​Cybercrime: Understanding the Threat - Delivering a Response

The AFP's Commander David McLean is the Manager Cyber within the Australian Federal Police Organised Crime and Cyber portfolio. He started his presentation at Oceania CACS conference defining the adversaries as issue-focussed groups or hacktivists, nation state actors and organised criminals.

The threat environment, he says, is focussed on several key intrusions and attacks including the use of remote access tools, altering holes, malware, ransomware, DDoS and hacktivism.

He says the outlook is focused on increasing numbers, sophistication, specialisation, commercialisation and the destructive capability of attacks.

The government's response, he says, has resulted in the establishment of the ACSC, the Australian Cyber Security Centre, with the closer working of the AFP with other agencies. While some moves were made for agencies to work more closely over a decade ago this was, McLean says, ahead of its time.

Although that initiative was replaced with a more agency-based response methodology, it has since been brought back through the ACSC. There is also increased liaison and cooperation with international agencies, in particular with the United States and United Kingdom, as well as working more closely with Australian state-based law enforcement agencies.

On local cooperation with state-based police forces, McLean says there's no central environment for bringing together the different agencies. This makes it challenging to manage some incidents. However, a national law enforcement strategy was minted in 2013 but that needs to be reviewed in light of the more recently released national cybersecurity strategy.

The AFP's focus is on serious, organised criminality McLean says. "If it's not serious or organised, we're not doing it".

One of the challenges, says McLean, is finding appropriate training for law enforcement personnel. This is complex because there are around 60,000 police officers nationally. And while cybercrime professionals are well trained, there's a need to increase the base level of understanding for officers with a broad level of computer and cybercrime literacy.

He says there's no cohesive understanding of what constitute cybercrime in Australia. For example, while the theft of an iPad is unfortunate, he says, it's not cybercrime.

McLean says there's a strong will to get this right, with a new training program being designed and rolled out to officers. Also, he says there is a great deal of technical expertise within the AFP but they are currently working in different roles. By giving them opportunities in dealing with cybercrime, he feels he could reinvigorate their careers. This is important as the AFP is not able to pay commercial pay rates so creating exciting opportunities within the agency is critical for retaining skills.

The government's cybersecurity strategy has put cybersecurity on the national agenda with promises of funding, a new headquarters and resources for improving the country's cyber-threat response capability.

How all this will all come together is not completely clear, McLean says. But he is confident the right building blocks are being assembled, particularly when it comes to building the skills so we become a cyber smart nation.

McLean says the FP's aim is not to be the biggest cybercrime agency in the world. But he aspires to be a highly competent and motivated agency.