The Australian Signals Directorate has lamented a decline in the “frequency and richness” of cyber incident data shared with it by the private sector, underlining – it says – the importance of restoring trusted channels for information exchange.
In a parliamentary submission [pdf], the ASD makes its pitch for a so-called “limited use obligation”, an idea floated in last year’s federal cyber security strategy that could encourage cyber incident disclosure to the ASD and the national cyber security coordinator.
The information would be subject to restrictions, both in terms of who else can see it and in what it can be used for; the idea being that it would not be used against the sharer, such as to impose financial penalties.
In the parliamentary submission, the ASD said it faced “a decline in the quantity and quality of cyber security reporting.”
“Both feedback from industry and ASD’s operational experience bears out a steadily declining willingness to share information in a timely fashion among entities affected by cyber vulnerabilities or attacks,” the directorate wrote.
“ASD has observed a decrease in the frequency and richness of cyber incident reporting from the private sector, particularly critical infrastructure operators.
“This means [both] a decrease in reporting about emerging cyber risks or vulnerabilities, which affects our ability to prevent incidents before they occur or minimise harm in the early stages of an incident; [and] a decrease in technical information, which allows us to understand national cyber threat trends and prevent further incidents.”
The ASD noted that the change was partially driven by growing regulation of industry responses to cyber security, which is driving “a more compliance-based approach from these entities as they assess their reporting requirements against regulatory rules.”