Assistant Defence Minister Andrew Hastie and the head of the Australian Cyber Security Centre (ACSC) have called on Australia’s cybersecurity community to unite against growing threats as more people go online, including criminals and state-based actors.
The ACSC is increasingly turning to industry partners to mitigate cyber risks as it deals with more than 60,000 reports of cybercrime each year, and acknowledges more upgrades are needed to improve its “already stretched” support service.
Speaking at the Australian Information Security Association (AISA) conference in Canberra on Tuesday, Mr Hastie said Australia’s sovereignty depended on its ability to thwart cyber-attacks, and it required government, industry and academia working “hand in glove”.
“Cyber is the new battlefield, and whether we like it or not, we’re all joined in an online contest to preserve our personal security but also our digital sovereignty as a country.
“And we cannot be complacent. It is essential we consider cyber security when we talk about Australia’s national security, our innovation and prosperity. And a major cyber-attack would have a devastating impact on our economy, our security and our sovereignty.”
Mr Hastie told delegates it is also important to adopt proper cyber hygiene, including the current push to “mainstream” risk mitigation strategies like multifactor authentication.
The Australian government consulted with 1,400 cyber stakeholders through its business led industry advisory panel in 2019. The recommendations informed a $1.67 billion 2020 Cyber Security Strategy to be delivered over 10 years.
A subsequent Industry Advisory Committee, also led by big business, has been tasked with guiding the implementation of the strategy. The committee’s first report into ransomware and the basic steps business can take to mitigate risks was criticised by the opposition as a “missed opportunity” that lacked government policy and instead put pressure on the business community.
The debate around Australia’s approach comes as cyberattacks increase in frequency, scale and sophistication.
According to Mr Hastie, cyber criminals and state-based actors are focused on the “irresistible targets” of digital supply chains, with Australian cyber agencies now receiving more than 60,000 cybercrime reports a year.
“We must combine our knowledge and our expertise as well as our unique insights and capabilities to detect and respond to this broad and evolving threat landscape,” Mr Hastie said.
Head of the ACSC, Abigail Bradshaw, said her organisation is working to increase industry partnerships, and the size of its partnership program has more than doubled since she arrived in March last year.
The increased collaboration is evolving the way the ACSC delivers advice to Australians, according to Ms Bradshaw, who noted the current approach is encountering hurdles as the organisation deals with a cybercrime report on average once every eight minutes.
We’re preparing to initiate new call centre arrangements to expand our already stretched 24 hour watch force to enhance cybersecurity assistance the ACSC provides to all Australians, and with a specific focus on some of those most vulnerable to the small to medium enterprise sector.
The cyber organisation is also currently working on a “significant evolution” to its cyber threat sharing platform. An updated “bidirectional” platform will be able to share emerging threats between the ACSC and Australian public and private organisations at “machine speed and scale”.