Australian industry panel calls for ‘clear consequences’ of cyber attacks
A government-appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy
An industry panel appointed by the Australian government to provide inputs on the country’s 2020 cyber security strategy has called for clear consequences for cyber attacks targeted at Australia, among other recommendations.
In its report, the panel said doing so would deter malicious actors from targeting Australia and that a key priority is increasing transparency on the government’s investigative activity with more frequent attribution and consequences applied where appropriate.
Other deterrence measures include strengthening the Australian Cyber Security Centre’s ability to disrupt cyber criminals by targeting the proceeds of cyber crime derived domestically and internationally.
In June 2019, Australian prime minister Scott Morrison revealed that the country’s critical national infrastructure (CNI) was being subjected to frequent cyber attacks by allegedly nation-state actors. Less than a month later, the government said it was making its largest ever investment of A$1.35bn in cyber security over the next decade.
To prevent more attacks on CNI and other systems, the panel recommended initiatives to make businesses and citizens in Australia harder to compromise online. This includes a clear definition for CNI systems of national significance with a view to capturing all essential services and functions in the public and private sectors.
Regulatory requirements should also be implemented to provide reasonable protection against cyber threats for owners and CNI systems, along with measures to build trust in technology markets through transparency such as product labelling.
Building resilience, including development of proactive mitigation strategies and strengthening incident response and victim support options, is another key recommendation from the panel.
“Speed is key when it comes to recovering from cyber incidents and government should hold regular large scale and cross-sectoral cyber security incident response exercises to improve the readiness of interdependent critical infrastructure providers and government agencies,” the panel said in a report.
Among its 60 recommendations, which include investments in skills training, the panel recommended that threats to critical infrastructure, digital supply chains and systems of national significance should be addressed first. State, territory and local governments should also be considered key implementation partners for all elements of the cyber security strategy.
Andy Penn, CEO and managing director at Telstra and chair of the panel, said the current period of working and studying from home and the accelerated trend to a digital economy are exposing Australia to a more vulnerable threat environment.
“We are seeing increased levels of malicious cyber activity both state-based and criminal. Successfully meeting this challenge requires upgrading Australia’s cyber defences to be strong, adaptive and built around a strategic framework that is coordinated, integrated and capable.
“The 2020 cyber security strategy has an opportunity to be all of those things and provide an enormous – and never more important – contribution to a safer, more prosperous Australia,” he added.
Read more about cyber security in Australia
- Australian organisations can address data protection challenges by creating roles such as a data governance lead, classifying data and improving employee awareness of cyber hygiene.
- About four in 10 employees are sharing inappropriate data across mobile devices and half of all security incidents in 2019 occurred through inappropriate IT use, new study finds.
- VMware’s Carbon Black is planning to open a new datacentre in Australia in the first half of 2020 to support local firms bounded by regulatory and data residency requirements.
- Australia’s Royal Melbourne Institute of Technology has teamed up with Amazon Web Services to launch a Cloud Innovation Centre to solve cyber security challenges.