The government’s Cyber Security Strategy reflects the growing recognition that any organisation, regardless of size or type, is a target for attack. The motives of attackers are often financial, but isn’t just financial services institutions that get attacked. Any organisation with private data, IP, payment details or other valuable information can be a lucrative target.
Australia has a proud history of innovation and in order to realise the ‘ideas boom’ we will need to provide a secure environment for businesses to operate. Motivations of attackers can also be broader, looking to disrupt organisations and/or promote activist causes, putting public sector organisations and critical national infrastructure at risk as well. No organisation should think it is safe—being attacked is often a question of when, not if.
As both the private and public sector face similar threats and have different parts of the solution, the Strategy is right to place a strong focus on the government working with the private sector to make the most of the technology and expertise available.
3 areas crucial to the success of the Cyber Strategy
- Expanding the role of information sharing in protecting Australia;
- Addressing our cyber security skills gap;
- A commitment to regular reviews.
Expanding the role of information sharing in protecting Australia
It’s important that in the rollout of the initiatives found in the Strategy, there is a global perspective that recognises the threats to Australian businesses and government come from everywhere. The appointment of a cyber ambassador will help Australia have a voice on the world stage.
Given the broad range of cyber threats and targets, better threat intelligence is a key factor in effective cybersecurity, allowing organisations to better target their cyber-defence strategies where they will have the biggest impact.
BAE Systems already sees a lot of value in threat intelligence sharing and does this on informal and formal bases with governments and the critical infrastructure sector.
The Australian Cyber Security Centre (ACSC) has gone a long way to enabling this, and relocating the centre to a location where it is easier to work with industry will facilitate better dialogue and collaboration. The Strategy also looks to build on the work of the ACSC by adding joint cyber threat-sharing centres and an online threat sharing portal. It’s important to expand the sources available for information sharing from both a private and public sectors perspective as quickly as possible.
Addressing our cyber security skills gap
There is an urgent need to build up the number of cyber security professionals in Australia. The announcement of more than 900 new positions for government agencies just adds the existing shortage seen by the private sector today.
This is an area where industry can help government upskill staff and support capabilities quickly. One excellent example of industry supporting the government and education sector is BAE Systems’ partnership with Box Hill TAFE in Melbourne to develop the first cyber security apprenticeship.
While Australia educates and trains the cyber security professionals of tomorrow, it’s important the private and public sectors uses the experts available as efficiently as possible. Increased adoption of advanced analytics in cyber security will make organisations more secure today, by automating the tasks that can be automated, and ensuring that the time spent by skilled operators is directed to where is will make the biggest difference.
Commitment to regular reviews
As technology and threats change rapidly, so too must government policy and initiatives. Seven years between cyber security strategies is too long; every 12 months is a good starting point. We only have to look at the changes in the past few years with the growth of social media and smartphones to see how fast the connected world is changing. Today, we are already seeing the start of the next big change with the Internet of Things (IoT) taking shape.
The move to adopt a cyber security health check scheme is an important and worthwhile imitative that will make a real difference to the cyber readiness of the country’s biggest businesses. It’s important that industry works with Government to evolve this concept and to support and protect government and industry in the future.
The appointment of a Minister Assisting the Prime Minister on Cyber Security and a Special Adviser on Cyber Security in the Department of Prime Minister and Cabinet signals the importance of cyber security for this government and Australia.
Leadership at senior levels of government is crucial to placing cyber security where it belongs on the government’s agenda, as an ongoing policy priority.
The Strategy is only the beginning of this journey towards greater collaboration. We encourage the business community to act now so that we can, as a nation and as individual businesses, increase our cyber defence capabilities.