The Australian government’s cybersecurity bark is worse than its bite, with a new report finding its intentions in cyber is not yet being matched by actual capability.
The National Cyber Power Index 2020, created by the Harvard Kennedy School’s Belfer Center for Science and International Affairs, measured 30 countries in terms of cyber capabilities.
The researchers looked at seven national objectives, including surveillance, defences, offences and domestic industry, along with 32 intent indicators and 27 capability indicators, using publicly available data.
Overall, Australia was ranked 10th in the National Cyber Power Index, with the US, China, UK and Russia topping the list.
But when broken down to intent and capability, a sharp gap was identified for Australia.
In terms of cybersecurity intent, Australia was ranked as 8th in the world, but when it comes to actual capability, it placed at 16th overall.
The researchers measured a country’s cybersecurity intent through an assessment of national strategies, rhetoric and attributed cyber operations.
Australia was consistently ranked between 8th and 10th in the world for intent but did not feature in the top 10 for any of the capability measurements.
In terms of countries with high intent and lower capability, the report said these nations are “actively signalling to other states that they intend to develop their cyber capabilities but have either not publicly disclosed their capabilities or do not currently have the capabilities at hand to achieve their cyber goals”.
Australia placed particularly low in terms of offensive capability, placing at 24th out of the 30 countries analysed.
Australia also placed relatively lowly in terms of the domestic cybersecurity industry and realising high-tech export opportunities and was ranked as 12th for the commercialisation of cybersecurity capability.
Shadow assistant minister for cybersecurity Tim Watts said the report is evidence of the Coalition’s actions not matching its rhetoric on cybersecurity.
“This is yet another example of the Morrison government’s approach of rhetoric over action and their failure to prioritise cyber at both an industry and government level,” Mr Watts said.
“This report is further confirmation the Morrison government has over-promised and never delivered on almost every metric when it comes to Australia’s cybersecurity capabilities.”
He also said it shows Australia has been falling behind the rest of the world on cybersecurity during the Coalition’s time in office, with the Economist Intelligence Unit’s Cyber Power Index placing Australia at 3rd in the world in 2011.
The federal government unveiled its long-awaited 2020 Cyber Security Strategy last month, with $1.7 billion in funding over the next decade. It included new laws to protect the nation’s critical infrastructure, new powers for police to target the ‘dark web’ and efforts to increase the cyber resilience of SMEs.
The strategy positioned the government’s central role as protecting critical infrastructure and essential services, and assisting agencies and businesses in improving their resilience, but also placed responsibility on larger businesses to help SMEs.
The strategy has been criticised by the Opposition and cybersecurity sector figures for a lack of focus on building the local cyber industry.