- Cyber Security Discussion Paper
- Australia's Cybersecurity Concerns
- Improving Australia’s Cybersecurity Strategy / Building Alliances
- Joint Working Group with India
- Cybersecurity Framework
Cyber Security Discussion Paper
Australia launched its first Cybersecurity strategy back in 2016. This new cybersecurity model was set to last from 2016 through 2020.
Earlier this month ASPI’s International Cyber Policy Centre decided to initiate a public forum on what should be included in the next cybersecurity strategy. Hundreds of business’s fall victim to cybersecurity crime each year in Australia and their reports are piling up. The Australian government is seeking feedback on its new cybersecurity strategy that will update the current one in 2020. This new strategy is needed to help combat the rise in cybersecurity threat over the past few years and help all business’s fight off cyber threats in the future. Australia launched a discussion paper to kick off the public consultation that lasts until November 1st. The discussion paper explains how cybersecurity affects us all and that the Australia government is seeking feedback from small, medium and large businesses, industry bodies, academia, advocacy groups, not for profits, government agencies, community groups and members of the public.
Recent incidents such as compromises of the Australian parliamentary networks, universities and key corporate entities illustrate that the threat continues to be significant. Even smaller-scale cyber incidents affecting families and local businesses have lead to financial loss, business interruption, and identity theft. The government would like to hear from businesses about their views on cybersecurity laws, so they can adapt their approach to improving the security of business and the community
Australia's Cybersecurity Concerns
The major concerns in the new cybersecurity strategy include the fact that cybercriminals continue to target Australians and are enabled by tools that are cheap and widely available. The very first Australian cybersecurity strategy was released only three years ago, so their goal is to fix any of the major mistakes, and add laws that help business's fight cyber threats in the future.
The most basic cyber threats do not require a high level of technical knowledge, making it easier to undertake criminal activities. State actors in recent years are also growing more organized, confident, and sophisticated in using cyber-espionage and interference to promote their national interests. This includes the ‘hack and release’ of sensitive information, which is intended to embarrass the target and damage their reputation with the public. New threats are constantly appearing and they remain effective against networks that lack baseline cybersecurity.
Australia’s critical systems, including the energy, telecommunications and transport sectors, are becoming increasingly digitized. International cyber incidents have disrupted power grids, degraded public health and transport systems, and damaged physical infrastructure These threats can threaten the physical safety, economic security, and the continuity of the government and its services.
Improving Australia’s Cybersecurity Strategy / Building Alliances
The Australian government has already taken steps towards strengthening its cybersecurity
strategy. This new strategy is being developed with input from industry, research partners and community groups. The government is already in the process of moving its cybersecurity functions in the Australian Cyber Security Centre, and building capacity within the law enforcement agencies. Also, they’re creating Joint Cyber Security Centres in Sydney, Brisbane, Melbourne, Perth, and Adelaide, as well as establishing the Cyber Security Growth Network.
Automated scanning tools are being created to help identify vulnerabilities in the external-facing system.
The Australia government is working to build a market for high-quality security professionals and instill greater trust in ICT supply chains. La Trobe University recently announced they have come together with the National Australia Bank in a strategic alliance to deliver research, teaching and workforce development in cybersecurity. This strategic alliance includes having the potential for NAB and La Trobe to co-invest in innovative and shared facilities, including a Security Operations Centre (SOC) and/or Cyber Laboratory in the future. Partnering with NAB will provide the Australian government with an added level of invaluable expertise. They’re already researching the latest malware detection and sensing techniques, and the opportunity to expand this research to areas such as data detection and forensics analysis will benefit everyone. Over $400 million is set to be provided for cyber defense activities in 2020.
Joint Working Group with India
Australia and India have also agreed to enhance cooperation on cybersecurity strategies. On September 5th, India and Australia agreed to a commitment to security and stability in the cyberspace. These two countries agreed to work towards having a Joint Working group on Cybersecurity Cooperation and to commence negotiations for a framework agreement on cyber cooperation. Australia and India representatives also discussed national and international security, while furthering the dialogue on important issues and collaboration on future critical technologies. The Department of Human Services has done some good work leveraging its purchasing power to extend the secure supply chain, and the Australian Prudential Regulation Authority’s draft standard on information security.
On September 4th, Australian Cyber Security Centre (ACSC) announced that updates to the Australian Government Information Security Manual (ISM) were released to help organizations set the strategic framework for protecting their systems and information from cyber threats. The ISM is based on a set of foundational cybersecurity principles centered on four key activities: govern, protect, detect and respond. The cybersecurity principles for the updates represent part of the continual effort over the last 12 months to transition the ISM from a compliance-based information security manual to a principles-based cybersecurity framework that organizations can apply, using their corporate risk management framework, to protect their systems and information from cyber threats. The ISM also contains various cybersecurity guidelines covering governance, physical security, personnel security, and information and communications technology security to help identify cybersecurity risks.
As of August 2019, a new cybersecurity node was launched by the NSW Cyber Security Network and many other countries are participating with government agencies to share expertise and create new ideas. Over the past few years, the Australian government has been making huge strides towards developing the best cybersecurity strategy in 2020. Hopefully, these changes will lower future cyber threats in Australia, and businesses won’t be targeted by cybercriminals as frequently with new laws in place.