Helen Portillo-Castro
The Minister for Foreign Affairs, Julie Bishop, described
cyber as ‘the new frontier’ in her address to the National Security Summit the
day after the 2018–19 Budget was released. Minister Bishop stated that ‘cyber-related
threats to Australia and our region are increasing in number, type and
sophistication’.[1]
In February this year, the Minister for Home Affairs, Peter
Dutton, highlighted public expectations with regard to cyberspace, noting the ‘public’s
access to and dependence on cyber space has become almost akin to its access to
other services, such as the supply of water’.[2] Minister Dutton foreshadowed
the prevention of cybercrime and cyberattack and the promotion of ‘cyber
resilience’ as core objectives of the new Home Affairs portfolio, which now has
carriage of the Government’s 2016
Cyber Security Strategy (the Strategy).[3] The Home Affairs 2018–19
Portfolio Budget Statements stipulate the performance criterion for the
relevant programs involved in providing ‘timely, relevant and forward leaning
cyber security policy advice, to protect and advance Australia’s interests
online’.[4] There is, however, no
explicit detail in the Budget on how any particular measure ties in with the
Strategy, or the specific outcomes being sought in cyber policy.
The Strategy included an action plan to achieve several
strategic goals by 2020, based on measures initially funded in the 2016–17
Budget.[5] Despite the lack of
detail on whether the Government is on track to achieve those goals, this
year’s Budget does contain a number of measures that relate to the
implementation of that action plan—and not only in the Home Affairs portfolio.[6]
Budget measures that explicitly mention cybersecurity outcomes span the Foreign
Affairs and Trade, Health and Jobs and Innovation portfolios.[7]
An array of cross-portfolio measures relating to the broader
strategic cyber context are contained in two packages—‘Delivering Australia’s
Digital Future’ and ‘Australian Technology and Science Growth Plan’. Several of
these new measures are covered in other Budget Review briefs.[8]
Additionally, there are measures targeting criminal behaviour online, as well
as abuse that falls short of the criminal threshold.[9]
The distribution across portfolios, however, reflects the
‘[increasing reliance] on the internet in many aspects of our society and
economy’ that the Minister for Foreign Affairs mentioned in her address on 9
May 2018.[10] The spread of cyber-related
issues across portfolios is also illustrative of the convergence of distinct
policy arenas in the online environment. While the 2016 Cyber Security Strategy
and the more recently announced International
Cyber Engagement Strategy may aim to coordinate this policy intersection
inside government, a coherent conception of cyber policy remains absent in broader
public discourse and in parliamentary debates.[11]
The critical role of the Australian
Signals Directorate
Legislation to establish the Australian Signals Directorate
(ASD) as a statutory agency while remaining within the Defence portfolio will
come into effect on 1 July 2018. The Defence Portfolio Budget Statements state
that there are no budget measures relating to ASD.[12]
But the ASD will adopt formal responsibility for the Australian Cyber Security
Centre (ACSC) from the beginning of the 2018–19 financial year,[13]
together with:
-
the Computer Emergency Response Team along with its cyber policy
and security functions, which is being transferred from the Attorney-General’s Department[14]
- the 24/7 cyber incident monitoring and response capability
announced in the Mid-Year Economic and Fiscal Outlook 2017–18[15]
and
- the Cyber Security Unit, including its personnel, that formed
inside the Digital Transformation Agency as a consequence of the Review of
the Events Surrounding the 2016 eCensus.[16]
An independent review of the Australian National Audit
Office’s cybersecurity arrangements points to ASD’s central role in promoting
whole-of-government cyber resilience, underscoring the government sector’s
reliance on ASD guidance for mitigation of cyber incidents and any response to
a security incident.[17]
Cyber as a frontier for Parliament
The impact of cyberspace on parliamentary business is also
contemplated in the Budget, and parliamentary interest in cyber affairs is
apparent in the terms of reference for current committee inquiries.[18]
Ongoing parliamentary business includes:
On 8 May 2018, the House of Representatives
Standing Committee on Industry, Innovation, Science and Resources tabled the
report, Internet
Competition Inquiry, which considered the impact on local businesses in
Australia of global internet-based competition.
[1].
J Bishop (Minister for Foreign Affairs), Keynote
speech at the 2018 Safeguarding Australia National Security Annual Summit,
Canberra, media release, 9 May 2018.
[2].
P Dutton (Minister for Home Affairs), Address
to the National Press Club, Canberra, media release,
21 February 2018. The National Archives of Australia has also used
this analogy in describing the basis for the digital continuity policy
applicable to government records: D Fricker (Director-General, National
Archives of Australia), Transcript
of Senate Occasional Lecture: Government-citizen engagement in the digital,
Parliament House, Canberra, 28 April 2017, Parliament of Australia
website.
[3].
Australian Government, Portfolio
additional estimates statements 2017–18: Home Affair’s Portfolio, p.
25; P Dutton (Minister for Home Affairs), Address to the National Press
Club, Canberra, op. cit.
[4].
Australian Government, Portfolio
budget statements 2018–19: budget related paper no. 1.10: Home Affairs
portfolio, p. 40.
[5].
N Brangwin, ‘Cybersecurity’,
Budget review 2016–17, Research paper series, 2015–16, Parliamentary
Library, Canberra, 2016.
[6].
The movement of funding arising from the implementation of the 2017
Independent Intelligence Review and the establishment of the Home
Affairs portfolio is largely detailed elsewhere, for example in relevant
2017–18 Portfolio Additional Estimates Statements and 2017–18 Portfolio Supplementary
Additional Estimates Statements. For detail on the Review and its relevance to
the 2018 Budget, see C Barker ‘National
security overview’, Budget review 2018–19, Research paper series,
2017–18, Parliamentary Library, Canberra, 2018.
