Australian Federal Police restructures in response to cybercrime

The Australian Federal Police (AFP) announced a new structure to better respond to complex cybercrime and other tech-enabled criminality. The AFP will now have four deputy commissioners under the new structure to help Commissioner Reece Kershaw as AFP’s remit continues to increase. The four appointees are: Deputy Commissioner, National Security, Ian McCartney; Acting Deputy Commissioner, Crime, Grant Nicholls; ACT Policing Chief Police Officer Neil Gaughan; and Deputy Commissioner International and Specialist Capabilities Command Lesa Gale, who is the second woman in the AFP to be promoted to deputy commissioner.

Nicholls will be responsible for developing and managing the AFP’s crime and cyber strategies and related policy issues.

“Comprehensive legislative frameworks, including a number of national security laws passed since 2001, have cemented the AFP’s responsibility to keep Australians safe and protect Australia’s way of life,” Kershaw said in a statement. “Crime and national security responsibilities have been split to reflect the growing criminal threat, which has been exacerbated by geopolitics and COVID 19.” He added that the AFP will continue to leverage international law enforcement partnerships to help stop crime before it reaches Australia.

Further to the deputy commissioner’s announcement, Assistant Commissioner Scott Lee, formerly the assistant commissioner for counter terrorism and special investigations command, is now leading Cyber Command.

The AFP Cyber Command was established in January 2022 using the Government’s investment of $89.9 million via Australia’s Cyber Security Strategy 2020. Cyber Command leads the AFP’s response to cybercrime including the Joint Police Cyber Coordination Centre (JPC3), a spokesperson told CSO. AFP Cyber Command focus on all areas around identifying risks, prosecuting perpetrators and work with domestic and international law enforcement to prevent cybercrimes.

Cybercrime in Australia

The AFP said cybercrime is becoming an entrenched and growing threat, with vectors throughout the world targeting Australian governments, businesses, academia, financial institutions, critical infrastructure, and citizens.

A threat advisory by Radware just revealed several Muslim hacktivist groups joined hacktivist crews Team insane pk, Eagle Cyber, and Mysterious Team during a denial-of-service and website defacement campaign targeting Australian government and businesses. The attack was in retaliation after Australian fashion label Not A Man’s Dream caused a shock wave across the Muslim community by featuring models wearing designs with the word “Allah” in Arabic inscribed across the fabric. Targeted websites included Police Health, a private health insurance for police officers.

In recent weeks new data breaches were revealed including Latitude Financial, from where personal information of around 330,000 people was stolen. The financial services company offers loans, insurance, and credit cards with major national retailers.

Medical research institute QIMR Berghofer suffered a data breached as revealed by the ABC. Details of 1,000 people are feared to have been accessed after criminals breached the institute’s servers.

The Australian government put out a discussion paper in late February seeking input that will help in the development of a new cyber strategy. This includes considering that Australia develops a Cyber Security Act and whether further reform to the Security of Critical Infrastructure Act is needed.

The paper also asks if the government should prohibit the payment of ransoms and extortion demands and what can the Federal government do to support Australia’s cybersecurity workforce through education, immigration, and accreditation, among other considerations.