How The Australian Cyber Security Centre Protects You Online

In 2017, Australia embarked on a significant reform of its security and intelligence system under the leadership of then-prime minister Malcolm Turnbull. As the largest of its kind in over four decades, this reform came amid the evolving threats to national security, particularly digital ones.

As per the recommendations by an independent review, the Turnbull government enhanced the functions of the country’s leading cyber security agency: the Australian Cyber Security Centre (ACSC). Here’s a closer look into the primary tasks of the ACSC and its method of protecting Australians and Australia-based businesses from today’s cyber security risks.

One can’t talk about the ACSC without knowing Australia’s interest in beefing up its cyber security. As it turns out, the country used to be a hotbed of cybercriminal activity around the 1990s. Worms found in computers in other countries had been traced back to Australia-based hackers. There were too few IT security services at the time to protect users from such risks. (1)

During this decade, the national government had little interest in establishing a national cyber security agency. The first such body was more or less a coalition of three universities: Griffith University, Queensland University of Technology and the University of Queensland. But as it was de facto in nature, it barely held any legal authority. (1)

It wasn’t until 2010, when more Australians gained internet access and cyber security services started growing in demand, that the government began showing interest. Among the first signs was the birth of the Cyber Security Operations Centre, an agency under the Defence Signals Directorate (DSD). (2)

To expand on its defence-oriented responsibilities, the Cyber Security Operations Centre became the ACSC in 2014 (with the DSD renamed the Australian Signals Directorate or ASD one year earlier). The agency retains some role in national defence, but it also collectivises the country’s other cyber security resources, notably civilian elements such as an Optus internet security suite.

The ACSC’s responsibilities are four-fold, specifically:

• Serves as a computer emergency response team (CERT) that reacts to any potential and ongoing cyber security threat in Australia
• Works with the private and public sectors, such as enterprise security services, primarily sharing crucial information on any cyber security threat to help enhance resilience
• Cooperates with various government agencies, industries, and communities in helping spread cyber security awareness
• Provides valuable cyber security information and assistance to Australian individuals and Australia-based businesses or organisations (3)

Nowhere are these duties exercised more clearly than on the ACSC’s website. The home page features useful cyber security info for individuals and families, small and medium enterprises, organisations, and government agencies. It also provides alerts and regular updates on potential and ongoing threats to help the country maintain awareness.

The computer security service industry also relies on the ACSC’s information and alerts to adapt to any changes. This has become more crucial as recent global events like COVID have reshaped the way people use the internet.

The ACSC also publishes its Cyber Threat Report for the public. This annual report provides vital statistical info on Australia’s cyber security health for a specific period, from the overall number of attacks to case studies. The wealth of knowledge contained in this publication gives Australians the edge in staying vigilant and investing in cyber security solutions.

As mentioned earlier, the reforms undertaken in 2017 further enhanced the ACSC’s operations. The 2017 Independent Intelligence Review says that most of the changes focus on the agency’s organisational setup. Some of these stem from recommendations such as:

• Operating under the ASD to maintain access to diverse and state-of-the-art cyber security business resources and expertise
• Requiring the ACSC head to be solely responsible for the nation’s cyber security and to produce a biannual report on current threats and the agency’s actions
• Maintaining the same level of data access for extra-agency staff working with the ACSC as they typically have in their respective home agencies
• Maintaining a 24/7 cyber security hotline for use by both private and public sectors to aid in keeping the ACSC updated on potential and existing threats (4)

Given the significance of a robust intelligence and security structure, the government affirmed most, if not all, of the recommendations. The ACSC remains under the ASD with its own head and hierarchy. It also has a cyber hotline where individuals can report cyberattacks, though it stresses that such incidents that later lead to threats to life should be reported to 000.

There’s no doubt that the ACSC is proof that Australia takes cyber security more seriously. Its extensive resources and expertise on the subject matter enable peace of mind while browsing casually or doing business. Nevertheless, threats evolve with technology, so network security services and other protective measures must keep up.

1. “Organising cyber security in Australia and beyond”, Source: https://www.researchgate.net/publication/317022664_Organising_cyber_security_in_Australia_and_beyond
2. “Cyber Security Operations Centre officially opened.”, Source: https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22media/pressrel/CENV6%22
3. “Cyber Security”, Source: https://www.asd.gov.au/cyber-security
4. “2017 Independent Intelligence Review”, Source: https://www.pmc.gov.au/sites/default/files/publications/2017-Independent-Intelligence-Review.pdf