Dreyfus given direct responsibility for cybercrime after Optus hack

The Albanese government has quietly added cybercrime to Attorney-General Mark Dreyfus’ list of responsibilities, weeks after the Optus data breach exposed the personal information of close to 10 million Australians.

The move confirms that Cybersecurity Minister Clare O’Neil is not directly responsible for fighting cybercrime, though she has retained responsibility for cyber policy co-ordination within her Home Affairs Department.

Attorney-General Mark Dreyfus has added cybercrime to his list of responsibilities.Credit:Alex Ellinghausen

The change was documented on October 13 in a change to the Administrative Arrangements Orders, which set out what policies and laws ministers are responsible for, and signed off by Governor-General David Hurley.

In practice Dreyfus has had responsibility for cybercrime since July 1, when the Australian Federal Police (AFP) – which fights cybercrime in Australia – moved from O’Neil’s portfolio to Dreyfus’, along with other agencies including AUSTRAC, in a move that increased the power and responsibilities of the attorney-general’s portfolio.

Shadow minister for cybersecurity James Paterson said Prime Minister Anthony Albanese had made O’Neil “cybersecurity minister to much fanfare in June, and said before the election ‘cybersecurity needs to be someone’s day job, not the last item on another minister’s to-do list’.”

“But five months after the election and three weeks after the Optus breach he’s stripped his cyber minister of responsibility for cybercrime,” he said.

“Now that it is the last item on Mark Dreyfus’ long to-do list, it’s clear this is either a vote of no confidence in Minister O’Neil or an embarrassing oversight. No wonder the government has been so flat-footed in response to Australia’s largest-ever data breach.”

Optus has been criticised by the federal government over its handling of the data breach and promised to pay for customers’ passports to be replaced. It is also facing a class-action claim over the data breach.

Marcus Thompson – a former head of information warfare for the Australian Defence Force who is now a director at cybersecurity firms Penten and Paraflare – said the federal government should consider centralising responsibility in one portfolio.

He said this made sense because Home Affairs was responsible for policy, the attorney-general’s department was responsible for cybercrime and the Australian Cyber Security Centre sat under Defence.

“It might be time to reconsider how we organise these capabilities across government, there are models that could be explored here – particularly the United States model, which has one agency dedicated to cybercrime and another dedicated to war-fighting capability,” he said.

“As a nation we just do not have the depth of workforce, the high-end skills, to disaggregate our high-end cyber capabilities across multiple agencies and organisations.”

Alastair MacGibbon, the former head of the Australian Cyber Security Centre and now chief strategy officer at security firm CyberX, said it made sense for cybercrime to be formally confirmed as part of Dreyfus’ portfolio, given it was the AFP that undertook much of this work.

“What is the working relationship like between AFP, the Cyber Security Centre and Home Affairs and [Australian Signals Directorate]? The answer is close, so it really doesn’t matter where the responsibility sits and from an actual ‘doing it’ point of view, it should not be a ripple on the water.”

The prime minister’s office has been contacted for comment.

Cut through the noise of federal politics with news, views and expert analysis from Jacqueline Maley. Subscribers can sign up to our weekly Inside Politics newsletter here.

Most Viewed in Politics

From our partners

Source: Read Full Article