100% de satisfacción garantizada Inmediatamente disponible después del pago Tanto en línea como en PDF No estas atado a nada
logo-home
Summary Organising Cyber Security in Australia and Beyond $5.49   Añadir al carrito

Resumen

Summary Organising Cyber Security in Australia and Beyond

 4 vistas  0 veces vendidas
  • Grado
  • Institución

Introduction2 Cyber security presents many challenges, including how to organise collective action against cyber attacks and malicious activities. This is a serious problem for Australia, as it is for most countries that are grappling with the promise and peril of networked information technolo...

[Mostrar más]

Vista previa 3 fuera de 29  páginas

  • 6 de mayo de 2022
  • 29
  • 2021/2022
  • Resumen
  • Desconocido
avatar-seller
Accepted manuscript for Australian Journal of International Affairs (2017)
Published version available at: https://www.tandfonline.com/doi/full/10.1080/10357718.2017.1320972

UNIT 11-CYBER SECURITY
Organising Cyber Security in Australia and Beyond


Frank Smith and Graham Ingram1


Abstract
The Internet is an interconnected network and cyber security requires collective action. How
that action is organised has important implications for national security, including the defence
against cyber attacks and malicious activities. This article explains the origins and
institutionalisation of cyber security in Australia – particularly “civilian cyber security.” We
trace the origin of Australia’s first Computer Emergency Response Team and explain how this
organisational form spread from the United States. Through it, Australia helped enable
international cooperation. Domestically, however, we argue that the Australian government
has struggled with the delegation, orchestration, and abdication of responsibility for civilian
cyber security, underinvesting in civilian organisations while over relying on military and
intelligence agencies. The history of this organisational field provides valuable insight into how
to improve national policy and operations for cyber security.




Introduction2

Cyber security presents many challenges, including how to organise collective action

against cyber attacks and malicious activities. This is a serious problem for Australia, as it is

for most countries that are grappling with the promise and peril of networked information

technology. Now decades old, the Internet and cyber attacks have become so common that

we may take them for granted. However, cyberspace and threats therein were once new, and

within living memory. During the 1980s and 1990s, the public and private sectors started

creating new organisations to address previously unimagined threats.

How were cyber threats initially interpreted, and what models or norms for defence

against them emerged in response? To what extent did early decisions about the organisation

of cyber security subsequently enable or constrain international cooperation? Similarly, how

did national policy and operations evolve over time, especially in light of the government’s

traditional roles and responsibilities for national security?

This article helps answer these questions by explaining the origins and

institutionalisation of civilian cyber security in Australia. It is a significant case. First and


DRAFT MANUSCRIPT

,Accepted manuscript for Australian Journal of International Affairs (2017)
Published version available at: https://www.tandfonline.com/doi/full/10.1080/10357718.2017.1320972


foremost, most of “cyber security” is “civilian cyber security.” Most of cyberspace is

connected through the Internet, and most Internet users are civilians. Most Internet

infrastructure is now built, owned, and operated by civilians. The same is true for most of the

information technology used in other kinds of critical infrastructure (ranging from the

electrical grid and financial services to telecommunications, transportation, and healthcare).

Military and intelligence agencies play a role, but even they rely on much of the same

hardware, software, and network infrastructure as civilian agencies and the private sector.3 As

a result, the civilian side of securing the confidentiality, integrity, and availability of this

technology – for individuals and organisations in the public and private sector – is central to

what cyber security actually means in practice.

Australia is significant as well. As we document, Australians were a notable source of

early hacking: the response to which helped shape some of the world’s first organisations for

civilian cyber security. Australia also helped catalyse information sharing among its “Five

Eyes” alliance partners (i.e., the United States, United Kingdom, Canada, and New Zealand),

and it helped organise cyber incident response across the Asia Pacific (i.e., where most of the

world’s Internet users live today). Now, according to Prime Minister Malcolm Turnbull,

“improvements to cyber incident response are on our minds in Australia, thanks to a denial of

service incident on our national Census night” (Turnbull 2016). Our study provides new

evidence about evolution of national policy and operations, which hopefully can help

improve the organisation and practice of cyber security in Australia and abroad.

Our evidence is drawn from a unique combination of scholarly research and first-hand

experience. This experience includes work in the Australian government on critical

infrastructure protection and information security during the 1990s, followed by work in the

private sector on cyber security during the 2000s and 2010s. To add perspective, we

performed more than a dozen semi-structured interviews with practitioners and policymakers



DRAFT MANUSCRIPT

, Accepted manuscript for Australian Journal of International Affairs (2017)
Published version available at: https://www.tandfonline.com/doi/full/10.1080/10357718.2017.1320972


in the United States and Australia. These interviews were coupled with other primary sources

and archival research.4 The result is a rich analysis of a largely untold history.

First, we trace the origins of Australia’s Computer Emergency Response Team

(AusCERT). Not only was this non-governmental organisation the first in the country

dedicated to civilian cyber security; it also served as Australia’s national incident response

team for more than 15 years (e.g., helping share information, mitigate vulnerabilities, limit

damage, communicate risk, and attribute attacks or malicious activities to their source).

Australia adopted this organisational form from the United States because imitating the US

was seen as legitimate and appropriate (e.g., DiMaggio and Powell 1983; March and Olsen

1998). Second, we show how Australia influenced international cooperation, both through the

Five Eyes in preparation for Y2K and through the CERT system in the Asia Pacific. Third,

despite some successes, we argue that Australia has long struggled with the domestic division

of labour in this field. The Australian government delegated and orchestrated parts of civilian

cyber security through AusCERT during the 1990s and 2000s, forming variants of a “public-

private partnership” (e.g., Dunn-Cavelty and Suter 2009; Carr 2016). However, the

government also abdicated or neglected aspects of its responsibility to supply cyber security

as a public good and service.

Some of these outcomes were deliberate decisions. Others were due to a lack of

interest or expertise. All of them could have been different. We argue that this history helps

account for persistent policy problems, including the lack of government leadership and

funding for civilian cyber security, as well as overreliance on military and intelligence

agencies. This story is not unique to Australia. Therefore, our findings highlight several

important barriers and opportunities for improving national and international cyber security

in the years ahead.




DRAFT MANUSCRIPT

Los beneficios de comprar resúmenes en Stuvia estan en línea:

Garantiza la calidad de los comentarios

Garantiza la calidad de los comentarios

Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!

Compra fácil y rápido

Compra fácil y rápido

Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.

Enfócate en lo más importante

Enfócate en lo más importante

Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable. Así llegas a la conclusión rapidamente!

Preguntas frecuentes

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

100% de satisfacción garantizada: ¿Cómo funciona?

Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.

Who am I buying this summary from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller SIRTHEA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy this summary for $5.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

45,681 summaries were sold in the last 30 days

Founded in 2010, the go-to place to buy summaries for 14 years now

Empieza a vender
$5.49
  • (0)
  Añadir