The federal government’s cybersecurity industry advisory panel is “incredibly out of balance with the reality” of the local sector, according to the founder of Forticode.
There are growing concerns within the cybersecurity sector that the panel selected to help guide the government’s 2020 Cyber Security Strategy is too narrow, is Telstra-dominated, and does not include representatives from startups or SMEs.
The Department of Home Affairs unveiled the panel last November when it met for the first time in Canberra. It is made up of members of large telecommunications companies and corporates, and has no members from any cybersecurity startups or small businesses.
The panel is chaired by Telstra chief executive Andrew Penn and includes former Telstra chief operating officer and Tesla chair Robyn Denholm, NBN chief security officer (and former long-time Telstra senior executive) Darren Kane, Vocus Group chair (and former Telstra chair) Robert Mansfield and Northrop Grumman Australia chief executive Chris Deeble.
The industry panel will work with the government and public sector to oversee the development and implementation of the government’s 2020 Cyber Security Strategy.
In revealing the panel, Home Affairs Minister Peter Dutton said the panel has a “depth of practical experience protecting families, businesses and governments from constantly evolving cyber threats”.
But the panel is out of step with the Australian cybersecurity sector and lacks diversity, according to Tony Smales, the founder of cybersecurity startup Forticode.
“The problem I see is that this is meant to be an industry panel and it’s so incredibly out of balance with the reality of Australian businesses, innovation and industry representation,” Mr Smales told InnovationAus.
“The people that have been brought to bear dominantly represent telecommunications and infrastructure. The individuals themselves don’t necessarily have the pertinent strategic and operational experience but their resources should.”
Better representation of SMEs could have been achieved through AustCyber featuring on the panel, Mr Smales said.
“Given the horizontal nature of the cyber industry, I don’t think it is sensibly possible to include the required number of SME representatives, but to have them represented by a body such as AustCyber should be non-negotiable to ensure the strategies from big corporates don’t continue to exclude the small but critically important contributors,” he said.
AustCyber chief executive Michelle Price has also criticised the make-up of the panel, telling CIO.com late last year that it “does not reflect the full breadth of challenges facing the country”.
“There are people from across the economy who have a very different set of experiences that could have been brought to bear,” Ms Price said.
“There are some very experienced people involved in the different facets of cybersecurity that could have brought those different sectoral perspectives as well as contextual perspectives to the table.”
It’s important that the industry panel consult widely with the wider cyber sector now, Penten chief executive Matthew Wilson said.
“The panel is a good start and probably reflective of those to largely bear the load of expected policy refinements. Strengthening the panel will come from representation from those bearing the threat load, those most directly affected and to benefit from a more cyber resilient Australia,” Mr Wilson said.
“The banking and finance sector, SMEs and the cyber industry have important and valuable learnings and insights.”
The government is planning to release a significant revamp of its cyber strategy this year. It has been consulting on the new strategy for several months now, and has received more than 200 submissions.
From the companies represented on the industry panel, only Telstra provided a submission on the strategy.
Do you know more? Contact James Riley via Email.
I’ve watched many of these panels over the years – so far, no exceptions, they are all fake. The government ends up introducing legislation it planned before any of the panels got involved. The panel only exists so they can *pretend* they consulted.
That’s why they have “public consultations” instead of inviting experts – if you get enough non-professionals involved, and tell them what to think with leading questions and one-sided commentary (e.g. their “Call for Views” publication), you’ll have all the fabricated support you need for whatever policy you had up your sleeve.
It is disappointing to see such a panel. It doesn’t represent the cyber security industry (innovators, growth companies, researchers for eg) nor is it a broad enough representation of Australian industry (current & emerging) or Executives. You’d think with all these industry panels to date, there would have been sufficient learnings on how to construct another one.
This article hit the mark perfectly.
ABSOLUTELY – The Telstra total-lack of concern and bloodyminded do-nothing response to the plague of social engineering phone calls (most of them spoofed) is single-handedly to blame for the #1 cause of financial loss to Australian victims – it is absolutely beyond question that none of those culprits should in any way be involved in shaping the strategy that should, if it has any chance of working, be coming down like a ton of bricks on Telstra and our telephone infrastructure!!
And this – LOL – what a joke – the exact opposite is true: “depth of practical experience protecting families, businesses and governments from constantly evolving cyber threats”.
You can’t expect 25M Aussies to recognize scam phone calls. BUT – you can expect our couple of phone companies to take down scam caller infrastructure, quickly, when victims report it… but guess what… I’ve reported it at least half a dozen times, and NEVER ONCE has Telstra done anything. And yes, I put a serious amount of effort into trying hard to get it taken down, including using internal contacts to help. Still nothing.
It seems the govt might be duchessing Telstra so it will takeover the disastrous MTM with minimum public awareness?