Australian Cyber Security Strategy 2016–2021

Australian Cyber Security Strategy 2016–2021
Name	Australian Cyber Security Strategy 2016–2021
Date started	2016
Date ended	2021
Jurisdiction	Australia
Agency	Department of Prime Minister and Cabinet

Australian Cyber Security Strategy 2016–2021 The Australian Cyber Security Strategy 2016–2021 was a national policy framework announced in 2016 to strengthen Australia's resilience to cyber threats and coordinate responses across public and private sectors. It set out a five-year plan linking strategic priorities with operational initiatives drawn from consultations with agencies such as the Australian Signals Directorate, Australian Security Intelligence Organisation, and industry stakeholders including the Commonwealth Bank of Australia and Telstra. The strategy sought to align Australia with international partners such as the United States, United Kingdom, Japan, and participants in the Five Eyes alliance.

Background and development

The strategy emerged amid rising concerns highlighted by incidents involving Equifax, Yahoo!, and state-linked campaigns like those attributed to the People's Republic of China and groups associated with the Islamic State of Iraq and the Levant. Development drew on inputs from inquiries such as the Parliament of Australia's committees, advisory bodies including the Australian Cyber Security Centre, and international frameworks exemplified by the Budapest Convention on Cybercrime and NATO Cooperative Cyber Defence Centre of Excellence. Key contributors included ministers from the Turnbull Ministry, senior officials from the Department of Defence, experts from universities like the Australian National University and University of New South Wales, and representatives from corporations such as BHP and Qantas.

Objectives and priorities

The strategy articulated objectives that mirrored priorities in documents like the 2016 Defence White Paper and strategies employed by the European Union Agency for Cybersecurity. It emphasized protecting critical infrastructure operators such as Ausgrid and Snowy Hydro, supporting small and medium enterprises including members of the Australian Chamber of Commerce and Industry, and enhancing incident response through entities like the CERT Australia function of the Australian Signals Directorate. Priorities included deterrence measures referencing sanctions regimes like those discussed by the United Nations Security Council, workforce development aligned with curricula from institutions such as Deakin University and Monash University, and improved public awareness campaigns comparable to initiatives by the National Crime Agency.

Key initiatives and programs

Major programs under the strategy included investment in the Australian Cyber Security Centre for threat-sharing and the expansion of CERT Australia, collaboration with industry via public-private partnerships modeled on UK Cyber Essentials, and funding for research through bodies like the Commonwealth Scientific and Industrial Research Organisation (CSIRO) and the ARC Centre of Excellence. The strategy funded capability boosts for agencies including the Australian Federal Police and Australian Criminal Intelligence Commission, supported innovation hubs resembling CIC Startup models, and launched grants to organisations similar to those administered by the Department of Industry, Innovation and Science. Initiatives also targeted secure supply chains with procurement standards compared to guidance from NIST and cooperative projects with regional partners such as ASEAN members and Papua New Guinea.

Governance and implementation

Implementation governance involved coordination among ministers in the Cabinet of Australia, operational leadership by the Department of the Prime Minister and Cabinet, and operational agencies including the Australian Signals Directorate and Australian Security Intelligence Organisation. Oversight mechanisms referenced parliamentary scrutiny via the Joint Committee on Intelligence and Security and audit functions of the Australian National Audit Office. The strategy created arrangements for interagency information sharing similar to structures used by the Department of Homeland Security in the United States and established memoranda of understanding with telecommunications carriers like Optus and Vodafone.

Funding and resources

The five-year package committed tens of millions in funding allocated through budget processes overseen by the Treasury of Australia and appropriated in federal budgets tabled in the Parliament of Australia. Funds supported capacity building at the Australian Cyber Security Centre, grants to universities including University of Sydney and RMIT University, and procurement for technology vendors comparable to contracts awarded by the Department of Defence. The spending profile included allocations for workforce scholarships, apprenticeship schemes reflecting models from TAFE NSW, and investments in research and development delivered via the CSIRO and industry cooperatives.

Impact and reception

Reception among stakeholders was mixed: industry bodies such as the Australian Industry Group and consumer advocates including the Australian Communications Consumer Action Network welcomed increased resources, while some privacy advocates referenced concerns raised by groups like Electronic Frontiers Australia about surveillance implications connected to expanded powers for agencies including the Australian Security Intelligence Organisation. Assessments by the Australian National Audit Office and analyses from think tanks such as the Lowy Institute and Griffith University noted improvements in coordination and threat awareness but identified gaps in workforce supply and metrics for success. International partners including the United States Department of Defense and UK National Cyber Security Centre signalled cooperation, and subsequent policy reviews informed later initiatives under new administrations.

Category:Cybersecurity in Australia Category:2016 in Australian law