Air Force Commander Darren Goldie will lead the federal government’s cybersecurity incident response efforts as its inaugural national cybersecurity coordinator.
Air Vice-Marshall Goldie will take up the role leading the new National Office for Cyber Security on July 3, three months later than was originally envisaged.
His appointment follows the recent hack on law firm HWL Ebsworth, which provides legal services to several Commonwealth agencies, as well as data breaches at Optus and Medibank last year.
The government announced its intention to establish the office at the end of February, with the coordinator initially expected to be appointed in March.
Mr Goldie has served in the Australian Defence Force for the last 30 years. Before taking up the mantle of Air Force Commander in April 2022, his appointments included Aide de Camp to the Chief of the Defence Force, Staff Officer VIP Operations, Director Military Strategic Commitments and Director General Air Combat Capability.
He has also previously served as staff officer VIP operations, director military strategic commitments and director general air combat capability. In 2020-2021, he was seconded to the Department of Prime Minister and Cabinet’s international division to provide strategic foreign policy advice to government.
Prime Minister Anthony Albanese said Mr Goldie would drive the government’s work on cybersecurity, leading the national response when major cyber incidents occur, building the Commonwealth’s cybersecurity capability, and supporting the Cybersecurity minister on policy development.
“This work will be done in collaboration with key policy operational and security agencies. It builds on the work that we are doing, not just in government, but also with the private sector,” he said.
In last month’s federal budget, the government set aside $46.5 million over four years for the National Office for Cyber Security, in addition to ongoing funding of $11.8 million. The office, which sits within the Department of Home Affairs’ Cyber and Infrastructure Security Group, will have 55 staff while also having access to additional staff in the event of a significant incident.
Justifying the appointment of the former Air Commander as opposed to someone with cybersecurity industry experience, Cybersecurity minister O’Neil said she was confident in the appointment, noting that “cyber incident responses is not principally a technical problem it’s an operational problem”.
“A lot of the issues are very practical and operational. How do we replace the driver’s licences of millions of Australians? How do we replace their passports? How do we ensure that we’re working across government to get information off the dark web that shouldn’t be there?,” Ms O’Neil said in response to questions from InnovationAus.com.
The Prime Minister described the Air Vice-Marshall as an “outstanding choice” given he has a “proven track record of leadership across the security space in our defence forces”.
Mr Goldie said his new role will centre on “the coordination and leadership”, as well as information for the Australian people and government. He also said that “Australia is fortunate enough to have some of the best cyber practitioners in the world”.
The appointment comes as the fallout from the HWL Ebsworth data breach continues. The law firm has hundreds of contracts with the federal government, including the Tax Office, the Department of Finance and Services Australia, according to AusTender.
Ms O’Neil said the government was unable to confirm which federal departments have been affected by breach “at this stage”.
Shadow cybersecurity minister James Paterson welcomed the appointment of Mr Goldie but criticised the federal government’s delay in appointing the cyber coordinator, accusing it of a “lack of urgency” despite recent major cyber incidents.
“The delay means the coordinator commences duties in the height of a cyber crisis. If the Minister had acted sooner, the coordinator would have been in place before the HWL Ebsworth cyber attack, which appears to be one of the most serious data breaches affecting sensitive, and potentially classified, government information,” he said.
“The first task of the coordinator must be to get to the bottom of what government data has been lost in the HWL Ebsworth attack, the implications of the breach and how to mitigate them, and steps being taken to inform and support affected parties.
“Given the Albanese government’s failure to be transparent about the nature, extent and impact of the attack, it falls to the new coordinator to conduct Australia’s cyber response in an open and transparent manner.”
Mr Albanese also reiterated the importance of mobilising not just the public sector in assuring cybersecurity, but also the private sector and consumers.
“We all have a responsibility. Simple things, turn your phone off every night for five minutes for people watching this, do that every 24 hours. Do it while you’re brushing your teeth or whatever you’re doing. There are simple things that you can do as well,” he said.
In 2021, the United States National Security Agency issued guidance on smartphone cybersecurity practices for consumers, which included advice to reboot your phone on a weekly basis. This is reportedly to mitigate the threat of malware operating out of a device’s memory, which is cleared when it is turned off and on again.
The federal government is currently working on a new Cyber Security Strategy. McKinsey is one of the consultancies that has been brought in to provide project management work.
Do you know more? Contact James Riley via Email.