Professor Greg Austin is a researcher at UNSW Canberra, and he has an interesting proposal for the Government. The establishment of a new branch of government service in Australia — closer to ASIO and ASIS in approach than to the ADF, Border Force or AFP.
A “cyber reserve force”, similar to the Cyber Defence Unit of the Estonian Defence League, would essentially be a “neighbourhood watch” for “cyber space” set up under the Minister for Communications consisting of a Director General and 100 volunteers.
The leadership of the cyber civil corps will need to be highly expert in the field of managing advanced cyber threats and coordinating responses to them under Ministerial direction, Professor Austin says, with the Director General reporting directly to possibly the Minister of Communications or a new Minister for Civil Security in Cyber Space, not the Attorney General.
“A novel institutional response is needed to address emerging high technology security threats to the civil economy, the community and international interests of Australia”, Professor Austin says.
The corps would be the national authority for civil sector dependency mapping of Australia’s critical information infrastructure, its data resources and its transmission flows, including international dependencies. It would also provide “an auxiliary capability in a disciplined command structure for national civil and military defence response to extreme cyber emergencies”.
The development, monitoring and management of a response system for handling cyber threats to critical national or state infrastructure short of an extreme emergency is also high on the priority list, as well as for handling “serious cyber crime” that may affect the national economy or social infrastructure.
Developing “appropriate international working arrangements” to support these functions and advising on education needs for national military and civil defence of “cyber space” round out the main responsibilities of the corps. It would also be providing leadership in “national cyber space education” for businesses and the community.
“Current arrangements for national critical infrastructure protection in cyber space, including for essential services, are weakly developed, with the federal government taking active responsibility only for governmental infrastructure through the ACSC,” Professor Austin says.
“National policy recognises that such protection is a shared responsibility but there is no mechanism in place and no organized body of trained professionals for the unique and highly complex needs of critical infrastructure protection in cyber space, including for essential services”.
Professor Austin says Australia will never be able to afford the cost of maintaining such capabilities in existing military and police forces, and the pipeline for supply of skilled personnel in military and police forces is not adequate for the purpose.
The public consultation phase would run in parallel with an inquiry by special select joint committee of the federal parliament, Professor Austin recommends, with consideration and approval of the plans by the federal Cabinet and its subsequent consideration by the Council of Australian Governments complete by the end of the second year. Then 100 volunteer civil corps personnel would be recruited.
“Existing priorities and mission orientation of the Australian Defence Forces and national and state police forces, including the necessary transitions for likely future operations in cyber space, are already so burdensome it may not be prudent to place national civil defence and strategic management of countering cyber crime in their hands,” Professor Austin says.
“The contours of future high technology threats to Australia in cyber space are sufficiently unpredictable to suggest that development of overly rigid standing structures supported by full-time staff with pre-determined skill sets, as in the ADF, would be the equivalent of building modern versions of the Maginot line,” he continues. “Extreme cyber emergencies in the civil sector in cyber space are of such low probability that a full-time standing response force cannot be justified, even if Australia could afford it.”
Professor Austin says that the overwhelming share of critical national infrastructure is in civilian hands, and since an appropriately sophisticated understanding of the consequences of “cyber crime” is almost exclusively in the civil sector, the federal and state government must set in place an appropriate partnering structure for response — because neither the government sector nor the private sector acting largely alone can develop and coordinate national response.