Budget 2015: ASIO flags encryption challenges, slams “malicious insiders” as A-G stumps $131.3m for metadata

Increasing use of encryption and counter-surveillance technologies have been flagged as a key problem facing the Australian Security Intelligence Organisation (ASIO) as the organisation – like others within the Attorney-General's portfolio – outline their Budget-time priorities in tackling activities “prejudicial to Australia's security” that are enabled through use of such technology.

The organisation “has identified the potential for grave harm to Australia's national interests from espionage and foreign interference, including by cyber means,” the Attorney-General Department's Budget papers report, “and these activities will continue to increase in terms of range, scale and sophistication.”

Use of encryption – recently a contentious topic as national intelligence agencies rankle privacy advocates by pushing for preferential access to otherwise-encrypted communications – “increases the time, complexity, cost and risk associated with national security operations,” ASIO warned.

The agency also took a moment to pan the likes of Edward Snowden and Julian Assange by referencing “the damage to national security and intelligence capabilities that can arise from the actions of self-motivated malicious insiders.”

ASIO's assessment was complemented by similar rhetoric in other security-related agencies across the portfolio of the Attorney-General's Department – which prioritised its ability to “combat criminal activity in the online environment” with expanded access to the national document verification service, supporting the industry in fighting online security threats, and further development of Commonwealth identity security policy.

The A-G will fund controversial new metadata retention laws to the tune of $131.3 million over the next 3 years.

That allocation only covers part of the cost of the program, which has been estimated to cost up to $400m and has been plagued by industry concerns and calls for a more proportionate response as users flock to telephony alternatives.

The Australian Crime Commission (ACC) will “continue to work with national security partners to discover, understand and respond to cyber and technology-enabled crime threats,” according to the Budget papers, which foreshadow a continuing strong response against online and offline organised crime through greater collaboration with private industry, policymakers and international partners – complementing initiatives such as the Australian Cybercrime Online Reporting Network (ACORN).

The Australian Federal Police (AFP) also mentioned the threat of cybercrime, focusing in its strategy on “achieving and maintaining a technological edge over criminals”. This will be enabled through “continuous development and enhancement of its investigations and specialist support capabilities” in areas including cybersafety, forensics, intelligence, and more designed to have “the greatest impact and disruptive effect on criminal networks and security threats”.

Read more: Can funding open source bug bounties save Europe from mass-surveillance?

Interestingly, the AFP has also outlined its criteria for measuring the success of its cybersecurity efforts: “Reduced vulnerability to cyber threats is gauged through measuring the effectiveness of cyber safety presentations”, with success to have been achieved when 85 percent of surveyed audiences become aware, or reinforce their awareness, after delivery of cybersecurity-related presentations. The 85 percent level remains consistent through 2018-19 forward estimates

Crime-enforcement organisation CrimTrac will continue enhancing its ICT environment “in alignment with national security standards,” that agency's Budget statements say, with ACORN among the national systems and services that will continue to be operated and enhanced in 2015-16.

CrimTrac will also focus on facilitating information sharing capabilities for policing and law enforcement, with national information exchange standards implemented to “enhance interoperability of policing information” and an improved focus on technologies supporting CrimTrac partner agencies in areas such as cybercrime reporting and biometrics. This included a plan to boost the availability of fingerprint system availability from 99.0 percent in 2014-15 to 99.4 percent this year and 99.5 percent by 2018-19.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Read more: How responsible are employees for data breaches and how do you stop them?

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags metadata retention lawsAttorney-General Department's BudgetAustralian Cybercrime Online Reporting Network (ACORN)technologyEdward SnowdenBudget 2015encryptionAustralian Security Intelligence Organisation (ASIO)CSO Australiacybercrime

More about ACCASIOAttorney-GeneralAustralian Crime CommissionAustralian Federal PoliceCSOEnex TestLabFederal PoliceThe Australian Crime Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts