As reported in the Australian press earlier this month, the newly appointed administration has prioritized what it calls a “re-casting” of the national cybersecurity strategy. In a recent speech, the Minister for Cyber Security (Clare O’Neil) revealed she had ordered her department to undertake an urgent and thorough review of the existing strategy.
The previous government’s strategy was plagued by delays, predominantly arising from the COVID-19 pandemic. Throughout the consultation and subsequent launch, it has come under criticism; not just for the delay in launch but for failing to incorporate recommendations by industry specialists and for a lack of focus on sovereign solutions.
The idea of putting Australian firms first when it comes to national cybersecurity was met with optimism from sovereign solution providers:
“We are pleased to see refreshing leadership by the Australian government that hopefully will lead to the establishment of federal cybersecurity standards and regulations within a single legislative framework. In a world where bad actors are often highly resourced and backed by nation states, bold steps in reforming cybersecurity are essential to protecting the Australian economy, business intellectual property and government secrets.
– Andrew Wilson, CEO Senetas
Europe’s overarching cybersecurity regulations through its General Data Protection Regulation (GDPR), established back in 2018, set a gold standard framework the government should consider. Cyberware is no longer just a future threat, but a reality that has been weaponised to destabilise our international partners, disrupt our industries and threaten our critical national infrastructure and defence capabilities. Then, as cybersecurity experts have warned for some years, the biggest threat in history is around the corner – Quantum computing.
Overnight, Apple’s announcement of critical vulnerabilities that allow attackers to take control of computer and mobile devices is coincidentally a perfect example of just how devastating sophisticated attacks can take advantage of our interconnected world for nefarious purposes. Australia should not be waiting for such attacks to become successful before we deal with them. We must act decisively and begin to make cybersecurity a national priority including the need to become Quantum resilient. Australia is fortunate to have some of the best sovereign cybersecurity developers that are trusted around the world. We now have an opportunity to leverage this capability through the Australian Government’s initiative.”
The global landscape for cybersecurity and cyberespionage is constantly evolving, with an increasing number of attacks coming out of Russia, China, North Korea and other nation states. In response, Australia is looking to strengthen existing ties with the US, India and Japan to enhance its cyber resilience.
Leveraging principles established in other national cybersecurity strategies, Australia is also looking to get tougher on cybercrime, with broader powers to prosecute, stricter penalties for online fraudsters and a centralised initiative to provide greater collaboration between security, finance and utility stakeholders. It will also include training initiatives to encourage new entrants to the cybersecurity marketplace and the potential up-skilling of current employees to address the increasing domestic skills gap.
Update: November 2022
The new administration has been quick to implementing change, starting with a review of breach penalties. A new bill passed the Senate at the end of November that raises the maximum penalty from $2.2 million to $50million. This brings the breach legislation closer in line with the GDPR and should act as a significant incentive for Australian businesses to tighten their cybersecurity controls.