The Australian Signals Directorate is seeking to augment its information security capabilities, including recruiting an executive-level “investigations technologist” to lead remediation and mitigation efforts in the wake of attacks on government systems and other systems deemed to be of national importance.
In total, the ASD is aiming to fill four executive-level positions in its cyber security branch. In addition to an investigations technologist, the agency is looking for a malware analyst and a vulnerability researcher.
The organisation also has an opening for an executive to take the lead on assessing the security threats posted by emerging technologies. (The most recent version of the government’s Information Security Manual, which is maintained by the ASD, outlined several measures to counter the impending security threat posed by quantum computing.)
The independent review of the Australian Intelligence Community, completed earlier this year, recommended that the ASD’s legislative mandate be amended to explicitly recognise the organisation’s national responsibilities for cyber security, including the provision of advice to the private sector, and that it take formal responsibility for the Australian Cyber Security Centre.
“Broadening ASD’s mandate recognises the increasing difficulty of delineating state and non-state actors in cyberspace as well as the need to be able to shift scarce operational cyber resources to areas of greatest need,” stated the unclassified version of the review, which was released by the government in July.
In June, Canberra announced that the ASD had been cleared to use its offensive cyber capabilities to target “organised offshore cyber criminal networks”.
The government last year first confirmed that the ASD housed an “offensive cyber capability” that can be drawn upon when responding to attacks on the Australia’s networks. The government also confirmed that the Bureau of Meteorology had been the subject of a “significant cyber intrusion”.
The intelligence community review, led by Michael L’Estrange and Stephen Merchant, also made a number of other recommendations with regards to the ASD, including the organisation’s transformation into a statutory authority.
Currently the ASD sits within the Department of Defence, with its director reporting to the defence minister through a deputy secretary and the secretary of the department.
The review argued that the ASD should be given more autonomy within the Defence portfolio by transforming it into a statutory authority, with the head of the organisation appointed at a level of seniority equivalent to the directors-general of ASIO and the Australian Secret Intelligence Service (ASIS).
“In our view, ASD will be better placed if it remains in the Defence portfolio but if it is in a position to operate with greater independence from the Department’s requirements, especially those in relation to its capacity to recruit, retain, train, develop and remunerate its specialist staff,” the review stated.
The government has accepted the recommendation.
Earlier this year the ASD launched a campaign to bolster its ranks of software developers including experts in C, Java and assembly programming, OS programming, software analysis and optimisation, and understanding of big data technologies.
Applications for the ASD cyber security positions can be lodged online until 12 September.