CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment 47
4. Australia
Australia’s cyber-security strategies have concen-
trated on national security, commercial cyber secu-
rity, the industrial base for sovereign capability,
workforce development and good international
citizenship. The Australian Signals Directorate, the
country’s principal cyber-related agency, remains
the most inuential in national policymaking. The
country is still developing its military cyber strat-
egies and policies after seing up an Information
Warfare Division in 2017. Australia can boast some
research and industry credentials in the eld of
information and communications technology and
cyber security, but these are growing from a low
base. In part because of its 70-year membership of
the Five Eyes intelligence alliance, Australia has
more mature cyber capabilities than its modest
defence and intelligence budgets might suggest. It
is active in global diplomacy for cyber norms and
cyber capacity-building. In 2016 it acknowledged for
the rst time that it possessed oensive cyber capa-
bilities – examples of their use against the Islamic
State (also known as ISIS or ISIL) were subsequently
put into the public domain. Australia has actively
supported the United States-led Cyber Deterrence
Initiative, which aims to use cyber means to coun-
ter the malign cyber activity of other states. For
Australia to become a more eective cyber power, it
will need to make dramatically greater investments
in cyber-related tertiary education and carve out a
more viable sovereign cyber capability.
List of acronyms
ACSC Australian Cyber Security Centre
ADF Australian Defence Force
ASD Australian Signals Directorate
ASIO Australian Security Intelligence Organisation
DSCC Defence Signals Intelligence and Cyber Command
ICT information and communications technology
IWD Information Warfare Division
Strategy and doctrine
Australia’s rst Cyber Security Strategy, released in
2009,
1
was the result of a review of ‘e-security’ the pre-
vious year. It had two main initiatives: to create an o-
cial national Computer Emergency Response Team to
complement or supersede the one that had been operat-
ing since 1994, which was based in a university;
2
and to
establish a national Cyber Security Operations Centre.
But the document consisted largely of rhetorical poli-
cies – laudable intentions around topics such as shared
governmental and private-sector responsibility, facing
the increasing threats, protecting Australian values,
identity protection, expanding and upskilling the cyber
workforce, and enhancing international collaboration.
It did not propose signicant new investments in sup-
port of its rhetorical commitments, except in the area of
national security.
In April 2016 the government launched a new Cyber
Security Strategy.
3
Subtitled ‘Enabling Innovation,
Growth and Prosperity’, the plan was as much about
beer exploiting the economic opportunities of the
information age as it was about security. The security-
related themes were familiar from the existing strategy
