Home Affairs is leading the development of a data security “Action Plan” to provide more clarity to governments and industry on the Commonwealth’s approach to data sovereignty and security, amid concerns about cyber security and digital supply chains.
The National Data Security Action Plan will be developed over the next two years with industry, after receiving $1.8 million in the May federal budget. The plan’s funding partially comes from cuts to innovation and startup support programs.
Home Affairs said the plan will offer a “comprehensive approach to data security” and it expects to see benefits within five years. But several individual security and resilience initiatives are being rolled out before the formal plan is released, amid warnings from the security agency about rising cyber threats.
“As the amount of data stored and used by governments, businesses and the community continues to grow, so does the need for Australia’s data to continue to be both used and stored in a trusted secure way,” a Department of Home Affairs spokesperson told InnovationAus.
“The Australian Government is bringing together new and existing measures to create a comprehensive approach to data security through the development of a National Data Security Action Plan over the next five years.”
The response followed questions from InnovationAus about data sovereignty definitions and thresholds.
The Department of Home Affairs said the forthcoming National Data Security Action Plan would help to make clear data security requirements and expectations to ensure “robust security settings” for government data.
“Through the development of the Action Plan, the Department of Home Affairs will provide clarity to Government, industry, and state and territory governments on the Commonwealth’s approach to data security including matters such as ensuring the sovereignty of data,” the spokesperson said.
The National Data Security Action Plan will build on existing measures like the recently implemented Hosting Certification Framework (HCF) and planned critical infrastructure protection reforms.
The HCF places strict new requirements and potential penalties on direct and indirect data hosting service providers storing sensitive and whole-of-government data through a new certification framework.
It is up to individual government agencies to determine their individual hosting needs, including which data and systems need the certified services.
Home Affairs has also developed legislation to protect critical infrastructure and systems of national significance. Still before a parliamentary security committee, the law would impose a positive security obligation on a wide range of operators of critical infrastructure, including data storage and processing providers. It also allows government agencies to take control of their networks in situations like a serious cyber attack.
The funding for the National Data Security Action Plan and other data security measures announced in the last budget comes from a combination of government funding and cuts to the Incubator Support Programme and the Business Research and Innovation Initiative.
Do you know more? Contact James Riley via Email.