AISA welcomes Australian Government’s Cyber Security Strategy

24 April 2016.

The Australian Information Security Association (AISA) welcomes the Australian Government's $230 million Cyber Security Strategy announced by Prime Minister Malcolm Turnbull last week.

AISA CEO Arno Brok attended the launch of the new strategy at the Australian Technology Park in Sydney and said the strategy was a great start but there is a lot more that needs to be done.

"The strategy announced by the Prime Minister will help to address an apparent lack of cyber security professionals in Australia," said Mr. Brok. "However, the Government's announcement to provide support for some 5000 small businesses does not go far enough."

AISA recognises that there are around 200,000 small-to-medium sized businesses (SMBs) in Australia that need assistance to protect themselves against large-scale cyber-attack from cyber criminals. Cyber security needs to be brought to the forefront of their business strategies.

AISA is the peak body for cyber security professionals in Australia and has been working hard to raise awareness of cyber security in Australia and assist individuals, businesses, and governments in protecting themselves against cyber-attack and data theft.

AISA is eager to hear further details on how the Government's Strategy will be implemented and is ready to play a role in pragmatic and practical initiatives to deliver cyber security preparedness to SMBs, and at the same time build capacity for cyber security professionals in Australia.

Media contact

For interviews with Mr Arno Brok please email [email protected] 

About AISA

AISA champions the development of a robust information security sector by building the capacity of professionals in Australia and advancing the cybersecurity and safety of the Australian public as well as businesses and governments in Australia.

 

Further information

A summary of the strategy 

The Government views the Cyber Security Strategy as vital because it: 1) will support the country's growth and prosperity in the new digital age, and 2) is important to the national security of the country.

Furthermore, the newly released Australian Cyber Security Strategy recognises that to ensure there is a cohesive and effective strategy in place, leadership will be vital. While working with the private sector and research communities the Australian Government will be taking a leading role.

The Australian Cyber Security Strategy will provide $230 million dollars over four years with annual reviews, and consist of five themes/pillars.

[1] A national cyber partnership

This theme/pillar emphasises the need for a solid partnership between all sectors of the economy and the need to understand the cost of cyber security objectives.

More specifically, governments, business and the research communities need to work together to advance the Australian cyber security industry.  And while cooperation and partnerships are important, the Government is taking a leadership role.  

To this end the Government will host annual Cyber Security Leaders meetings with the Prime Minister and business leaders involved.  By having these leadership meetings, the goal is to set a strategic cyber security agenda and drive its implementation.  The Prime Minister will also be supported by a Minister to assist them in the cyber security portfolio.

Furthermore, roles and responsibilities will be streamlined from a governance perspective. Examples of this streamlining include ensuring that the Department of Prime Minister and Cabinet will take the lead role on Cyber Security Policy with the goal of a more simplified policy and process. Another example is that Australian Cyber Security Centre (ACSC) will bring together the governments operation cyber security capabilities.

Another major objective of this theme/pillar is to understand the costs of cyber security and the effectiveness of suggested and implemented solutions - with a focus on Australia - which is very important as it will provide quantitative data.

[2] Strong cyber defences

The second major theme/pillar of the Australian Cyber Security Strategy is strong cyber defences which basically refer to "deter, detect and respond" and "raising the bar".

The need for "deter, detect and respond" is that cyber advisories will target the weakest link and as such, by having a better defence in place for when breaches do occur, the consequences are reduced. ACSC will be pivotal in helping "deter, detect and respond" predominantly through intelligence sharing.  The intelligence will be shared on a secure online cyber threat sharing portal.

With respect to "raising the bar" of cyber security capabilities, Australia will be participating in the "cyber storm" exercises led by the US each year to assess our capabilities by using real world threat scenarios. It will also provide ASX100 listed business to voluntarily assess their cyber security using
"health checks". Importantly, the Government recognises that small businesses are in many ways the most vulnerable as they find the cost of allocating resources to cyber security either too prohibitive or simply do not have the in-house expertise. As such the Government will provide support for small businesses in this area as well.

In addition to helping businesses with cyber storm exercises, the Government also wants to improve the capabilities and skillset of security specialists and will do so by supporting the Council of Registered Ethical Security testers (CREST) Australia and New Zealand to expand its security testing services.

[3] Global responsibility and influence

The third major theme/pillar of the Australian Cyber Security Strategy is to have global responsibility and influence. Specifically, championing open source, free and secure Internet, shutting down the safe havens for cyber advisories and building capacity.

Given that most cyber attacks and crime originates from overseas, an approach of shutting (or at least disrupting) the safe havens where the criminals operate is required. The building of cyber capability again emphasises the need for partnerships, a theme that is repeated in the strategy. This time the partnership is done at an international level.

[4] Growth and innovation

The fourth major theme/pillar of the Australian Cyber Security Strategy is about growth and innovation which can be done by the Government spending over $30 million to establish an industry led Cyber Security Growth Centre. This would increase business opportunities for the cyber security sector. 

Other activities within this pillar are making changes to tax treatment of early stage venture capital limited partnerships (which would attract more investment than start-ups). These and other similar activities would be supported by Research and Development as well.

[5] A cyber smart nation

The fifth and final theme/pillar of the Australian Cyber Security Strategy is to build a cyber smart nation. You can view this theme/pillar as the wrap around all the other themes because the main two actions on this theme are developing the right skills and addressing the cyber security skills shortage in Australia. The first action of developing the right skills and addressing the cyber security skills shortage would concentrate on delivering undergraduate and postgraduate education courses concentrating on the STEM subjects, and concentrating on increasing the number of women in the field.

The second action of this theme would be raising the cyber security awareness of all Australians through public and private initiatives.