[7].
Australian Government, Budget
measures: budget paper no. 2: 2018–19: ‘Assistance to Papua New
Guinea for hosting APEC 2018’ (p. 101), ‘Promoting Australian expertise in international
markets’ (p. 104), ‘Guaranteeing Medicare—modernising the health and aged care
payments systems’ (pp. 110–11), ‘Australian Technology and Science Growth
Plan—building Australia’s Artificial Intelligence capability to support business’
(p. 151).
[8].
A related development is the Government’s response to the Productivity
Commission’s inquiry into Data Availability and Use. For more information, see
N Horne and P Hamilton, ‘Data
sharing and release’, Budget review 2018–19, Research paper series,
2017–18, Parliamentary Library, Canberra, 2018.
[9].
The establishment of the Australian Centre to Counter Child
Exploitation is an example—although this facility has a focus on activity in
the cyber domain, its remit will not be restricted to cyber exploitation: Budget
measures: budget paper no. 2: 2018–19, pp. 127–28; P Dutton (Minister
for Home Affairs), Australian
Centre to Counter Child Exploitation, media release,
25 March 2018. Other examples include outcomes sought through the
eSafety Commissioner: delivering ‘face-to-face presentations and new on line
resources to empower front line workers to assist women experiencing
technology-facilitated abuse’; continuing to register trainers who can provide
information and training for the education sector, including ‘online safety
training to pre-service teachers at university’; and training for school
chaplains on cyber-bullying. See M Fifield (Minister for Communications and the
Arts), Strengthening
Australia’s connectivity, creativity and cultural heritage, media
release, 8 May 2018; S Birmingham (Minister for Education and Training)
and K Andrews (Minister for Vocational Education and Skills), Guaranteeing
essential services—reform and investment for better education opportunities,
media release, 8 May 2018.
[10].
Bishop, op. cit.
[11].
A third, related policy statement is the Digital Economy Strategy which,
at the time of writing, has not been made public but is due for release by
mid-2018: Australian Government, The
digital economy: opening up the conversation, Department of Industry,
Innovation and Science consultation paper, 2017, p. 7. For commentary on the
relationship between the 2018 Budget announcements and policy intent, see
Office of the Chief Economist, ‘Building
digital highways’, Economic Insight, Department of Industry,
Innovation and Science, 11 May 2018. For a list of the measures that
relate to the $2.4 billion package, see J Hendry, ‘Govt
earmarks $2.4bn for tech infrastructure’, itNews,
9 May 2018.
[12].
Australian Government, Portfolio
budget statements 2018–19: budget related paper no. 1.4A: Defence Portfolio,
p. 165. See also D Watt, ‘Defence
overview’, Budget review 2018–19, Research paper series, 2017–18,
Parliamentary Library, Canberra, 2018.
[13].
Portfolio budget statements 2018–19: budget related paper no. 1.4A:
Defence Portfolio, op. cit., p. 163; M Payne (Minister for Defence), P
Dutton (Minister for Home Affairs) and A Taylor (Minister for Law Enforcement
and Cyber Security), Strengthening
Australia’s cyber expertise, joint media release,
11 April 2018.
[14].
Explanatory
Memorandum, Intelligence Services Amendment (Establishment of the
Australian Signals Directorate) Bill 2018.
[15].
S Morrison (Treasurer) and M Cormann (Minister for Finance), Mid-year
economic and fiscal outlook 2017–18, p. 175.
[16].
L Seeback (Chief Investment Advisory Office, Digital Transformation
Agency), Evidence
to Senate Finance and Public Administration References Committee, Inquiry
into digital delivery of government services, 7 May 2018. Funding for
a ‘Cyber Security Advisory Office’ inside the Digital Transformation Agency was
announced in last year’s Budget: see C Barker, ‘National
security overview’, Budget review 2017–18, Research paper series, 2016–17,
Parliamentary Library, Canberra, 2017.
[17].
Australian National Audit Office, Review
of cyber security: report by the Independent Auditor, Commonwealth of
Australia, December 2017.
[18].
The Department of Parliamentary Services was allocated $9 million
over four years to establish a Cyber Security Operations Centre for Parliament
House: Budget measures: budget paper no. 2: 2018–19, p. 162.
All online articles accessed May 2018.
For copyright reasons some linked items are only available to members of Parliament.
© Commonwealth of Australia
Creative Commons
With the exception of the Commonwealth Coat of Arms, and to the extent that copyright subsists in a third party, this publication, its logo and front page design are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia licence.
In essence, you are free to copy and communicate this work in its current form for all non-commercial purposes, as long as you attribute the work to the author and abide by the other licence terms. The work cannot be adapted or modified in any way. Content from this publication should be attributed in the following way: Author(s), Title of publication, Series Name and No, Publisher, Date.
To the extent that copyright subsists in third party quotes it remains with the original owner and permission may be required to reuse the material.
Inquiries regarding the licence and any use of the publication are welcome to webmanager@aph.gov.au.
This work has been prepared to support the work of the Australian Parliament using information available at the time of production. The views expressed do not reflect an official position of the Parliamentary Library, nor do they constitute professional legal opinion.
Any concerns or complaints should be directed to the Parliamentary Librarian. Parliamentary Library staff are available to discuss the contents of publications with Senators and Members and their staff. To access this service, clients may contact the author or the Library‘s Central Enquiry Point for referral.