Cyber Security Strategy

An Overview

Introduction
Australians have openly welcomed the internet in their lives and businesses.
For most of us the internet is part of our daily routine for keeping in touch with
friends and family, studying, shopping and paying bills.
Increasingly, businesses also use the internet and other information technology to
improve efficiency, quality of service, and to access new markets.
While the internet offers many benefits, there are also security challenges associated
with its use. Our use of the internet has created new opportunities for criminals to
seek access to our personal and corporate information, assume our identities and
commit financial crimes, such as fraud.
Indeed, the Prime Minister in his 2008 National Security Statement to Parliament
acknowledged that addressing online threats is now one of our top national security
priorities.
The Australian Government has developed a new Cyber Security Strategy that
provides a framework to better address these threats.
It is important that all Australians have a trusted, resilient and secure online
environment one that can keep pace with new technologies as they emerge.
This is why the Australian Government has based the Cyber Security Strategy on
these guiding principles:
-

strong national leadership to help make sure all Australians look out for the
security of our computer systems

shared responsibilities by all online users because we are all susceptible to

security threats to our computer systems

partnerships between government, industry and the community so everyone

works together to help protect our computer systems

active international engagement because the world is interlinked by

computer systems

risk management to make sure the most dangerous threats to our computer
systems are dealt with first, and

protecting Australian values so our individual freedoms and right to privacy

are upheld while we tackle security threats to our computer systems.

1.

Criminals are targeting internet users

There are an increasing number of criminals who are compromising, stealing,

changing or destroying information online potentially causing critical disruptions to
our computer systems.
The borderless, anonymous nature of the internet makes it hard to track down the
source of these cyber attacks.
Largely driven by personal and financial gain, offenders range from individuals to
sophisticated criminal networks.
The internet connects all online users around the world whether home users, small
businesses, industry or government services. This interconnection means that our
actions affect each other.
It is for this reason that it is important that all users protect their computers from
home users to businesses and governments.
2.

What information are criminals after?

Cyber criminals are after personal information such as information about your
identity and finances.
For example, the sort of identity information cyber criminals are after include your:
-

name
date of birth
home address
work address.

The sort of financial information cyber criminals are after include your:
-

bank account details

credit card details
passwords
logon names.

Any site where you publish any of the above information, such as social networking
sites, blogs and online CVs, could leave you open to misuse of your personal
information or fraud.
Be cyber smart be cautious about the personal information you put online.
3.

Why do we need a Cyber Security Strategy?

The risk to Australias economic and social wellbeing from cyber crime has been
rated as high by the Australian Government.

The advent of cyber espionage and, potentially, cyber warfare also means that this is
an important national security issue.
This is because our economic and social wellbeing depends on our computer systems
being secure and reliable.
However, the sale and distribution of tools designed to threaten the online
environment has become big business for criminals. Moreover, criminals have a
variety of attack techniques at their disposal, and cyber exploitation activity has
become more sophisticated, more targeted and more serious.
As government, business and personal activities continue to move to online systems,
this threat will continue to grow.
Protecting our online environment and our prosperity from these threats is an
important strategic issue for the Australian Government.
This has led to the development of the new Cyber Security Strategy.
4.

The new strategy

The Cyber Security Strategy has three goals:

1.

for all Australians to know about the security threats to our computers, to
know how to secure our computers, and to know how to help protect our
identities, privacy and finances online

2.

for Australian businesses to operate secure and resilient computer

systems to protect their operations and the identity and privacy of their
customers

3.

for the Australian Government to make sure its computer systems are
secure and resilient.

To help achieve these goals, the Australian Government is:

-

improving the way they detect and respond to threats to our computer
systems that are of national importance

working with business to help protect our computer systems

working internationally to help protect our computer systems

modelling best practice in the way they protect our computer systems

making sure the law can help protect our computer systems by being able to
catch and prosecute cyber criminals

making sure we have skilled professionals to help keep our computer systems
safe, and

5.

giving all Australians the information, confidence and practical tools we need
to protect ourselves online.
New organisations

As part of the Cyber Security Strategy, Australia has two new organisations that will
work together to help protect our computer systems:
1. CERT Australia
CERT Australia brings together Australias national computer emergency
response team (CERT) arrangements.
It will be the national coordination point for providing cyber security
information and advice to all Australians.
It will also be the first point of contact for international agencies to contact
Australia about cyber security issues.
For more information visit www.cert.gov.au
2. Cyber Security Operations Centre (CSOC)
Established as an initiative of the Australian Governments Defence White
Paper, the CSOC provides the Australian Government with all-source cyber
situational awareness and an enhanced ability to facilitate operational
responses to cyber security events of national importance.
The CSOC will provide comprehensive understanding of the cyber threat and
the security status of government networks and networks of national
importance.
The CSOC will identify and analyse sophisticated cyber attacks and provide
government with response options.
It will also assist in responding to cyber events across government and the
private sector through Defences work in support of other government
agencies.
For more information visit www.dsd.gov.au
6.

