The new Labor government will significantly revise the former Coalition government’s 2020 Cyber Security Strategy to account for pandemic developments and the growing threat landscape.
The update will focus on sovereign capability and the local workforce, to be delivered in the new government’s first term as a priority for Home Affairs and Cyber Security minister Clare O’Neil.
InnovationAus.com has confirmed the revamp of the $1.7 billion 10-year strategy, first revealed by The Australian on Friday.
It is understood the change won’t be as radical as the newspaper’s report the 2020 strategy will be “torn up” by the new government, but most cyber programs will be on the table for change and industry development will be a greater focus.
A timeline is yet to be determined but it will need to account for wider industry collaborations than were included in the 2020 strategy, with the lack of collaboration one of the new government’s biggest concerns with the Coalition plan.
Under the new Labor government, cybersecurity has its own portfolio in the Australian cabinet for the first time. Labor was a sharp critic of the Morrison’ government’s cyber policies, saying they often arrived too late, lacked detail or overlooked huge threats like ransomware.
Cyber Security minister Claire O’Neil said the new government’s strategy will be a “whole-of-nation” effort.
“It will be grounded in sovereign capability, with a plan for the future workforce and growth of the cybersecurity sector, including Australian cyber SMEs,” she told The Australian.
“It will build resiliency, with real engagement and industry alliances to deal with cyber shocks in an assured, not anxious way.”
The new strategy will replace or at least significantly update the $1.7 billion Cyber Security Strategy launched in August 2020. The bulk of the 2020 strategy is focused on protecting essential infrastructure from cyber-attacks, improving the resilience of businesses and uplifting community awareness of cyber security.
The strategy was criticised for being late, excluding the then-Opposition Labor from contributing, lacking focus on the local industry, and failing to take on board recommendations by industry.
The strategy had been set to be released earlier in 2020 but was delayed four months due to the COVID-19 pandemic.
The Morrison government began consultations in mid 2019, with 215 submissions made on the initial consultation paper. Home Affairs officials met with more than 1400 people as part of the consultations.
However, the consultation process was not effective enough to genuinely reflect industry and public views, according to the new government, which will now develop its own strategy.
Opposition senator and shadow minister for cyber security & countering foreign interference James Paterson called on the government to urgently clarify the extent of the changes.
“Are they pausing implementation of critical infrastructure reforms? How long will the new strategy take? And what should industry do in the meantime while they go back to the drawing board?,” Mr Paterson tweeted.
“The cyber realm has never been more contested. The last thing we need is uncertainty.”
But parts of the industry welcomed the move in initial reactions.
ASX-listed information security provider archTIS chief executive Daniel Lai welcomed the move to a strategy that “focuses on the innovation and economic benefits of growing the cybersecurity sector”.
“By nurturing the cybersecurity sector now, Australia can take a more active role in a massive restructuring of how we do business in the years to come. To make this happen, we’ll need both the funding and the manpower to properly address the challenge of securing the future,” he said.
Fellow listed security company Senetas also welcome the potential to develop the local industry through the revamped strategy.
Senetas chief executive Andrew Wilson said the change is a chance to establish federal cybersecurity standards and regulations “within a single legislative framework” and develop a proactive approach to combat sophisticated cyber-attacks.
“Australia should not be waiting for such attacks to become successful before we deal with them,” he said.
“We must act decisively and begin to make cybersecurity a national priority including the need to become Quantum resilient. Australia is fortunate to have some of the best sovereign cybersecurity developers that are trusted around the world. We now have an opportunity to leverage this capability through the Australian Government’s initiative.”
Outgoing Telstra chief executive Andy Penn, who leads the government’s permanent Industry Advisory Committee on cybersecurity, will address the National Press Club next Tuesday to outline his vision for a stronger cybersecurity strategy.
Do you know more? Contact James Riley via Email.
I’m sure Clare must be a great person, but she has an arts degree, studied law and did a postgrad in Public Policy. She might not get the difference between a firewall and a fireplace. She might think a protocol is for Buckingham Palace. Yes, she holds a portfolio now, but that isn’t a replacement for a relevant education and subject matter knowledge. Would you ask your lawyer to write cyber policy, or even try to describe what cyber might be? Remember poor George Brandis trying? James did commerce and arts. Andrew studied finance and accounting. Andy is an accountant too. Cyber is debits and credits ??? Perhaps you think the wrong people are talking about things they don’t know. I’m sure of it.