The Morrison government has released its
2020 Cyber Security Strategy
which commits $1.67 billion to enhance Australia’s cybersecurity and law
enforcement capabilities over the next decade.
Key priorities in the 52-page strategy include proposed new laws and an
“enhanced regulatory framework” which aims to secure critical
infrastructure and to protect Australians at scale.
The framework will be implemented through amendments to the Security of Critical Infrastructure Act and is expected to extend
to systems of national significance.
Government will use its “classified” national situational awareness
capability to respond to threats against critical infrastructure, while
critical infrastructure operators will be able to share malicious cyber
activity with government through a new cyber threat-sharing platform. A
legislated cyber security baseline across the economy is also being
considered.
The strategy also outlines initiatives for large businesses to assist small
and medium enterprises (SMEs) enhance their cyber security capabilities
through providing ‘bundles’ of secure services such as threat blocking and
antivirus mechanisms. SMEs will also have access to online training and a
24/7 helpdesk for cyber security advice or assistance.
Highlights
Over the next 10 years government will invest $1.67 billion in cyber
security to:
- Protect and actively defend the critical infrastructure that all
Australians rely on, including cyber security obligations for owners and
operators
- Introduce new ways to investigate and shut down cybercrime, including on
the dark web
- Implement stronger defences for Government networks and data
- Engage in greater collaboration to build Australia’s cyber skills
pipeline
- Use mechanisms to increase situational awareness and improve sharing of
threat information
- Build stronger partnerships with industry through the Joint Cyber
Security Centre program
- Provide advice for small and medium enterprises to increase their cyber
resilience.
- Deliver clear guidance for businesses and consumers about securing
Internet of Things devices
- Operate a 24/7 cyber security advice hotline for SMEs and families
- Improve community awareness of cyber security threats.
Australia’s increasing use of technology
As a predominantly services-based economy underpinned by technology,
Australia is becoming increasingly dependent on access to technology and
data networks and the development of new innovations that are protected
from cyber risks.
Cyber ‘attacks’ more prevalent across all spheres of government, business
and society. The level of sophistication continues to increase, and the
impact of such attacks can be catastrophic, especially in the context of
highly sensitive sectors such as defence, as well as healthcare,
infrastructure and personal security.
The expansion of internet-capability beyond computers and mobile phones
into other cyber-physical or ‘smart’ systems is extending the threat of
remote exploitation to a host of new technologies which underpin the
everyday lives of Australians such as transport control systems, power
grids and industrial plants.
Skills and talent are essential
Managing Australia’s exposure to cyber risks relies on our capacity to
access the right skills and talent, and our ability to support greater
investment into research, leading to the development of innovative
solutions.
According to analysis by AustCyber
[1], there is a significant shortage of job-ready cyber security workers in
the local market, with the need for an additional 17,600 cyber security
workers anticipated by 2026 to fulfil Australia’s growing cyber security
and data privacy requirements. Central to the required growth in labour is
the need to ensure we develop a larger pipeline of successful cyber and
data security firms over the next decade. Growing the number and scale of
businesses in this sector will go a long way to creating new employment
opportunities for the next generation of Australians that we need to meet
the demand for talent in this area. The downstream pay-offs for the
Australian economy, and for Australian consumers, will be substantial.
The 2020 Cyber Security Strategy has been informed by extensive
community consultation and expert advice from Government’s Industry
Advisory Panel, chaired by Telstra CEO Andy Penn.
In December 2019, the Australian Investment Council made a
submission
to the government consultation on the development of Australia’s 2020 Cyber
Security Strategy.
-ends-