Streamlining Australian cyber incident response

Streamlining Australian cyber incident response

Cyber Security Cyber Resilience Taskforce
Wednesday, 16 August 2017

Department of the Prime Minister and Cabinet

Taskforce team discussing cyber incident communications arrangements

The Cyber Resilience Taskforce has been focussed on building a framework for ‘what good looks like’ in the cyber security ecosystem in Australia and looked at government processes and tools which support cyber security incident response.

We also spent time refining our ‘definition of done’, that will continue to shape our work:

We are building the ecosystem to deliver a cohesive national narrative and capability on cyber resilience.
We are bringing a unified whole of economy focus to education, prediction and response to cyber threats.

From this, we need to build consensus in both the public and private sector about what constitutes cyber security and cyber resilience and the services provided by government and the private sector. Our work on developing a form of ‘Cyber Security Charter’ explored some of these issues, but more work will need to be done.

Moving forward our next sprint will finalise our incident scenarios, focus on the roll-out of the Joint Cyber Security Centres being delivered under Australia’s Cyber Security Strategy and kick off a look at cyber security skills.

Follow our progress through our fortnightly newsletter on the Office of the Cyber Security Special Adviser’s website and @CyberGovAU Twitter updates.


Sandra Ragg
Head, Office of the Cyber Security Special Adviser
Lead, Cyber Resilience Taskforce 

Cyber Security Charter

Graphic of various online devices connecting to a globe

The Taskforce hosted a workshop with a small number of private and public executives to explore the value of a ‘Cyber Delivery Service Standard’ or a ‘Cyber Security Charter’.

Modelled on a digital services standard, such a Charter would describe ‘what good looks like’ as a stakeholder within the cyber security ecosystem.

It would also give organisations a set of principles from which they can measure whether projects and systems are being designed to deliver the best-possible outcome.

The workshop generated lively discussion on the way the Taskforce should proceed. Contentious issues included what was and was not covered by the concept of ‘cyber security’ and what ‘resilience’ meant in the context of cyber security. It was clear though, that given the proportion of our lives lived online, our cyber ecosystem should be designed to be citizen/consumer-centric.

Also it was recognised that there is a lot of information, advice and capability across the public and private sector that would be very powerful if made consistent and coordinated. Our thanks to the Canberra-based Deloitte team for providing the workshop facilities.

Preparedness: Cyber security through protecting Australians from telephone scams

Graph from ACCC on the number and type of scams in Australia

According to latest ACCC statistics so far in 2017 telephone scams make up the majority of scam reports.

These telephone scams are used by criminals to trick Australians into providing remote access to their computer, harvest personal information, access online banking and ultimately create distrust in the online environment.

To address this growing threat the Taskforce hosted the Telephone Scam Working Group - involving the Department of Human Services, the Australian Taxation Office, Telstra and Microsoft, organisations frequently spoofed in these scams.

The Group identified six key resilience building measures that could better protect Australians online. The Taskforce will develop these measures into actionable products over future weeks.

Cyber incident communications

Effective communications are at the heart of any effective incident response. The Taskforce has been strengthening incident communications guides and exploring technology platforms for rapid at-scale alerts. This includes developing standard resilience advice for the more likely threat scenarios. Modelling will shortly be tested through exercise scenarios with a range of stakeholders.

Building cyber skills

Photo from Minister Tehan’s cyber skills roundtable event in Sydney

The next Taskforce sprint will focus on identifying organisations and initiatives building cyber security skills. It will help draw out Australia’s strengths and gaps and identify opportunities to improve how we foster cyber security talent.

This follows on from a July Roundtable hosted by the Minister Assisting the Prime Minister for Cyber Security, the Hon Dan Tehan MP. At the meeting, leaders from across the private, educational and government sectors came together to explore ways to enable more Australians to pursue a career in cyber security and ensure Australia is ready to face the cyber threats of the 21st century.

Streamlining our cyber incident response

Taskforce team discussing cyber incident communications arrangements

Core government partners came together in a Taskforce ‘swarm’ to take a detailed examination of the government’s cyber incident response arrangements and get greater clarity about roles and responsibilities in a range of cyber security incident scenarios.

The team tested assumptions and developed quick solutions to identified capability gaps.

The workshop covered: definitions of activation thresholds; the immediate information needed to communicate with Australians about an incident and what to do; and sharper allocation of accountabilities. 

Each of these will provide the platform for strong communications with the public during a significant cyber incident. The focus is on ensuring the clearest possible understanding of the scale and potential consequences of an incident and mitigation advice as the incident evolves.

Joint Cyber Security Centres as part of a national cyber security ecosystem

The role of the Joint Cyber Security Centres (JCSCs) has been raised through a number of workshops to date. There is a strong desire to closer integrate JCSCs into the national cyber security ecosystem and ensure a sharp focus on information sharing and collaboration. Following the initiation of a pilot Centre in Brisbane, additional Centres are soon to open in Melbourne, Sydney, and Perth. Closer examination of the JCSCs will feature in the next sprint.

Meet our Team: Riley, Adviser - Office of the Cyber Security Special Adviser

What is your background?

I am one of three PM&C staff in the taskforce – we have a very diverse group. I have been with the Department for the past two years in roles across Financial Services and the Executive, so I am learning a lot about Cyber Security on this taskforce!

What do you like about the Taskforce?

I am really enjoying the agile methodology the Taskforce is using. The short sprints and ‘take it and run with it’ approach the Taskforce is using exposes me to a variety of tasks and opportunities I would not have had before. I’m really enjoying pushing my boundaries and learning a lot in the process.  

Get involved with the Taskforce and have your voice heard! 

We welcome views from government and the private sector on how we can best achieve our goal to improve Australia’s capability and response to cyber security and cybercrime threats and incidents. This might be through part time resources, hosting or participating in workshops or through sharing of cyber security incident management tools and strategies. To get involved contact