Five Eyes on the cyber beat
Australia, Canada, New Zealand, the United Kingdom and the United States have reaffirmed a collective resolve to protect us from cyber criminals.
Home Affairs, Homeland Security, Public Safety and Immigration Ministers from the Five Eyes countries met on the Gold Coast this week to discuss how to better collaborate to meet common security challenges.
‘The increasingly digitised and networked nature of all aspects of our economies and societies means that cyber security and resilience is of the highest priority,’ according to the Official Communique issued after the Five Country Ministerial 2018 meeting.
They reaffirmed that the close and enduring five country partnership, developed following World War II, remains fundamental to our security and prosperity.
This includes improving domestic cyber resilience, and coordinating responses to significant cyber incidents.
Keeping watch together, 24/7
‘The cyber domain is a vector for threats posed by hostile state actors, criminals, terrorist networks and hacktivists,’ the Ministers said.
‘A cyber attack is an attack on our communities and our sovereignty.’
The Five Eyes partners agreed to further strengthen the relationships between their cyber watch units, including the 24/7 global monitoring capability in the Australian Cyber Security Centre that was officially opened in Canberra in August.
These cyber watch offices will contribute to enhanced, shared 24/7 monitoring of and response to hostile cyber activity.
The five countries also committed to work together to protect critical infrastructure and support the development of secure critical infrastructure supply chains.
They will share risk assessments and certification practices on supply chains. This aims to support the continued resilience of cyber networks and prepare for new and emerging technologies.
Shining a light in dark places
Encryption is vital to the digital economy, a secure cyberspace and the protection of personal, commercial and government information.
The five countries have no interest or intention to weaken encryption mechanisms.
‘We recognise, however, that encryption, including end-to-end encryption, is also used in the conduct of terrorist and criminal activities,’ they said.
‘The inability of intelligence and law enforcement agencies to lawfully access encrypted data and communications poses challenges to law enforcement agencies\’ efforts to protect our communities.’
Therefore, they agreed to the urgent need for law enforcement to gain targeted access to data, subject to strict safeguards, legal limitations, and respective domestic consultations.
A new Statement of Principles on Access to Evidence and Encryption sets out a framework for discussions with industry on resolving the challenges to lawful access posed by encryption, while respecting human rights and fundamental freedoms.