The government is still yet to publish Australia’s 2020 international cyber engagement strategy, four months past its scheduled release and three and a half years on from the inaugural strategy.
The strategy is currently with the government for consideration, but has apparently been accepted and is already informing Australia’s international cyber relations. Its absence has prompted renewed concerns from the Opposition about the “disarray” of Australia’s cybersecurity policies.
The International Cyber Engagement Strategy was developed and launched by the Department of Foreign Affairs and Trade in 2017 along with the appointment of Dr Tobias Feakin as the Ambassador for Cyber Affairs and Critical Technology.
The strategy is intended to guide global and regional engagement across the full range of Australia’s interests in cyber affairs and is scheduled to be revisited every three years to adjust its settings.
A new 2020 strategy has been with government for consideration since last year and was scheduled to be launched at the end of the final Parliament sitting week in December.
During Senate Estimates last month, Dr Feakin said the new strategy is already informing a range of ongoing work by DFAT but a “particularly busy parliamentary activity week” last year meant a “short postponement” to the official launch was necessary.
“We’re in discussions about a suitable date,” Dr Feakin told the Estimates hearing.
Foreign Affairs Minister Marise Payne said that she had delayed the launch because of “timing and the scheduling issues”.
A DFAT spokesperson confirmed the updated strategy is now in use but did not respond to questions on when it will be launched or when it was first provided to government.
“The International Cyber and Critical Technology Engagement Strategy continues to inform DFAT’s active program of international engagement in pursuit of a safe, secure and prosperous Australia, Indo-Pacific and world,” the spokesperson told InnovationAus.
The work influenced by the unpublished strategy includes the recent launch of a Quad Critical and Emerging Technology Working Group, following a March meeting of the US, Japan, Australia and India, as well as DFAT’s ongoing work to “build the cyber resilience of regional partners”, according to the spokesperson.
Shadow Assistant Minister for Cyber Security Tim Watts said the response from the department official and the Minister for Foreign Affairs during Estimates last month highlighted the “the disarray that is cybersecurity policy in the Morrison Government”.
“It seems incredible that an important government strategy has been sitting in a drawer gathering dust for four months because the Minister is too ‘busy’ to launch it,” Mr Watts told InnovationAus.
“Australians deserve better than these excuses when it comes to an issue as critical as cyber security.”
First developed in 2017, Australia’s International Cyber Engagement Strategy was broadened to include critical technology in the 2020 update.
Public submissions for to the 2020 strategy closed in June 2020 and included stakeholder input from academics, civil society groups, Big Tech and cyber companies among 31 submissions. DFAT also engaged with 18 Commonwealth departments on the new strategy, which supersedes the 2017 plan.
Since the strategy was originally scheduled to be released last year, a series of high profile international cyber attacks have occurred, including the Microsoft Exchange exploit which led to a breach of Western Australia’s parliamentary email network and a SolarWinds software exploit which provided attackers access to US government networks.
While China and Russia have been the respective suspects of the two incidents, Australia has yet to attribute either cyber attack. Dr Feakin told Estimates DFAT’s increasing preference is to make attributions in partnership with allies, but the department was yet to go through any multilateral attribution processes.