Information technology security measures
2023-2030 Australian Cyber Security Strategy: discussion paper
This discussion paper has been released to seek public and industry feedback to enhance the development of the Australian government's 2023-2030 Australian Cyber Security Strategy.
Cyber Security NSW: governance, roles, and responsibilities
This audit assesses the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency.
Cyber threat report: UK charity sector
The purpose of this report is to help charities in the United Kingdom understand current cyber security threats, the extent to which the sector is affected and whether it is being targeted, and where charities can go for help.
State-sponsored economic cyber-espionage for commercial purposes
This paper examines the current state practice of cyber-enabled theft of intellectual property (or economic cyber-espionage) for commercial purposes. In 2015, the members of the G20 agreed that no state should engage in or support that practice.
Charting the course to tomorrow’s trusted digital services
This report focuses on how leaders in Australia are adapting their approach to delivering services effectively and efficiently, in a fashion that leverages digital technology and builds public trust. The report draws on the findings of an expert roundtable with senior leaders from a variety...
Digital lives of Australians 2022
This report is the second in an ongoing longitudinal study by auDA. The study provides an in-depth exploration into the online experiences of Australians to understand what they value, their most significant challenges and identify opportunities that will support improvements in online outcomes for Australians.
State-sponsored economic cyberespionage and the risk to nations’ prosperity
In this briefing note, the authors conclude that the threat of state-sponsored economic cyber-espionage is more significant than ever, with countries industrialising their cyber-espionage efforts to target commercial firms and universities on a grand scale.
Security of the Domain Name System (DNS): an introduction for policy makers
The Domain Name System (DNS) underpins the very functioning of the Internet and today’s global economy. This report focuses on DNS security - the area of cybersecurity that covers incidents disrupting the availability, integrity and confidentiality of parts of the DNS ecosystem.
Hard choices in a ransomware attack
Falling victim to a ransomware attack is a shocking moment. This report puts the reader in the shoes of a victim, as they make difficult decisions in the ensuing days, and draws lessons for industry and policy-makers trying to grapple with this policy challenge.
Upskilling and expanding the Australian cyber security workforce
This report tracks and analyses the emerging cyber security needs of Australian firms, paying particular attention to the skills and capabilities of the workers already employed in this crucial sector, and the increasing demand for their work.
Will AI make cyber swords or shields?
Funding and priorities for technology development today determine the terrain for digital battles tomorrow, and they provide the arsenals for both attackers and defenders. This report provides three examples showing that, while the future of technology is impossible to predict with certainty, there is enough...
Digital skills and cyber security. How do we secure our future?
This report identifies where the current digital skills gaps and shortages are in the Victorian labour market and how they can be be addressed to minimalise the impact of future challenges.
The first space-cyber war and the need for new regimes and policies
This policy brief makes the case that states should adopt national policies to defend against threats to space-based assets and applications, such as communications satellites, that are both vital to national security and economic security and increasingly vulnerable to cyberattacks.
Administration of the Revised Protective Security Policy Framework
In response to recommendations in the 2015 Independent Review of Whole-of-Government Internal Regulation (Belcher Red Tape Review), to reduce compliance burden and to support entities to better engage with risk, the Attorney-General introduced a revised Protective Security Policy Framework (PSPF) on 1 October 2018. The...
Building genuine trust: a framework and strategy for Indigenous STEM and cyber pathways
The authors of this paper propose that the Australian Defence organisation should enact a wider set of supporting measures—particularly in data and reporting to track professional development—that’s more likely to create more sustainable success that delivers organisational improvements and outcomes for Indigenous staff recruitment and...
Many hands in the cookie jar
This study, conducted from March to November 2021, examines prior examples of state-sponsored cyber espionage to see what forms of response the U.S. government considered, what actions it took, and whether those actions changed adversary behaviour or affected other actors’ behaviour.
UK, Australia and ASEAN cooperation for safer seas
A safe and secure Indo-Pacific maritime domain is vital to the UK, Australia and Southeast Asian states for their national prosperity. This report recommends UK–Australia–ASEAN cooperation to elevate and further explore the cyber–maritime security nexus.
Understanding global disinformation and information operations
ASPI’s International Cyber Policy Centre has launched the Understanding Global Disinformation and Information Operations website, alongside this companion paper. The site provides a visual breakdown of the publicly-available data from state-linked information operations on social media.
The two technospheres
The divergence of the Western and Chinese technospheres is a critical driver of cybersecurity concerns requiring the attention of both governments and the private sector around the world. This report provides a set of recommendations for action to mitigate the growing cybersecurity risks posed by...
WhatsApp in government: how ministers and officials should use messaging apps – and how they shouldn’t
This report looks at the increasing use of WhatsApp and other messaging apps in government, and their associated risks and benefits. These apps are useful but need to be used carefully to ensure the downsides – including a lack of transparency, poor communication and poor...
The UN norms of responsible state behaviour in cyberspace
This report, produced by APSI in partnership with Australia’s Cyber and Critical Technology Cooperation Program and the UK Foreign, Commonwealth and Development Office, is the result of a multi-year cyber-capacity building program focused on supporting the effective implementation of UN norms throughout ASEAN.
Digital Southeast Asia
This report recommends Australia and India leverage their bilateral partnership in cyber and critical technologies to support inclusive digital development in Southeast Asia, and strengthen the foundations of Southeast Asia’s digital economy.
The Internet of Things: China’s rise and Australia’s choices
The Internet of Things (IoT) is connecting a growing range of economic and social activity across national borders. This trend threatens to disadvantage Australia and requires policies to build up the country’s own technological capacities, while devising innovative ways to manage the risks entailed in...
Digital lives of Australians 2021
Researchers sought feedback from more than 1,500 Australian consumers and more than 400 small business owners about their online needs and challenges. The research found that most consumers feel that the Internet has a positive impact on their lives. However, the research also found consumers...
Digital technology in the not-for-profit sector: November 2021
The ongoing disruptions to the way we work posed by COVID-19 have emphasised how important it is for not-for-profits to have efficient and reliable technology in place. This report aims to recognise where areas of growth and improvement are needed across the sector, so that...