Fredex - Fotolia
The Australian government is charting its next cyber security strategy following an earlier $230m blueprint laid out in 2016 to foster a safer cyber space for Australians.
In a discussion paper on Australia’s 2020 cyber security strategy released today, minister for home affairs Peter Dutton said despite making strong progress against the goals set in 2016, the threat environment has changed significantly.
“We need to adapt our approach to improve the security of business and the community,” he said, noting that cyber security incidents have been estimated to cost Australian businesses up to A$29bn per year, while cyber crime affected nearly one in three Australian adults in 2018.
To shore up Australia’s cyber security resilience, several areas have been thrown up for discussion in the paper.
These include the balance of responsibilities among individuals, businesses and government, which currently has a limited role in protecting a large number of systems critical to Australians’ way of life – one where individuals shoulder a significant portion of cyber risk.
In addition, the government is seeking feedback about whether its approach to cyber security legislation needs to change as the risks from malicious cyber activity increase.
“Both stronger enforcement of existing laws and new requirements could be considered,” it said. “If change is needed, government would favour the option that delivers the largest long-term benefits for society while minimising any upfront costs for industry.”
Read more about cyber security in Australia
- Australian enterprises are navigating “a train-smash” of legislation and regulations on cyber security.
- Australia’s data breach notification rules have largely been complied with, but some quarters are calling for more clarity on the reporting threshold and tougher action against errant firms.
- A report suggesting Australian firms are experiencing fewer cyber incidents has left its co-author perplexed with the findings.
- Akamai will open its second Australian traffic scrubbing centre in response to rising demand from local enterprises grappling with distributed denial of service attacks.
To plug Australia’s cyber security skills gap and to promote a trusted market for security products and services, the government is also welcoming views on how government and the private sector can build a market of high-quality security professionals and instil greater trust in ICT supply chains.
Acknowledging that networks can never be totally secure, the government said more measures can be taken to make them harder to exploit. These could be gathering information on threat actors targeting Australia, sharing advice on hostile activity between entities involved in defending networks, or blocking known malicious actors.
Although Australia already works closely with international partners and industry to share threat intelligence and build support for cyber rules and norms, more of such partnerships are needed to counter the most sophisticated and dangerous threats to the nation.
Aidan Tudehope, managing director of Macquarie Government, welcomed the discussion paper, noting that it not only acknowledges the evolving threats facing Australia, but also the increasing importance of technology and cyber security in driving the country’s economy.
“I believe some of the most critical areas to address are our sovereign capabilities and skills in cyber security and IT generally, which can help us hold our ground and ultimately win the war on cyber crime,” said Tudehope. “These skills can’t be offshored, particularly when state actors play an ever-increasing role in cyber crime.”
Tudehope said it is also crucial that government, at all levels, are exemplars in how they bake in cyber security to everything they do.
“Innovation without the strongest cyber security underpinnings are a train crash waiting to happen,” he said. “Government needs to know where citizen data resides and whether 24x7 global support models mean unknown individuals have privileged access to government systems.”