More than a year and a half since the government launched its landmark cyber security strategy the national conversation has shifted and new challenges and opportunities have emerged, two of the key architects behind it have said.
The $230 million National Cyber Security Strategy was launched by Malcolm Turnbull in April last year, and featured 33 initiatives centred on five key themes: national cyber partnership, strong cyber defences, global responsibility and influence, growth and innovation and cyber smart nation.
The “roadmap” to keep Australia “safe and competitive in an increasingly digital world”, and included funding for 100 new specialist jobs in government, the establishment of a minister assisting the prime minister on cyber security, and a focus on increasing private and public sector collaboration.
The strategy helped to shift the conversation towards the more practical threats and opportunities, assistant secretary of cyber policy in the Department of Prime Minister and Cabinet Sandra Ragg said.
“We launched our cyber security strategy about 18 months ago. Now the conversation isn’t any more about what this cyber security thing is and why it matters,” Ms Ragg told the InnovationAus.com Cyber Leaders forum Melbourne.
“It’s now about how we address the important challenges that exist in this space and that are facing industry and government, and the opportunities we have as a digital national.”
“It’s a real shift we’ve had. This is not just a national security issue now, it’s one of economic and social enablement.”
With technological developments and the growing threat of cyber attacks on Australian businesses, the cyber security strategy and surrounding conversation needed to adapt to meet these new threats and opportunities, Ms Ragg said.
“Eighteen months on and the pace is only accelerating in terms of the challenges and the opportunities,” she said.
“We can see that pace of change moving faster and faster. The strategy 18 months ago was a great step forward and it was fit for purpose, but now we see a range of things where we can do more as a community, like large-scale cyber crime, supporting SMEs and the skills gap.”
Addressing the dire skills gap in cyber security was a core theme at the conference, and one the government is looking to address through a range of “experiments”, Ms Ragg said.
ANZ chief information security officer Lynwen Connick led the development of the Cyber Security Strategy when she was working at PM&C up until the start of this year.
She said the strategy’s focus on partnerships between the government and the private sector is even more important now.
“It’s the responsibility of both the public and private sectors to deliver the strategy. It’s not a government strategy, it’s a strategy that belongs to all of us,” Ms Connick said. “And a big part of that strategy is all about being in partnerships.”
“For me it’s all about the opportunity, and to realise the opportunity we’ve got to get strategy cyber leaders and people with the skillsets we need in the workforce,” she said.
The patchy nature of some of the partnerships with the private sector were criticised in an Australian Strategic Policy Institute report marking one year of the cyber security strategy.
The report also slammed the poor implementation of the strategy and “ad hoc nature” of the government’s communications and “insufficient expectation management with industry partners”.
“While some companies could show more initiative, the government also needs to more clearly delineate the division of responsibility within the national cyber partnership,” the report said.
Prime Minister Malcolm Turnbull hosted a roundtable discussion with industry leaders in June, and signalled a refresh of the cyber security strategy.
The meeting discussed a range of initiatives, including an industry-led council reporting directly to the prime minister, and allowing for a wider range of intelligence materials to be shared with the private sector partners.
The government’s role in this national debate has shifted, Ms Ragg said, and was now centred on practical methods to address the major problems.
“The government’s role is shifting. Now it’s about setting the strategy to create a more secure ecosystem, and that’s about our people, relationships and technology as a platform for our innovation, growth and prosperity,” she said.
“We’re not a large nation, and my view is that we can actually do this. But it requires commitment and a vision that we all share, so we’re headed in the same direction.”
A key element to addressing the skills gap “crisis” is new policies and strategies aiming at bringing people from different industries and skillsets into cyber security, she said.
“We need to start thinking about how we open our minds to accepting that people who may not have been traditionally associated with this as a career, or don’t have the technical skills. We need to open the doors to more people coming into our profession,” Ms Ragg said.
We’re going to require more transferrable skills.”
The government is currently developing strategies to get more women into cyber security, and people from more diverse backgrounds.
“We want to access these communities to increase the talent pool. This issue underpins absolutely everything that we want to do. We have the opportunity to create that ecosystem and scale, but it is up to all of us,” Ms Ragg said.
The government also recently launched Australia’s first ever International Cyber Engagement Strategy in October, with a focus on growing digital trade, improving cyber security in the local region and fighting state-based cyberattacks.
The report outlines the cyber affairs agenda for the next three years, and is a core component of the overall national cyber security strategy.
InnovationAus.com partnered with PwC, Thales Australia and Covata to present the Cyber Security: The Leadership Imperative forum in Melbourne.