Turnbull calls for more openness surrounding data breaches

As part of a new culture of 'cyber-openness', the government is calling on the private sector to be more open about data breaches.

The Australian Prime Minister Malcolm Turnbull has called for more communication around computer security breaches, as a method to protect others.

For the government's part, Turnbull owned up to the attack on the Australian Bureau of Meteorology that became public in December, as well as stating the Department of Parliamentary Services suffered a similar attack in the past.

"It's very important that we have a more open culture in this area and we have to lead by example," Turnbull told reporters after launching the government's AU$240 million Cyber Security Strategy today.

"It's only when people acknowledge there has been a breach that we can actually learn from it and everyone can learn from it ... Often this is because of a flaw in a software system that is widely used, and so the more we understand about what has happened in one place enables us to protect the others."

One company praised by Turnbull was Kmart, which experienced a data breach in October last year that saw the personal details of its online customers accessed.

"[I] commend them for acknowledging the breach they suffered. Everybody is vulnerable to this and the truth is that the more open we are, the more we share information about breaches and experiences, and that is why we are establishing the Cyber Security Centre and beefing up the engagement with business -- that's why we are moving it out of the ASIO building as we described earlier so it is a more accessible environment -- all of that will enable us to learn a lot more."

"If we work together, business, individuals, consumers if you like, households, and governments, if we share more, and if the telcos share more too, then as we learn more about the vulnerabilities and the vectors which malicious actors use, then we become more secure and we all learn from each other."

Despite lauding the offensive cyber capabilities available to the Australian government in his speech today, Turnbull would not be drawn on any scenarios in which it would be used.

"The offensive capability that is possessed by the Australian Signal Directorate will only be used in circumstances in conformity with our laws and indeed the international laws and accepted norms applying to that kind of conduct," he told reporters. "But it is important to know, for Australians to know, that we have considerable capabilities in this field -- very considerable capabilities."

The prime minister warned that one of the best tools used by hackers is complacency, and that many threats are internal.

"One of the things that organisations, whether they are governmental or private, have to be very alert to is: Who has administrative privileges, who are the administrators, how much do you know about them, how are those privileges shared?"

During the launch, Turnbull announced the role of Special Adviser on Cyber Security within the Department of Prime Minister and Cabinet would be filled by current e-safety commissioner Alastair MacGibbon. A former Australian Federal Police agent, MacGibbon was appointed as e-safety commissioner in March 2015, and was empowered to investigate and seek to have content removed if it is deemed to be bullying to a specific Australian child.

Along with MacGibbon's new role, Australia is also set to gain a new minister assisting the prime minister on cybersecurity, as well as the newly created role of Cyber Ambassador to liaise between agencies and business, and communicate the strategy internationally. AU$6.7 million has been set aside for the Cyber Ambassador to conduct overseas advocacy.

The government said it will provide grants for 5,000 small businesses to have "certified practitioners" conduct a cybersecurity test.

"I want Australia to lead the world in cybersecurity," Turnbull said. "And we have the brains and the imagination to do so."