Australian Government E-Security Framework

The Minister for Broadband, Communications and the Digital Economy announced a Whole-of-Government review of e-security on 3 July 2008. The Attorney-General’s Department, will conduct the review, of both the public and private sectors, by October 2008. The public and industry were invited to contribute. Available are:

1. E-Security Review web site
2. Media Release (copy appended)
   
3. E-Security Review 2008 Terms of Reference (PDF 19KB)
4. E-Security Review 2008 Public Discussion Paper (PDF 42KB)

Also giving an idea of the government's current thinking on e-security is the Trusted Information Sharing Network (TISN). This is a forum for those running critical infrastructure on security issues which affect critical infrastructure. This has a Computer Network Vulnerability Assessment Program. Also there is the Attorney-General's Critical Infrastructure Protection Branch.

Joint media release

The Hon Robert McClelland MP
Attorney-General

Senator the Hon Stephen Conroy
Minister for Broadband, Communications and the Digital Economy
Deputy Leader of the Government in the Senate

---

Whole-of-Government review of e-security

The Attorney-General Robert McClelland and the Minister for Broadband, Communications and the Digital Economy Senator Stephen Conroy today announced a whole-of-government review of e-security.

Australia’s ever-increasing reliance on information and communications technology and the threat of a hostile online environment has prompted the review, which will assist the development of a national framework for securing Australia’s electronic networks.

“New and networked systems increasingly underpin our business and social interactions, but they also provide fertile ground for exploitation by cyber criminals”, Mr McClelland said.

“The e-security review is an opportunity to look at what help the Government can provide to develop a more secure and trusted electronic operating environment for both the public and private sectors. The review will also consider whether Commonwealth programs can be better focused to deal with the ever increasing range of online threats.”

Senator Conroy said that the review of e-security was a vital step towards fostering confidence in using the internet for personal and business activities.

“A secure online environment trusted by the community coupled with the Government’s rollout of the National Broadband Network is critical to our nation’s continued social and economic prosperity,” Senator Conroy said.

A multi-agency team, led by the Attorney-General’s Department, will conduct the review, which will be completed by the end of this year.

The terms of reference for the review are attached. Details of how the public and industry can contribute to this review are available at: www.ag.gov.au/esecurityreview

Date: 3 July 2008

Media Contact:
Adam Sims, Mr McClelland’s office 0419 480 224
Tim Marshall, Senator Conroy’s office 0408 258 457

E-SECURITY REVIEW 2008
TERMS OF REFERENCE

The Attorney-General's Department is to lead a review of the Australian Government’s e‑security policy, programs and capabilities, assisted by other agencies represented on the E‑Security Policy and Coordination Committee. The review will take account of both the threat from electronic intrusions into Australian networks and the threat from complementary attacks on their physical, administrative or personnel security arrangements.

The purpose of the review is to develop a new Australian Government E-Security Framework in order to create a secure and trusted electronic operating environment for both the public and private sectors.

The review will:

1. develop a new Australian Government policy framework for e-security, covering the span of e-security issues across government, business and the community
2. examine current programs, arrangements and agency capabilities and capacities that contribute to e-security, including:
   • those being implemented by agencies under the E-Security National Agenda
   • incident response and crisis management arrangements for e-security, including the recommendations from Australia’s participation in Exercise Cyber Storm II, and
   • other relevant information and communications technologies (ICT) initiatives being undertaken by the Commonwealth and by state and territory governments to establish their suitability and effectiveness to achieve the policy objectives of the new Framework.
3. address emerging e-security issues including:
   • those resulting from technological change, including roll-out of the National Broadband Network, and
   • an increasingly hostile online security environment, which does not respect traditional jurisdictional boundaries
4. consider opportunities provided by international cooperation, including engagement with similar economies and like-minded governments
5. bring forward recommendations, prioritised in accordance with an assessment of risk, for consideration by Government to:
   • tailor programs and agency capabilities and capacity to achieve the policy objectives of the new Framework
   • address current and emerging threats, and
   • determine how to measure the success of each approach
6. principally focus on measures to be effective in the period to mid-2011, but also take into account longer term considerations, and
7. consult with relevant stakeholders and experts in government, business, academia and the community.

The review is to be completed for Government consideration by October 2008.

An executive committee comprising senior representatives of the Attorney-General’s Department, the Defence Signals Directorate, ASIO, the Department of the Prime Minister and Cabinet, the Department of Broadband, Communications and the Digital Economy, the Australian Federal Police and the Australian Government Information Management Office will provide oversight of the Review.

From: Whole-of-Government review of e-security, Attorney-General and the Minister for Broadband, Communications and the Digital Economy, Australian Government, 3 July 2008