Cybersecurity cooperation is in the air – but ITU believes Australia is choking

For a country that’s good at every other part of cybersecurity policy, we’re still struggling to foster cooperation

Observers of this month’s G20 meeting are still scratching their heads over the proposed strategic cybersecurity partnership between the United States and Russia, whose leader Vladimir Putin went into the meeting expecting chastising over alleged Russian interference in the US elections.

The alternative outcome – one in which US president Donald Trump later tweeted had presented an opportunity to discuss with Putin an “impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded and safe” – drew consternation from US politicians on both sides of the political spectrum.

Russia, after all, is not only under suspicion of having hacked America’s 2016 election but has also been fingered as the likely perpetrator in the recent WannaCry outbreak – which hit targets including Victorian speed cameras, but is believed to have been a targeted attack on Ukraine on the eve of a holiday celebrating its constitution.

Regardless of the long-term implications for the two countries’ cybersecurity efforts, Trump’s announcement reinforced the growing recognition of the need for cross-border cooperation on cybersecurity – a key international metric where, according to a recent International Telecommunications Union (ITU) ranking, Australia is falling woefully behind its peers.

While Australia is at the forefront of the Asia-Pacific region in terms of development of its ICT industry, poor cooperation dragged down its overall score in the 2017 ITU Global Cybersecurity Index, in which the ITU used extensive questionnaires to judge the cybersecurity climate in its 193 member states.

Australia ranked 7th overall because it scored just 0.44 on the cooperation ranking, putting it well behind countries like France (0.61), Georgia (0.70), the United States (0.73), Oman (0.75), and table leaders Singapore and Malaysia (both of which scored 0.87).

This massive disparity was a significant blow for Australia, which compared favourably with other leading countries in the four other categories – legal, technical, organisational, and capacity building.

“The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions,” the report concluded. “However, there is space for further improvement in cooperation at all levels, capacity building and organisational measures.”

Cooperation, which the ITU says is “measured based on the existence of partnerships, cooperative frameworks and information sharing networks”, has been a key part of the Turnbull Government’s cybersecurity policy but the scathing assessment suggests that Australia’s private-public initiatives are failing to gain real traction.

The past year has seen a rush of cybersecurity investments – including new security operations centres from IBM, NEC Australia, Symantec, CSC Australia, and BAE Systems Applied Intelligence.

Government-led efforts, such as Victoria’s Oceania Cyber Security Centre and the federal Australian Cyber Security Centre, have served to unite many elements of Australia’s previously-fragmented cybersecurity response community – and have been generally welcomed by industry.

The ITU in particular recognised the formation of Australia’s Council of Registered Ethical Security Testers (CREST) – a professional pen-testing body that was expanded with new funding in the 2016 Budget.

However, the ITU ranking suggests that simply establishing centres of excellence isn’t enough to foster cooperation on its own. It posits as paragons initiatives such as Finland’s active involvement with the Council of Europe, OSCE and United Nations; the UK government’s partnership with local firm Netcraft; the US Multilateral Information Sharing Agreement; South Africa’s national cybersecurity hub; and the Nordic National CERT Collaboration.

The ITU identified five sub-elements to its cooperation rankings including intra-state cooperation, multilateral agreements, participation in international fora, public-private partnerships, and inter-agency partnerships.

If Australia is to take the ITU ratings as a guide for future efforts, these areas will offer valuable guidance for the areas where its efforts are best focused. And while it is well ahead of other countries on most measures – just 38 percent of countries have a published cybersecurity strategy and only 11 percent have a dedicated standalone strategy – improving cooperation clearly needs to be a strategic priority.

With cybersecurity framing international relations at a global level, the next three years – after which the ITU will update its GCI rankings – will be critical in determining whether Turnbull’s initiatives have effectively pivoted Australia’s cybersecurity climate to meet future needs.

And that, says the ITU, is the whole point.

“The objective of the GCI as an initiative is to help countries identify areas for improvement in the field of cybersecurity,” the ITU’s report notes, “as well as to motivate them to take action to improve their ranking – thus helping raise the overall level of commitment to cybersecurity worldwide… with the added benefits of helping harmonise practices and fostering a global culture of cybersecurity.”

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags IBMsymantecitucyber securityNEC AustraliaInternational Telecommunication Union (ITU)BAE SystemsCSC Australiamalware attacksDonald TrumpITU standardsskills gapcybersecurity policyTurnbull governmentTrumpWannaCryWannaCry ransomwareputinstrategic cybersecurity partnershipelection hacking

More about AustraliaCSCCSC AustraliaIBMITUNECNEC AustraliaNetcraftSymantecUnionUnited Nations

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts