No extra funding will be provided to the federal government’s new National Office for Cyber Security, which will also only have five full-time employees.
Earlier this year, following a spate of significant and damaging data breaches impacting some of Australia’s biggest companies, the federal government announced it would be stumping up a new national cyber office to be led by a cyber security coordinator.
This office will sit within the Department of Home Affairs, and will provide the “spine and strategy” to the government’s response to cyber security attacks.
It was revealed this week in response to Senate Estimates questions on notice that this new office will not be provided with any additional funding, and that it will have five full-time staff members allocated to it.
The office will have the ability to access at least 50 full-time employees across Home Affairs if needed in the event of a “significant incident”.
The office will be up and running from the start of May at the latest, and a recruitment process is currently underway to identify and appoint a coordinator to lead the office.
The coordinator will be at the substantive SES Band 3 level, and is being advertised via Australian Public Service (APS) jobs.
The coordinator will report directly to the Secretary of Home Affairs, but will also have “direct engagement” with the Minister for Home Affairs.
In response to further questions, the government also provided more detail on how the new office will interact with the Australian Cyber Security Centre and the Australian Signals Directorate (ASD).
“The National Office for Cyber Security will not have formal reporting arrangements with ASD except for the seconded officers from ASD who will have reporting obligations to ASD,” the government said.
“However, the National Cyber Security Coordinator and the National Office for Cyber Security will regularly engage with ASD including formalised engagement through operational protocols that will outline roles and responsibilities, including during cyber incidents.”
It was also clarified that the new office will not be replacing the Cyber and Infrastructure Security Centre, which was launched in late 2021 by the former Coalition government.
The new office will guide the development of an emergency response plan, and will play a central role in responding to any future cyber attacks impacting Australia.
It will provide “strategy and structure and spine” and help to manage cyber incidents in a proper and seamless way.
It was announced by the government in February in the wake of the significant cyber attacks on Optus and Medibank, which impacted tens of millions of Australians.
Latitude Financial last month became the latest local company to be hit by a cyber attack, with the personal information including passport numbers and Medicare numbers of millions of Australians and New Zealanders caught up.
The Labor government is also in the process of consulting on a new seven-year cyber security strategy which will replace the former Coalition government’s strategy.
A government-appointed expert advisory group has proposed a number of reforms to the country’s “patchwork” cyber policies, including an expansion of the critical infrastructure regime and the introduction of a Cyber Security Act.
The federal government is also currently conducting a series of cyber war games with Australian critical infrastructure operators in order to test their responses to potentially devastating cyber attacks.