Mike Burgess, Director ASD, speech to ACSC Conference 2018
National Convention Centre, Canberra
10 April 2018
Thank you, Alastair.
And thank you to Minister Dutton for opening the conference today and to shadow minister Brodtmann for joining us also.
Good morning everyone, it is great to be here and great to be back in ASD.
Last time I was here representing the Australian Signals Directorate was in 2012, when ASD launched its Catch, Patch, Match campaign. Advice that lives on today as part of ASD’s Essential Eight. Advice that continues to make a difference when it is applied!
Today I thought I would share with you my perspective on the changes to ASD and the Australian Cyber Security Centre and include in that my priorities for the centre for the next twelve months. The government’s ambition and expectation on the centre and the ASD is high. You would have got a clear sense of that from Minister Dutton this morning and, if you attended the reception last night, from Minister Taylor.
Cyber security is a global problem – we have all witnessed the wholesale theft of data and disruption to business in recent years. I don’t need to elaborate on that any further because I know I am preaching to the converted in a forum such as this. The successful identification and management of cyber security risk across the community, businesses and the federal and state governments is critically important.
The 2017 Independent Intelligence Review recognised the importance of this and, in regard to the Australian Cyber Security Centre, noted it is essential to have a seamless connection between the centre and the Australian Signals Directorate. The review also noted the centre should be established as the credible and authorative voice on cyber security in Australia. Just last month the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Bill 2018 was passed. From 1 July this year the Australian Cyber Security Centre will become part of ASD. This includes welcoming staff from CERT Australia and a smaller contingent of staff from the Digital Transformation Agency.
The changes you will see from the centre will not come from these changes alone.
The collective potential will certainly increase as a result, but you will also see a change of emphasis and span of engagement. The new legislation introduced two key changes in this regard:
- ASD’s advice and proactive assistance remit on cyber security is now expanded to include the community, business and governments, and
- a new function to combat cyber-enabled crime.
The ambition and expectations of our ministers is high. And I’d be confident it is the same for you.
The centre will be focussed on cyber security risks for:
- the community
- businesses, small, medium and large, and
- governments, both federal and state.
I can assure you Alastair, his team, the rest of ASD and I will be focused on this.
In the context of this whole-of-nation focus, the new function to combat cyber-enabled crime is also important. In this regard, cyber-enabled crime will include:
- pure play cybercrime – that is hacking for criminal purpose – I’d also include nation state actors in this, and,
- cyber-enabled serious crime.
ASD’s focus on nation state actors, that is, countering cyber espionage, interference or attack will continue and will remain important.
However, ASD’s focus will shift and broaden. And when I refer to ASD in this context, I mean the whole of my organisation. The centre’s focus will cover:
- business, and
And will be backed and supported by ASD – Alastair will have the full support of ASD, not just his part of organisation.
My expectations of the centre include:
- comprehensively understanding the cyber threat to Australia, and
- providing timely proactive advice and assistance that makes a real difference across the community, businesses and governments.
The centre’s work must lead to an improvement in the identification and management of cyber security risk for all Australians.
My key priorities for the next 12 months are:
- A national assessment of Australian cyber security, with an initial focus on critical infrastructure.
- Collaboration with major Internet Service Providers and critical infrastructure providers to drive out known problems and identify first seen more serious threats.
- Executing a counter cybercrime campaign, and
- Outreach and influence to improve the identification and management of cyber security risk across the community, business and government.
We live in a connected world and with this comes great opportunity and benefits to society and our economy. Everything is being digitised, everything is being connected and everything is being controlled by software. There is no doubt the full potential of connectivity, technology and software is yet to be fully realised.
However, these same benefits represent a significant risk. And in this digitised world it is timely to remind ourselves, security also includes integrity and availability, not just confidentiality. I am confident Australia will rise to this challenge to ensure we all identify and manage our cyber risks more effectively – but in this regard we all have much work to do. The centre will do its part and I am confident all of you will also rise to the challenge and make a difference.
Thank you and enjoy your conference