone who sits with a Prime Minister & Cabinet computer on my desk and when you haven’t used it for a while it flicks to the rotating screen saver, one of which is a message on cyber security which does say in a very pithy way “That Nigerian prince does not need your help.”

      A message for community members but of course what you do here is much more sophisticated.

      Can I say more broadly to all of the staff that work here at DSD, all of the big range of work that you do here, cyber security and so much beyond, thank you for the work that you do to keep our nation safe.

      Thank you for every effort you make and efforts that we can’t thank you for, one success at a time.

      We’re never going to go out there and say ‘Guess what DSD has done today, they’ve done a really good job.’ We never go out there and say that for very good reason.

      But even when we can’t go out there and say that, I’m really conscious that the work that you do here is a pivotal part of our national security efforts, it’s a pivotal part of keeping our nation safe. And thank you very much for doing it.

      I do also want to congratulate you on having, I think, the most succinct and powerful mission statement of any of our arms of government: ‘Reveal their secrets, protect our own.’

      Thank you for the clarity of that vision and that statement and thank you for living up to the mission that that vision says.

      That is what we need to do, reveal their secrets and protect our own.

      So it’s a good opportunity to be here. Obviously I can’t be here every day with the Minister for Defence, but I do want to say to you every day we are conscious of the work you do, of the efforts that are happening from this place.

      So thank you very much.

    13. Posted 24/01/2013 at 2:21 pm | Permalink |

      And here’s Gillard’s media release on the subject today:

      A new Australian Cyber Security Centre will be established in Canberra to boost the country’s ability to protect against cyber-attacks.

      By drawing on the skills of the nation’s best cyber security experts, the ACSC will help ensure Australian networks are among the hardest to compromise in the world.

      Cyberspace is increasingly a strategic asset for Australia.

      Already around 73 per cent of Australians use the internet more than once a day. Australians’ use of cyberspace is estimated to be worth $50 billion to our economy, with the rollout of the NBN only expected to accelerate these changes.

      Yet Australia’s cyberspace is subject to threats:

      In 2011-12, there were more than 400 cyber incidents against government systems requiring a significant response by the Cyber Security Operations Centre.
      In 2012, 5.4 million Australians fell victim to cyber crime with an estimated cost to the economy of $1.65 billion.

      Securing and protecting our networks, and ensuring confidence in the online environment, is pivotal to Australia’s economy.

      The ACSC will be responsible for analysing the nature and extent of cyber threats, leading the Gillard Government’s response to cyber incidents. It will work closely with critical infrastructure sectors and key industry partners to protect our nation’s most valuable networks and systems. The Centre will also provide advice and support to develop preventative strategies to counter cyber threats.

      The ACSC will be the hub of the government’s cyber security efforts. It will include, in one place, cyber security operational capabilities from the Defence Signals Directorate, Defence Intelligence Organisation, Australian Security Intelligence Organisation, the Attorney-General’s Department’s Computer Emergency Response Team Australia, Australian Federal Police and the Australian Crime Commission.

      Industry and state and territory partners will have the opportunity to collaborate with the Government through the Centre.

      Establishment of the ACSC will begin immediately and is expected to be fully operational by late 2013.

    14. Stephen H
      Posted 24/01/2013 at 8:06 pm | Permalink |

      Paragraph 5, word 4: “Goevrnment ” should be “Government”.

      That is a crazy amount of money if the agency is defensive in nature. Yes, there are “cyber” attacks. But how would this centre help the dentist in Queensland whose records were encrypted by some blackmailer?

    15. good policy
      Posted 25/01/2013 at 11:51 am | Permalink |

      No significant attacks succeeded is a good thing! It means we are protecting our assets well. Do we need a major national disaster to act? $1.46b over 8-10years is actually not a massive amount of money in the scheme of things.

    16. Posted 27/01/2013 at 10:24 pm | Permalink |

      These scaremongers are usually the ones who benefit from government funding so don’t expect an objective true assessment of the subject from them. Not listening to the voters and scaremongering has been a growth industry for govts, bankers and military regimes in western countries ever since 9/11. Unless the proverbial snake eats its own tale they would be out of a job. More wasteful spending by the gillard govt. They should have allocated this money to the NBN instead which is more useful. Where is Tony Abbott now? The answer, he like gillard run this country for the benefit of their overseas banker masters on wall st, the city of london and swear an oath to the queen of england before the citizens who elect them and blindly follow Obama controlled by the same people. Gillard a closet totalitarian are building a big brother station to spy on us… Do you remember ASIO tried this on about 6 months ago as did Roxon’s dept and the online community decried it. Now ASIO is getting what is wants thru the back door.. How about not spending tax payer money on this white elephant, stop screwing over truth seekers like assange, start doing the right right things by the citizens and the world instead of colonial adventures with the UK and USA that is sending the western world broke then anonymous won’t be hacking the PM’s web site in the first place saving aussies billions of dollars!! How do you say? “Snouts in the trough for labor mates!” Gillard is a closet totalitarian and will use this waste of taxpayer money to stifle speech her side of politics don’t like such as common sense and increase the police state while she does it!




