nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

The case for a police-civilian cyber super-agency in Australia

Not that kind of merger, but a merger nonetheless

By Mark Arena, 17 Nov 2016

Opinion The Australian Federal Government is wasting millions of dollars on redundant cyber-capabilities. It should scupper its competing agencies and strip powers from others, and hand the lot to a resuscitated Australian High Tech Crime Center police-civilian super-agency that would be distributed across Australian capital cities.

It’s a bold claim and one that will ruffle feathers although some of my former colleagues in Canberra will inevitably agree.

But hear me out.

I cut my teeth in the industry in between 2007 and 2010 as a technical specialist with the Australian Federal Police (AFP) High Tech Crime Operations portfolio. My background prior to that was as a software engineer and programmer.

The AFP is an agency with an enormous cyber crime workload and few resources for its hard-working and devoted staff. It has to make do with far less than its equivalent at the FBI.

Conventional wisdom puts the FBI with 10 times the resources of the AFP, but the numbers were even worse in the AFP’s cyber crime investigations team and would be significantly more imbalanced today.

Then came a godsend [PDF]: In April this year Australian Prime Minister Malcolm Turnbull earmarked A$230 million for cyber security funding, a portion of it set aside for the Australian Federal Police’s since renamed High Tech Crime Operations (HTCO) portfolio, and the rest for the Australian Criminal Intelligence Commission.

Yet more money could be yielded by removing duplicated capabilities that currently overlap between CERT Australia, the Australian Federal Police, the Australian Security Intelligence Organisation (ASIO), and the Australian Criminal Intelligence Commission (ACIC).

Here’s how the agency cyber-remits overlap for attacks against Australian organisations:

  1. A member of the public reports the attacks to the Australian Cybercrime Online Reporting Network run by the Australian Criminal Intelligence Commission.
  2. The motivation of the attacker is assessed.
  3. If it is financially driven, the Australian Federal Police or potentially the state police would take lead.
  4. If it is state sponsored, say espionage, ASIO may take lead.

The reality, however, is that a vast majority of the same skills are required to investigate cyber-attacks, despite the attackers, be they financially motivated cyber-criminals or state-sponsored actors.

Throw into the mix that each of Australia’s seven states and territories requires their own cyber-crime force to handle the sea of non-federal hacking offences, and the necessary expenditure to handle cyber-crime easily blows out.

Australia can scarcely afford to squander investment in cyber-security. The nation’s cyber-agencies mirror those of the United Kingdom (CERT Australia with CERT-UK; ASIO with MI5; and the Australian Federal Police with the National Crime Agency) but operate with a fraction of the investment and funding relative to the populate size of Australia compared to the United Kingdom.

In early 2013, the Gillard Government announced the creation of the Australian Cyber Security Centre to pull representatives of these duplicated federal agencies together to enhance collaboration and sharing.

It was certainly an improvement, but it is no replacement for a single unified agency.

Australia can no longer afford to retain duplicated skills and capabilities across different agencies.

Instead the Australian Government must review its cyber-crime funding. It is my strong belief that it should build the second iteration of the Australian High Tech Crime Center to as a hub for all cyber-incidents that affect Australia.

This agency will need offices in all states to satisfy and actively support the needs of Australians and state police who would have their own officers reporting locally, rather than from Canberra, as was the case when the High Tech Crime Center was folded in 2008.

It would be responsible for:

  • Criminal investigation, intelligence collection and analysis of financially motivated cyber criminals, removing that from the Australian Federal Police, state police forces and the Australian Criminal Intelligence Commission.
  • Intelligence collection and analysis of state sponsored and espionage motivated cyber threat actors affecting Australia, removing that from ASIO.
  • Telecommunications voice and data interception, removing that from various agencies in a big win for not only de-duplication but in supporting vastly underfunded and under skilled state police operations. This shared capability would be able to support all crime types.
  • Technical surveillance.
  • The single point for members of the public to report cyber crimes, stripping it from the Australian Cybercrime Online Reporting Network which is currently run by the Australian Criminal Intelligence Commission [4].
  • Computer emergency response, stripping it from CERT Australia [5]

Even more money would be saved in the long term by making this a civilian-led agency with police powers obtained by the secondment of police offices from the Australian Federal Police and state police forces. This removes the burden of hugely resource-intensive cyber-crime investigations from the limited number of over-worked police who are regularly recruited into high paying roles in the private sector.

Having offices across Australia would also make it a lot easier to recruit people with the right skills and experience. Not everyone wants to live in Canberra.

On November 7, the Australian government announced that it would undertake an independent review of the Australian Intelligence Community (AIC). I strongly recommend that a massively overhauled Australian High Tech Crime Centre be considered, one that assumes some of the current remits of both the AIC and of law enforcement agencies.

Mark Arena is the founder of Intel 471 where he supports some of the world’s largest organisations and their threat intelligence programmes. He was formerly the chief researcher with iSIGHT Partners, now a FireEye company, and prior to that worked as a technical specialist within the Australian Federal Police.

The Register - Independent news and views for the tech community. Part of Situation Publishing