Telstra’s Penn to lead Australian cyber strategy


Denham Sadler
Senior Reporter

A permanent 10-person advisory committee, helmed by Telstra boss Andy Penn, has been established to guide the implementation of the federal government’s $1.7 billion cybersecurity strategy.

The 2020 Cyber Security Strategy was unveiled by the government in August, with the bulk of funding going towards the Australian Signals Directorate and Australian Federal Police, and a focus on protecting critical infrastructure.

An industry advisory panel was established late last year to advise on the strategy, with most of its 60 recommendations eventually adopted by the government in the final strategy.

This process has now been formalised going forward with the new Industry Advisory Committee.

Andy Penn
Andy Penn: Leading a new federal cyber security advisory body

The committee will be led by Mr Penn, who was also chair the initial advisory panel. It will also feature two other members of this panel: Northrop Grumman Australia chief executive Chris Deeble and NBN Co chief security officer Darren Kane.

The initial panel was criticised as being “incredibly out of balance with the reality” of the local cybersecurity sector due to the dominance of Telstra and other telcos in it, with no members from any startups or SMEs.

The just established committee includes a number of new members.

These include AUCloud chair Cathie Reid, FibreSense chairman Bevan Slattery, PwC trust and risk business leader Corinne Best, NAB growth executive technology and enterprise operations Patrick Wright, Cyber Security CRC chief executive Rachael Falk, University of Western Australia Public Policy Institute Advisory Board chair Professor Stephen Smith and Macquarie Telecom Group chief executive David Tudehope.

The new committee will guide the implementation of the cybersecurity strategy and provide “ongoing advice about the best ways to address emerging cyber security challenges”, home affairs minister Peter Dutton said.

“The 2020 Cyber Security Strategy is firmly focused on protecting families and businesses, especially as they spend more time online both at home and in their workplaces,” Mr Dutton said.

“The committee brings a wealth of experience from both the public and private sector that will build on the success of the Industry Advisory Panel and ensure industry will continue playing a vital formative role in shaping the delivery of actions set out in the strategy.”

The committee members have all been appointed on rolling two-year terms, but there will be the option for reappointment.

Mr Penn said the committee will help to bring the strategy to life.

“It is hard to imagine a more important piece of work. Connected technologies are now right at the heart of the lives of most Australians and increasingly pivotal in shaping our economy, our society and our prospects for the future,” Mr Penn said.

“Our ability to fully embrace a digital future is also central to our post-COVID-19 recovery and long-term competitiveness.”

The strategy also looks to protect Australia from malicious cyber actors, especially around critical infrastructure, Mr Penn said.

“Meeting that challenge requires Australia’s cyber defences to be strong, adaptive and built around a strategy framework that is coordinated, integrated and capable. The 2020 Cyber Security Strategy provides that framework.”

The strategy has however been criticised for a lack of focus on the local cyber industry, with the vast majority of the funding being re-appropriated from the Defence budget and spread across the next decade. It received a lukewarm reaction from the industry, with concerns around a lack of detail and set timeframes.

Do you know more? Contact James Riley via Email.

1 Comment
  1. But it still won’t demistify the jargon and provide a plain english understanding to business owners and leaders, nor will address specific gaps in industry where cyber assurance is required to strengthen business practices like supply chain.

    Technical companies, of which these all listed here keep propogating this practice and it is not serving Australia. Many current cyber intiatives sponsored by government are not moving the dial towards raising awareness or connecting cyber risk with enterprise risk.

    My own company, Informive has done this and is taking it to market with two programs, raising awareness and operationalising cyber risk into BAU for businesses. Our education programs are giving business leaders the assurance they need to udnerstand and invest. We have a cyber risk assurance accreditation framework for supply chain systems, contracts and panels which addresses the security controls and practices required to bolster economic and trading confidence, i.e. trust, brand and reputation. Australia needs this in business terms, with investments put into business minds, not just technical. Informive is getting with the program – check it out.

Leave a Comment

Related stories