Telstra's former CISO wants ASD to be a leading light for private enterprise
Cybersecurity advisor Mike Burgess has called on the Australian government to loosen the reins on the Australian Signals Directorate (ASD) and allow the country's intelligence agency to extend its mandate beyond government.
Speaking at the Emerging Cyber Threats Summit in Sydney on Wednesday, Burgess expressed his desire to have the ASD also lead the charge on influencing and giving advice to the private sector.
"The ASD is uniquely placed in its role, its capabilities, and its investment in its capabilities to continue to give and provide world class advice to the private sector," Burgess said.
"ASD needs to be given its voice from the basement to the boardroom and it needs to do that for the private sector.
"ASD should not simply be seen as an intelligence and security agency that sets government information security policy."
According to Burgess, the intelligence agency possesses unique capabilities that would allow it to lead the private sector in a superior manner and said allowing it to do so probably doesn't even require a legal change.
"Others in government might find it a criticism of them and yes it is, because no disrespect, but they don't have the size, capacity, the critical mass, and they're not best placed to give advice," he said.
Pointing to the ASD's Essential Eight strategies to mitigate cyber security incidents, Burgess said that if the WannaCry ransomware had hit Australia as hard as it did other countries, the agency's advice would have "seen anyone through it".
"All I'm asking is they're allowed to do that, or encouraged to do that, because speaking from experience, when you have the privilege of working in an intelligence security agency, it's a bit easy to get excited about working on the intelligence side, not a criticism, other than I think they're the best people to lead."
Burgess hung up his boots at Telstra in November last year, after spending almost four years with the telco as its chief information security officer. Prior to his tenure at Telstra, Burgess was the deputy director of cyber and information security at the ASD.
In addition to allowing the ASD to offer its support and guidance to the private sector, Burgess said he wants to see the agency -- and as a result, the government -- open up its knowledge on the threat landscape.
"When an agency, or a law enforcement agency, has some super secret technique that allows it to get intelligence for the purpose of doing law enforcement or producing intelligence, I hope the right person, in government, has done the assessment on the potential downside for the broader risk to Australia and its national interests," he said.
"Who's thought about the broader impact? Because if we found it, someone else can. And if someone else has found it, they can use it against you."