Targeted, forward-thinking strategy in Cybersecurity is the need of the hour.
Prime Minister Scott Morrison revealed last month Australia is actively being attacked by hostile foreign governments.
An advisory note posted on the government’s Australian Cyber Security Centre website said the attackers were targeting various vulnerable networks and systems, potentially trying to damage or disable them.
Governments – along with individuals and the private sector – have an important role in addressing cyber risks that threaten our national security. At some point this year, the federal government’s new cybersecurity strategy is set to be announced.
Many in the industry hope it will be comprehensive and backed by significantly more investment than the previous one, to address what is a growing threat. Currently, a cybercrime incident is reported every ten minutes in Australia.
Information warfare (such as through disinformation campaigns) between governments has taken place for many years.
In 2016, then prime minister Malcolm Turnbull released Australia’s first cybersecurity strategy. It involved investments of more than A$230m across four years for five “themes of action” including including stronger cyber defences, and growth and innovation in the sector.
The strategy envisioned making Australia a “cyber smart nation”, by ensuring we had the skills and knowledge needed to thrive in the digital age, while staying cyber safe.
But overall, the strategy was poorly implemented.
For instance, improving cybersecurity requires close collaboration between government, industry, academia and community. To this end, Joint Cyber Security Centres were announced so various parties could share knowledge.
However, prior to COVID-19, plans were in motion to align these centres with the Australian Signals Directorate’s higher security classification. This would hinder a collaborative environment by restricting movement within, and access to, the centres.
Four years on from the initial strategy’s release, the “smart nation” vision seems lost. The cybersecurity sector faces skills shortages, and the public and businesses remain largely unaware of how to protect themselves.
A holistic, interdisciplinary approach
Effective cybersecurity is about more than technology – it’s about people (from a range of backgrounds), user behaviour, business processes, problem solving capability, regulations, industry standards and policy.
I’ve read 156 submissions to the upcoming cybersecurity strategy, which was open to public comment. I also have knowledge of confidential submissions not made public.