The federal government’s new Cyber Security Strategy is here. Is it a step in the right direction, and what does it mean for Australian businesses? Cyber security partner Richard Bergman unpacks the new framework.
At the launch of the Australian federal government’s Cyber Security Strategy yesterday, Malcolm Turnbull called on senior business leaders to “join me and my government in building a national cyber partnership, setting the strategic agenda; [and] co-designing national cyber security initiatives”. The call for partnership is a welcome signal from the government that it understands that improving Australia’s cyber resiliency can only be achieved through collaboration between the public and private sector.
The new Cyber Security Strategy is Australia’s first in seven years – an age in a time where technology and the cyber threats we face have evolved rapidly and significantly. PwC’s Global State of Information Security Survey shows that from 2014 to 2015, the frequency of cyber security incidents in Australia almost tripled that of the rest of the world – 109% compared to 38.5%.
The new Cyber Security Strategy was initiated after the completion of a review into Australia’s domestic cyber policy, which was initiated by the government in November 2014. The new strategy is based on five pillars:
1. Partnering with business
The government has committed to working with senior business leaders, with a commitment to annual meetings with the Prime Minister and CEOs. The Australian Cyber Security Centre (ACSC) will move out of the ASIO building in Canberra to enable easier access and better collaboration with business.
2. Cyber defence through intelligence sharing
Having publically acknowledged for the first time that the Bureau of Meteorology and the Department of Parliamentary Services have both suffered cyber “intrusions” Malcolm Turnbull is encouraging a more open and transparent approach to reporting breaches and “break down a culture of denial as to the scope and scale of cyber threats”. Sharing centres will be established in key capital cities that will facilitate the exchange of information between businesses, as well as threat information from classified government sources.
3. Global outreach
The Department of Foreign Affairs and Trade will appoint a cyber ambassador to promote an open, free, and secure internet internationally.
4. Growth and innovation
The government will assist businesses to develop new markets in cyber products and aims to make Australia an attractive centre of cyber security innovation.
5. Cyber professionals and awareness
Alongside continuing initiatives like the Cyber Security Challenge, the government will work with universities to develop centres of excellence, spur the selection of STEM subjects in schools, and improve security awareness amongst all Australians.
Success by stopping
The Cyber Security Strategy comes with funding attached – $230 million over four years. The strategy is a good start, but its success will be measured by its ability to reduce the impacts of cyber threats on Australian businesses, government agencies, and individuals. One area that will be crucial to success is the establishment of joint private-public threat centres, with $80 million of funding committed.
Facilitating the exchange of actionable intelligence between both sectors is critical in improving the ability of defenders to respond to attacks, given attackers can adapt to defences faster than defenders can adapt to attacks. I believe that automation will be key to the success of these centres as it can improve the relevance and timeliness of intelligence dissemination.
Overall, Australia’s updated Cyber Security Strategy is a step in the right direction, and brings much needed focus and cohesion to disparate government cyber initiatives. The focus of the strategy on partnerships with business and sharing intelligence has the potential to significantly improve Australia’s cyber defences if businesses and government can rise to the challenge of building effective sharing centres.
With thanks to David Stocks, Senior Associate, Cyber Security, for contributing to this article.