Australia's National Security Strategy? Or Labor's election-year cyber gimmick?

The Australian Cyber Security Centre that was announced yesterday may be useful, but seems more like an election-year gimmick that will tempt governments to increase surveillance and control.
Written by Stilgherrian , Contributor

Play audio version

Prime Minister Julia Gillard has just spent two days of news cycle on Australia's national security, and the message is clear--terrorism was last decade's bogeyman. The PM's speech even had a helpful title: "Australia's national security beyond the 9/11 decade." This decade's bogeyman is something called the "cyber threat," and it's everywhere.

But don't worry, the government is dealing with it.

Yesterday, the PM launched the National Security Strategy, covering everything from the rise of China to money laundering in 44 pages, plus notes and such. Most of it seems to be a restatement of previous policies, or obvious and non-controversial extensions.

The important new thing is that the government will create the Australian Cyber Security Centre: a "world-class facility," according to the PM, that will house the existing Defence Signals Directorate (DSD) Cyber Security Operations Centre, CERT Australia, ASIO's Cyber Espionage Branch, elements of the Australian Federal Police (AFP) High-Tech Crime Operations team, and analysts from the Australian Crime Commission.

This will create "an expanded and more agile response capability to deal with all cyber issues--be they related to government or industry, crime or security," apparently. In other words, they're putting the warrior-geeks from different agencies into the same building so that they'll play nice.

One might have thought that these guys could coordinate their cyber on the internet these days, and putting them all in the one building means the whole lot can be taken out with one cruise missile. But I suppose water cooler conversations can improve inter-agency communication.

The centre will be established by the end of 2013. Presumably, we'll see some money for it in the federal budget in May, and the builders will be supplied with No Doz.

Today, the PM visited DSD, trailed by a gaggle of journalists and TV cameras. Her speech said nothing new. It just repeated a few sound bites about cyber security being a thing now; reminded us that DSD exists and is wonderful, thank you, but it's secret; and included a lame joke about Nigerian princes.

So why did the PM make such a big deal out of telling us that there are bad things on the internet now--who knew?--and announcing a new centre that's little more that a change of address?

A cynic might note that 2013 is an election year and that the Labor Party's reputation on national security isn't that flash. By repeating the "cyber is dangerous!" message, and then announcing something that'll save us, Julia Gillard becomes Queen Boudica, saving us from the cyber-Romans--well, she is Welsh--with the men and women of DSD as a meat backdrop for the TV news.

Whatever the real reason, there's a potential problem with putting agencies with different missions in the one building: scope creep.

National security is about defending the nation against existential threats--wars, the espionage that enables wars, terrorism, and serious and organised crime. To defend against these threats, national security agencies and the military are given extraordinary powers, including covert surveillance, the ability to operate in secret, and sometimes, you know, killing people.

During the War on Terrorism--which soon became the War on Terror--all sorts of things eventually became a kind of terrorism, including eco-terrorism and even economic terrorism. Sorry, but the fear of losing money is not the same as the fear of having your intestines splattered 50 metres down the street when a car bomb explodes.

In this new War on Cyber, we've got similarly slippery language. Yesterday, we had "malicious cyber activity," "cyber incidents," and "potentially devastating cyber-attacks." None of these terms make it cyber-clear how cyber-bad a cyber-incident is before cyber-becomes a national security incident. Sorry, national cyber-security incident.

Now our security agencies would doubtless say that the limits to their powers are clear. But just three months ago in Senate committee discussions of the controversial proposals for data retention by internet service providers, a key definition was anything but clear.

But governments will always be tempted to extend the meaning of "cyber threat" to include threats of a less existential nature so that they can use the stronger powers--and with all the cyber-defenders in the one building, the temptation will surely be stronger.

"We must continue to work closely with industry and international partners to develop a set of global 'norms' for online behaviour," the PM said yesterday. Different online behaviour is now a threat to national security, apparently. And that's just day one.

Editorial standards