ASPI advocates cyber alignment with US, engagement with China

New Cyber White Paper should be released within 12 months, says the Australian Strategic Policy Institute

A report issued by the Australian Strategic Policy Institute advocates that the Australian government release a Cyber White Paper within the next 12 months to cover security issues facing the country and Australia's strategic cyber alignment.

The government had intended to issue a cyber security-focussed white paper in 2012. However, in October then prime minister Julia Gillard told a government-sponsored forum that the Cyber White Paper should be broadened to more widely look at digital issues facing Australia.

"I think we should be broadening that out so it is more a digital White Paper and helps us capture some of the more profound and longer term issues that have been brought to the table," Gillard said.

The lack of white paper focussed on the national and regional cyber security landscape "reflects a major gap in Australia's national security policy," the ASPI report states.

A Cyber White Paper should strengthen the framework for government policymaking with regards to security, address threats to national infrastructure and canvas how to increase co-operation with the US on cyber security.

Although a joint statement issued in 2011 by the US and Australia said that the ANZUS treaty would apply in the event of cyber attacks, more effort needs to be done to "align policy approaches to domestic security and international diplomacy".

The private sector needs "assurances that approaches that work in one jurisdiction will meet standards and requirements in the other."

In addition, Australia and the US need to "deepen our understanding about what the international community should do to strengthen a free and secure 'cybercommons'".

Australia's close economic relationship with China brings "both risks and opportunities" the ASPI report states.

"While we're well placed to help in building regional capacity to understand cyber risks and responses, and in building sensible cyber policy, this approach might potentially crate tension with China, which is often seen as a main instigator of the malicious use of cyberspace," the report says, noting an ABC Four Corners program broadcast earlier this year that claimed Chinese hackers may have gained access to data relating to ASIO's new headquarters.

Despite initiatives such as the announcement earlier this year of the establishment of an Australian Cyber Security Centre, which would bring together a number of security agencies, the government framework for cyber security is still too patchwork, the ASPI claims: "The Australian Government’s 2009 Cyber Security Strategy lists nine agencies, units or committees with critical cybersecurity responsibilities, but the number’s really much larger and growing...

"The answer to the question ‘Who owns cyber policy?’ is that no department or agency has a strong grasp on that area right now."