Australian Cyber Security Centre will be 95% Defence staffed
In Senate Estimates on Monday, Linda Geddes said that when the Australian Cyber Security Centre is first established, "95 percent of staff will be defence". The acting first assistant secretary for Australia's Cyber Policy and Homeland Security Division additionally said that the people working in the centre will report back to their own departments.
Given the high proportion of Department of Defence (DoD) staff, this would mean that initially, the head of the centre will be a DoD official.
That person appears to be the current head of DoD's Cyber Security Operations Centre (CSOC), with Geddes stating, "in the expansion into the Australian centre, that person will continue to work".
The remaining 5 percent of staff, and any additional non-DoD staff that may join the centre later, will be held accountable to their own departments and agencies.
"Guidance for the centre will be provided by a board of secretaries and agency heads from the range of agencies that are coming together to form the centre," National Security Adviser Margot McCarthy said.
This ensures that organisations such as CERT Australia, which reports to the Attorney-General's Department, will continue to do so, rather than reporting to a different department. However, it also means that no one organisation can be held accountable for any disasters.
When questioned on this apparent gap, McCarthy pointed out that this has always been the circumstance for any collaborative effort made by multiple agencies, pointing to the Counter-Terrorism Control Centre as an example.
In that case, McCarthy said that the government has not created a new agency to administer the various groups that worked together to combat terrorism, nor taken away their existing chain of command.
"They are still responsible to their home agencies, but we are ensuring that they are together in the one place and are able to share information and expertise more efficiently and more effectively."
McCarthy also highlighted a distinction between the current CSOC and the new Cyber Security Centre: greater industry involvement.
She said that the centre is looking at developing a "layered approach" to security classifications, so that industry can be brought into the building and work in partnership with the government.
It will also examine ways of linking systems together to share information.
Questions of when the Cyber Security Centre was proposed were also raised. McCarthy revealed that the idea of co-locating the cybersecurity capabilities of various agencies and departments was first raised in the Cyber White Paper, which has since been abandoned in favour of a digital white paper.