Attorney-General for Australia

You are here:

Launch of the Cyber Security Strategy, Cert Australia and Identity Theft Booklet

Mural Hall, Parliament House, Canberra

Monday, 23 November 2009

[CHECK AGAINST DELIVERY]

Acknowledgements

First, may I acknowledge the traditional owners of the land we meet on – and pay my respects to their elders, both past and present.

Introduction

We are increasingly living in an online age.

More and more of our time is spent doing business and interacting with others on the Internet.

Ask an office worker – how would they do their jobs without their PC or phone?

Consider what would happen if we could no longer trust the electronic records of our banks or superannuation funds.

Or the chaos of a breakdown in the electronic systems that control the transport and freight industry.

Even basic services, such as electricity, water and food supply depend on computer systems for their reliable operations.

These latter uses aren’t always evident, and similarly, neither are the threats to these systems.

While you might notice when a computer virus makes your PC crash or run slow, you’re unlikely to detect your password being copied or data being read from your hard disk.

Many online threats are surreptitious and insidious.

The perpetrators are becoming increasingly sophisticated, more inventive in their tricks and scams, and more organised.

There are clear links to organised criminal syndicates and the intelligence services of foreign governments.

And while it is important to protect individual users, this is also a matter of national security – protecting the integrity of our economic institutions, defending our critical infrastructure; and protecting our defence and strategic information.

These three elements – individuals, business and government – are at the heart of the new strategy I’m pleased to be announcing today.

Cyber Security Strategy

The new Australian Government Cyber Security Strategy describes the way in which the Government is tackling security threats to our computers.

And it has three main goals that reflect the three elements of individuals, business and government.

The first goal is for all Australians to know about online security threats, to know how to secure their computers, and to know how to help protect their identities, privacy and finances online.

The second goal is for all Australian businesses to operate secure and resilient computer systems to protect their operations, and the identity and privacy of their customers.

And the third goal is for the Australian Government to make sure our computer systems are secure and resilient, particularly as we are the custodians of information on taxpayers and citizens.

To achieve these goals the Australian Government is going to give all Australians the information, confidence and practical tools needed to be secure online.

We're also going to work with business and our international partners to help create a culture of security on the Internet.

These partnerships are vital for securing sensitive information and resources – and ensuring the private sector can continue to reap the benefits of the digital economy.

We're also going to improve the way we detect and respond to computer threats of national significance.

This includes making sure laws are in place so we can catch and prosecute cyber criminals.

For those who’d like to explore the strategy in more detail, it is available online at www.ag.gov.au

There's also a brochure for home users and small businesses that summarises the Strategy – and it’s also available at that site.

Securing Cyber Space

I think it's fair to say that the Internet is presenting policy and law makers with a mammoth challenge.

The Internet is a whole new domain of human interaction where international borders are almost meaningless, the identity of individuals and organisations is almost impossible to determine, where vast wealth only exists as electronic data, and it’s a place where we put some of our most personal information.

Most of us have very little understanding of how the Internet works.

But there are a small number of technologically savvy people who do understand and who can take advantage of technical vulnerabilities.

Defamation, fraud, copyright infringement, drug trafficking, even planning for terrorist activities – all of these things happen both in the 'real' world and online.

Government has to adapt its policies, laws and institutions to ensure it can prevent and, where necessary, respond to these activities in both realms.

But, when we're talking about attacks on computers themselves, what we need are new and specialised policies, laws and agencies – with technologically savvy people working in them who can protect our networks, our information and our online security.

The Australian Government is building two such institutions:

CERT Australia

Today I would like to announce the name of the new Australian Government national CERT.

It is called CERT Australia.

It brings together our national computer emergency response team arrangements.

And it will be the national coordination point for providing cyber security information and advice to all Australians.

CERT Australia will also be the initial point of contact for international agencies to let Australia know about cyber security issues.

It will work with other national CERTs around the world, the IT industry and Australian Internet Service Providers to help network operators identify and respond to cyber security incidents.

The new CERT Australia will continue to build on the work of the Australian Government Computer Emergency Readiness Team, or GovCERT.au – currently helping owners and operators of critical infrastructure secure their networks and systems.

CERT Australia will begin initial operations in January and will be fully operational by July next year.

It will be managed by my Department and will work closely with the Cyber Security Operations Centre (CSOC).

The CSOC has been established following the Defence White Paper released in May this year.

It provides Government with enhanced situational awareness about cyber security.

It will maintain a 24/7 watch on cyber security activities that might threaten Australia’s national security and coordinate responses to cyber security incidents of national importance.

Reflecting our need to harness expertise across Government, the CSOC will be staffed from agencies including my Department, ASIO and the AFP.

Identity Theft Booklet

I am also very pleased today to launch the new Identity Theft Booklet – Protecting your Identity.

It provides Australians with practical advice and strategies on how to protect personal and financial information, as well as information on our computers and what to do if we’ve been a victim of identity theft.

The booklet also includes a checklist to assess how vulnerable we are to identity crime and provides a list of government resources to help protect our personal information.

It is quite alarming how many of us have been victims of identity theft.

For example, the Australian Bureau of Statistics held a survey on personal fraud in 2007.

And it showed that more than half a million Australians aged 15 years or older had experienced at least one form of identity theft in the preceding year.

This is why businesses and individuals must take steps to combat identity crime.

For businesses, this means protecting the identity of their clients and disposing of all information securely and in accordance with privacy requirements.

For individuals, this means setting up effective identity security routines – at home, in daily life, at work, and when travelling.

Perhaps the best advice I have heard is from an AFP Officer on local ABC Radio who cautioned that you do not put any information about yourself on the internet that you wouldn't be prepared to put on a Billboard on a major highway. In fact, the internet has the potential for great exposure.

By taking these common sense steps all Australians will be better protected from criminal activities that rely on using false or multiple identities – and these can be very serious crimes, such as money laundering and terrorist financing.

So I encourage you all to read this booklet – it can be found at www.ag.gov.au

Conclusion

To conclude, I would like to thank everyone who has been involved in the creation and development of these initiatives.

I know it has taken a lot of time, expertise and teamwork to reach this point – and your efforts are very much appreciated.

I am confident that the Cyber Security Strategy CERT Australia, and the Protecting your Identity booklet will be of great benefit to all Australians – helping to secure our computers and protect our identities.

And I encourage all Australians to get informed and get involved.