Australia’s refreshed cybersecurity strategy will build out “six cyber shields” to protect citizens and businesses from malicious actors, according to Home Affairs minister Clare O’Neil.
The forthcoming strategy will also be “unique” from those of the past in that it will use two-year horizons to help Australia reach the ambitious goal of becoming the most cyber-secure nation by 2030.
Ms O’Neil provided the first details on the long-awaited refresh of the 2020 Cyber Security Strategy – and the first from a Labor government – in an address to the AFR Cyber Summit on Monday.
The national strategy is expected to be released before the end of the year, and follows more than 12 months of consultation, both with a panel of industry experts and the wider community.
Ms O’Neil said that after a “deeply painful” 12 months for the country thanks to a spate of high-profile data breaches, the strategy would begin to “build six cyber shields around our nation”.
“These shields will help protect our business, our organisations and our citizens, and it will mean that we won’t be alone or in our silos trying to manage this problem,” she said.
“It will mean a cohesive, planned national response that builds to a more protected Australia.”
With the consultation revealing which cohorts of Australians are most vulnerable, the first shield will focus on creating “strong citizens and business that understand that they actually do have the power to protect themselves”.
“By 2030, what we want is citizens and business who understand the cyber threat, understand those actions that they can take to protect themselves and have proper supports in place so that when they are the victim of cyber-attack they’re able to get back up off the matt very quickly,” she said.
Having lamented the lack of safety-by-design features in Internet of Things devices just last week, O’Neil said the second shield is “safe technology” and ensuring that citizens and businesses are protected “with a layer of safe products”.
“Why do we continue to allow digital products for sale in our country when the makers of those products sometimes know them to be cyber insecure? We would never accept this from any other type of consumer product,” she said.
“In 2030, our vision for safe technology is a world where we have clear global standards for digital safety in products that will help us drive the development of security into those products from their very inception.”
The third shield is “world-class threat sharing and threat blocking”, which O’Neil said was “key to making the change that we need to make in this country” and “one of the most exciting parts of the strategy”.
“By 2030, we envision a world where threat intelligence can be exchanged between government and business at real-time machine speed and then threats blocked before they cause any harm to the Australia population,” she said.
The Australian Signals Directorate, through its Cyber Threat Intelligence Sharing (CTIS) platform, already offers an avenue for indicators of compromise to be shared between businesses at machine speed.
But as previously reported by InnovationAus.com, the platform, which is costing more than $47,000 a day to run, has struggled to gain traction, with upstream sharing rarely happening in the platform’s first 18 months.
Following a spate of high-profile data breaches over the last 12 months, which O’Neil described as “deeply painful” for the country, the fourth cyber shield will be aimed at protecting critical infrastructure from attack, including those assets operated by government.
“We own critical infrastructure, we deliver essential services and we certainly hold a lot of very sensitive and private data about Australians. And so that’s why part of this year will be about government lifting up its own cyber defences to make sure we’re protecting our country,” she said.
Ensuring Australia has a “thriving cyber ecosystem”, where cybersecurity is desirable profession for young people, is fifth cyber shield, while the sixth shield involves ensuring “coordinated global action” through engagement with international partners.
O’Neil said that unlike previous strategies, the 2023 strategy will be “big vision” but segmented into two-year horizons, starting with building out strong foundations between 2022 and 2025. This is “quite unique” to government strategies, which can sometime be “light on detail”, she said.
“As the cyber challenge reshapes, we will take stock and each two years when will build out the next phase of this plan that will ultimately see the country surrounded by these six firm shields of protection that will help keep our citizens safe,” O’Neil said.
“If we push as hard as we have over the last year all the way up until 2030, I truly and genuinely believe that our economy will be a world-class cybersecurity nation by 2030. I really do believe that we can do this, but we’ve got to have a plan and we’ve go to work together.”
O’Neil also foreshadowed further improvements to coordination within government, building on the creation of the National Office for Cyber Security and the appointment of Air Force Commander Darren Goldie as National Cyber Coordinator.
“One of the clear areas of critique we heard through the consultation for government is around our role in incident response, and there has been a lot of enthusiasm for the appointment of a National Cyber Coordinator,” she said.
“Yet I still meet with boards today who tell me that they have a long list sometimes of 30 or 40 people that they need to call within government when they come under cyber-attack. And I want to acknowledge to you that that is not government being a good partner to a company undergoing a crisis.
Do you know more? Contact James Riley via Email.