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Most Popular Content


  • Six smart secrets for nurturing customer relationships
    [ad] Today, we are experiencing a world where behind every app, every device, and every connection, is a customer. Your customers will demand you to be where they and managing customer relationship is the key to your business’s growth. The question is where do you start? Click here to download six free whitepapers to help you connect with your customers in a whole new way.
  • Enterprise IT stories

    • NetSuite in whole of business TurboSmart deal turbosmart

      Business-focused software as a service giant NetSuite has unveiled yet another win with a mid-sized Australian company, revealing a deal with automotive performance products manufacturer Turbosmart that has seen the company deploy a comprehensive suite of NetSuite products across its business.

    • WA Health told: Hire a goddamn CIO already doctor

      A state parliamentary committee has told Western Australia’s Department of Health to end four years of acting appointments and hire a permanent CIO, in the wake of news that the lack of such an executive role in the department contributed directly to the fiasco at the state’s new Fiona Stanley Hospital, much of which has revolved around poorly delivered IT systems.

    • Former whole of Qld Govt CIO Grant resigns petergrant

      High-flying IT executive Peter Grant has left his senior position in the Queensland State Government, a year after the state demoted him from the whole of government chief information officer role he had held for the second time.

    • Hills dumped $18m ERP/CRM rollout for Salesforce.com hills

      According to a blog post published by Salesforce.com today, one of Ted Pretty’s first moves upon taking up managing director role at iconic Australian brand Hills in 2012 was to halt an expensive traditional business software project and call Salesforce.com instead.

    • Dropbox opens Sydney office koalabox

      Cloud computing storage player Dropbox has announced it is opening an office in Sydney, as competition in the local enterprise cloud storage market accelerates.

    • Heartbleed, internal outages: CBA’s horror 24 hours commbankatm

      The Commonwealth Bank’s IT division has suffered something of a nightmare 24 hours, with a catastrophic internal IT outage taking down multiple systems and resulting in physical branches being offline, and the bank separately suffering public opprobrium stemming from contradictory statements it made with respect to potential vulnerabilities stemming from the Heartbleed OpenSSL bug.

    • Android in the enterprise: Three Aussie examples from Samsung androidapple

      Forget iOS and Windows. Today we present three decently sized deployments of Android in the Australian market on Samsung’s hardware, which the Korean vendor has dug up from its archives over the past several years for us after a little prompting :)

    • Businesslink cancelled Office 365 rollout cancelled

      Microsoft has been on a bit of a tear recently in Australia with its cloud-based Office 365 platform, signing up major customers such as the Queensland Government, Qantas, V8 Supercars and rental chain Mr Rental. And it’s not hard to see why, with the platform’s hybrid cloud/traditional deployment model giving customers substantial options. However, as iTNews reported last week, it hasn’t been all plain sailing for Redmond in this arena.

    • Qld Govt inks $26.5m deal for Office 365 walker

      The Queensland State Government yesterday announced it had signed a $26.5 million deal with Microsoft which will gain the state access to Microsoft’s Office 365 software and services platform. However, with the deal not covering operating system licences and not being mandatory for departments and agencies, it remains unclear what its impact will be.

    • Hospital IT booking system ‘putting lives at risk’ doctor

      A new IT booking platform at the Austin Hospital and Olivia Newton-John Cancer and Wellness Centre in Melbourne is reportedly placing the welfare of patients with serious conditions at risk.

  • Enterprise IT, News - Apr 17, 2014 16:39 - 0 Comments

    NetSuite in whole of business TurboSmart deal

    More In Enterprise IT


    News, Telecommunications - Apr 17, 2014 11:01 - 134 Comments

    Turnbull lies on NBN to Triple J listeners

    More In Telecommunications


    Featured, Industry, News - Apr 17, 2014 9:28 - 1 Comment

    Campaign Monitor takes US$250m from US VC

    More In Industry


    Digital Rights, News - Apr 17, 2014 12:41 - 14 Comments

    Anti-piracy lobbyist enjoys cozy email chats with AGD Secretary

    More In Digital Rights