A Step Up: Australia’s New Cyber Security Strategy

A Step Up: Australia’s New Cyber Security Strategy

In today’s universally online world, the need for ultimate security for information and data is at an all-time high, yet the state of Australian cyber security has remained unchanged since 2009 — so much so that it has been deemed as a cyber security “crisis”. Think about it, 2009 is now 7 years ago!

The Australian government has recognised the lack of cyber security and essentially the lack of what they’re doing about it, and therefore, have developed a new cyber security strategy that is said to be revealed in the coming weeks. ITnews has had an exclusive look at the 46-page document, which has been awaited since late 2014 and scheduled for a mid-2015 release, but was postponed due to the Abbot-Turnbull transition.

Considering the news, we’ve taken the time to bring you a simple summary of all that you need to know about the new strategy, as well as what it means for Australia.

The underlying theme that resonates from the strategy is to “help Australia grow by embracing disruptive technologies from a secure footing in all areas of the economy.”

A look into the policy

What’s in the policy, and why will the private sector be important?

According to ITnews, the document outlines, five key areas: strengthening cyber defences, education, partnerships, research and development, and awareness, and the policy contains a total of around 19 specific initiatives.

A Step Up: Australia's New Cyber Security Strategy | Broadcast | Crucial

  • The private sector: Most of it relies on assistance from the private sector, which the Government is considered to be using as the vessel through which they can execute their points of action.
  • Threat centres: Joint public-private sector threat centres are going to be established in Australian capital cities, so as to share information on threats quickly. There will be a few pilot centres funded first to trial for viability and effectiveness.
  • Information-sharing portal: This will include an online, real-time information-sharing portal for organisations on cyber security threats.
  • Cyber security guidelines: The private sector will be tasked with helping design and implement a list of voluntary cyber security guidelines that convey good practice. Government agencies will also receive guidance to help them manage supply chain risks for IT equipment and services.
  • Health checks: This comes hand-in-hand with voluntary cyber security “health checks” for business, that will initially only be available to ASX 100 organisations, but will extend to other in due time. These seem to be check-ups that will ensure the strategy is effectively in place and is proving to be an impact on businesses.
  • Cyber security growth centre: As well as this, the policy states that the government is proposing to create a “cyber security growth centre”, that will facilitate research and development.
  • Exporting services: Alongside this, is the plan to export Australian cyber security services. The example of this given, is expanding its “entrepreneurs and innovation program” to support cyber security.
  • Indo-Pacific region focus: There is also a certain focus on the Indo-Pacific region, and the plan to prevent “malicious cyber activity” in the region.
  • International law enforcement agencies: will play a part, as the strategy proposes partnering with those agencies to shut down safe havens for cyber criminals.

What will it do about the lack of cyber security skills and education?

  • University Courses: There is seemingly a lack of cyber skills and education in Australia, and the policy recognises this “crisis”, and pledges to establish “academic centres of excellence” in universities — with high accreditation standards — in order to work towards increasing the quality and number of skilled IT security professionals.
  • TAFE Apprenticeships: This will occur alongside cyber security apprenticeships in TAFEs across the country.
  • Tertiary Education: The document also aims to target the school system, and labels it as the sector requiring the most urgent attention. The government states that they will work with businesses and researchers to ensure that students are studying relevant subjects at school, in relation to cyber security.

How will it impact government?

  • Increased focus on cyber security: The government has promised to increase the size of the national Computer Emergency Response Team (CERT), which is the section of government that deals with cyber security issues affecting businesses. As well as this, the number of cyber security professionals in the Australian Federal Police (AFP) force, Crime Commission, and Australian Signals Directorate (ASD) is planned to increase.
  • Annual Summits: According to the policy document, the prime minister is planning to hold annual cyber security summits with business leaders to “set the strategic cyber security agenda” and “drive the delivery of key initiatives.”
  • Social Marketing Campaigns: Also, awareness campaigns will ensure that the general public are alert about cyber security risks.
  • Constant updates and reviews: The document is said to be updated every 12 months and reviewed, as well as modernised every three years.

What does this mean for Australia?

This document highlights the advancements that our country needs, but have been around overseas for a number of years. Australia is essentially catching up with the rest of the world. In one light, this is fantastic and the next step to becoming known lesser as a “catch-up” country, but in another light, it’s slightly embarrassing to make a big deal out of it. If it’s well-funded and implemented properly, it could be greatly effective and make a massive difference to the Australian economy.