Budget 2015: ASIO flags encryption challenges, slams “malicious insiders” as A-G stumps $131.3m for metadata

Increasing use of encryption and counter-surveillance technologies have been flagged as a key problem facing the Australian Security Intelligence Organisation (ASIO) as the organisation – like others within the Attorney-General's portfolio – outline their Budget-time priorities in tackling activities “prejudicial to Australia's security” that are enabled through use of such technology.

The organisation “has identified the potential for grave harm to Australia's national interests from espionage and foreign interference, including by cyber means,” the Attorney-General Department's Budget papers report, “and these activities will continue to increase in terms of range, scale and sophistication.”

Use of encryption – recently a contentious topic as national intelligence agencies rankle privacy advocates by pushing for preferential access to otherwise-encrypted communications – “increases the time, complexity, cost and risk associated with national security operations,” ASIO warned.

The agency also took a moment to pan the likes of Edward Snowden and Julian Assange by referencing “the damage to national security and intelligence capabilities that can arise from the actions of self-motivated malicious insiders.”

ASIO's assessment was complemented by similar rhetoric in other security-related agencies across the portfolio of the Attorney-General's Department – which prioritised its ability to “combat criminal activity in the online environment” with expanded access to the national document verification service, supporting the industry in fighting online security threats, and further development of Commonwealth identity security policy.

The A-G will fund controversial new metadata retention laws to the tune of $131.3 million over the next 3 years.

That allocation only covers part of the cost of the program, which has been estimated to cost up to $400m and has been plagued by industry concerns and calls for a more proportionate response as users flock to telephony alternatives.

The Australian Crime Commission (ACC) will “continue to work with national security partners to discover, understand and respond to cyber and technology-enabled crime threats,” according to the Budget papers, which foreshadow a continuing strong response against online and offline organised crime through greater collaboration with private industry, policymakers and international partners – complementing initiatives such as the Australian Cybercrime Online Reporting Network (ACORN).

The Australian Federal Police (AFP) also mentioned the threat of cybercrime, focusing in its strategy on “achieving and maintaining a technological edge over criminals”. This will be enabled through “continuous development and enhancement of its investigations and specialist support capabilities” in areas including cybersafety, forensics, intelligence, and more designed to have “the greatest impact and disruptive effect on criminal networks and security threats”.

Interestingly, the AFP has also outlined its criteria for measuring the success of its cybersecurity efforts: “Reduced vulnerability to cyber threats is gauged through measuring the effectiveness of cyber safety presentations”, with success to have been achieved when 85 percent of surveyed audiences become aware, or reinforce their awareness, after delivery of cybersecurity-related presentations. The 85 percent level remains consistent through 2018-19 forward estimates

Crime-enforcement organisation CrimTrac will continue enhancing its ICT environment “in alignment with national security standards,” that agency's Budget statements say, with ACORN among the national systems and services that will continue to be operated and enhanced in 2015-16.

CrimTrac will also focus on facilitating information sharing capabilities for policing and law enforcement, with national information exchange standards implemented to “enhance interoperability of policing information” and an improved focus on technologies supporting CrimTrac partner agencies in areas such as cybercrime reporting and biometrics. This included a plan to boost the availability of fingerprint system availability from 99.0 percent in 2014-15 to 99.4 percent this year and 99.5 percent by 2018-19.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)