What else is the Australian Government doing?

As part of a strategic approach to tackling online threats, the Australian Government

has put a range of activities into place.
These include:

the development of a voluntary Internet Service Provider (ISP) Code of

Practice in partnership with the Internet Industry Association. ISPs are in a
unique position to help educate, inform, influence and protect Australian
internet users from online threats

sharing information with key Australian businesses to inform them about how
best to protect their computers and their clients information

awareness raising, outreach and education for all Australians through

initiatives such as school modules and the Stay Smart Online website,
www.staysmartonline.gov.au

taking steps to ensure that government systems are secure and resilient so that
online government services are available when you need them and the
information you provide to government is protected.

7.

What can you do?

The Cyber Security Strategy calls on all Australian internet users to be aware of the
potential risks when going online.
It also calls on all Australians to know how our own actions can be the first line of
defence to address online threats.
Australians can take some simple steps to protect their personal and financial
information online:
-

get a better, stronger password and change it at least twice a year

get security software, and update and patch it regularly

stop and think before you click on links or attachments

information is valuable be careful about what you give away about

yourself and others online

visit www.staysmartonline.gov.au for further information and to sign

up for the email alert service.

8.

What can businesses do?

To increase your understanding of the security environment and the steps you can take
to protect your business and your customers, visit:
-

the Attorney-Generals Department cyber security website

www.ag.gov.au/cybersecurity

the CERT Australia website at www.cert.gov.au

the Trusted Information Sharing Network for Critical Infrastructure

Protection website at www.tisn.gov.au

the national security website www.nationalsecurity.gov.au

information for small to medium enterprises is available at

www.staysmartonline.gov.au

The full Cyber Security Strategy is available on www.ag.gov.au/cybersecurity

Where do I go for more information?

How do I get help with protecting my home computer or laptop and my
information and transactions online?
The Stay Smart Online website is a trustworthy source of easy to understand
information, including simple steps and top tips on how to secure your computer and
your transactions online.
For more information visit www.staysmartonline.gov.au
I work in a small business. How do I get help with protecting my business and
client information and my computers and laptops?
The Stay Smart Online website is a trustworthy source of easy to understand
information, including a self-assessment tool for small business.
For more information visit www.staysmartonline.gov.au
I work in a large company. How do I get help with protecting our computers?
CERT Australia provides information and assistance to large companies, including
critical infrastructure, on how to prepare for, respond to and recover from cyber
events.
For more information visit www.cert.gov.au
What is cyber security?
Cyber security refers to the safety of computer systems also known as information
and communications technologies (or ICT).
For more information about cyber security visit www.ag.gov.au/cybersecurity
What is cyber safety?
Cyber safety is about helping to protect individuals, especially children, from online
risks such as exposure to offensive content, cyber-bullying or grooming online. The
Governments cyber-safety measures include law enforcement, filtering and
education.
For more information about cyber safety visit www.cybersmart.gov.au and
www.dbcde.gov.au/online_safety_and_security/cybersafety_plan
What is identity security?
Identity security is about protecting an individuals identity from theft or fraudulent
use.
For more information about identify security visit www.ag.gov.au/identitysecurity
8

What are online scams?

Some scams are especially designed to take advantage of the way the internet works.
A lot of internet scams take place without the victim even noticing. It is only when
their credit card statement or phone bill arrives that the person realises that they might
have been scammed.
For information on how to recognise, report and protect yourself from scams visit
www.scamwatch.gov.au
What is the digital economy?
The digital economy is the global network of economic and social activities that are
enabled by the internet and other computer systems.
A successful digital economy is essential for Australias economic growth, social
well-being and international standing.
To benefit from the digital economy, Australia needs effective cyber security.
For more information on the digital economy, visit
www.dbcde.gov.au/digital_economy