deepagopi2011 - Fotolia
Australia has adopted a new cyber security strategy, backed by a government pledge to invest A$230m over the next four years, which will include beefing up its computer emergency response team (Cert), the first responder for major incidents.
“There is no infrastructure more important to our future prosperity than an open, free and secure internet,” said prime minister Malcolm Turnbull, while acknowledging the nation was facing more severe and frequent threats to that security. “We cannot allow cyber space to become a lawless domain,” he added.
In total, 33 new initiatives have been announced, including the appointment of a cyber ambassador, charged with liaising with other nations over cyber security, and the creation of voluntary cyber health checks for the 100 largest listed enterprises in Australia.
The strategy is intended to complement the cyber security elements of the recently released Defence Whitepaper, which allocated A$400m over 10 years to lift the nation’s cyber and intelligence capabilities.
Adding to GDP
At stake is the much vaunted “innovation nation”, the centrepiece of the current Turnbull administration. The security report noted the internet-based economy could contribute as much as A$139bn to Australia’s economy by 2020, or 7.3% of gross domestic product (GDP).
However, it also referenced analysis that suggested as much as 1% of GDP could be lost through cyber crime.
The report focused on encouraging best practice among private companies rather than mandating it, and recommended private enterprises engage in “self-regulation and voluntary guidelines” based around the recommendations of the Australian Signals Directorate Strategy.
Meanwhile, the top 100 listed companies were encouraged to participate in voluntary cyber health checks that might identify problems to management, borrowing from a similar approach taken in the UK.
BDO risk advisory partner Leon Fouche broadly welcomed the new strategy, but noted that it was not just the largest companies at risk of attack.
“The strategy’s recommendation of voluntary governance health checks for ASX 100 (one of the world’s leading financial market exchanges) organisations certainly highlights the particular risks faced by these high-profile organisations,” said Fouche.
“However, private, small and mid-sized companies make up the vast majority of the business community and can be just as vulnerable to attack, especially those with an online presence and less mature IT security measures in place,” he said.
He recommended all businesses undertake some form of self-assessment, and ensure that computer security was treated not simply as a purely IT issue.
Lack of skills
James Nunn-Price, Deloitte’s Asia-Pacific cyber risk leader, said the strategy was welcome and its commitment to growing skills and home-grown security businesses would help establish a “cyber smart nation”, which could play a lead regional role in innovation and resilience.
Cyber security startups and skills are a further focus of the new strategy, with the regional market for cyber security products and services set to be worth $22bn by 2020, said the report.
However, the report also acknowledged the dearth of computer security skills in Australia, and indicated that universities would be strongly encouraged to lift their output of security skilled graduates.