On 22 November 2023 the Australian Government released the 2023-2030 Australian Cyber Security Strategy. In February 2024, Senetas submitted its response to the strategy. What follows is a summary of that response.
Senetas fully supports the government’s aims set out for the 2023-2030 Australian Cyber Security Strategy. Specifically, we:
- Welcome and strongly support the consideration being given to legislating a Cybersecurity Act. We see this as an urgent priority that would set the foundations for a successful national
cybersecurity strategy. - Support the initiatives for a more secure national infrastructure sector through regulatory alignment/s, and the “…possibility of a new Cybersecurity Act and developments to the Security of Critical Infrastructure Act.”.
The strategy’s aim of “enhancing and harmonizing regulatory frameworks” has become urgent as Australian (government, commercial and industrial) organisations have rapidly become increasing targets for both state-sponsored and other cyber-criminal attacks. The planned legislative and regulatory alignment initiatives, including an holistic national Cybersecurity Act, will highlight to our international trade partners, Australians and business sectors within the Australian economy the importance and seriousness of cybersecurity.
Robust national cybersecurity governance will send a clear message that Australia is no longer a vulnerable target, similar to the effectiveness of Europe’s implementation of the General Data Protection Regulation (GDPR) since 2018.
The Senetas Submission
Senetas supports and addresses the following key elements of the proposed legislation:
A National Cybersecurity Act mandating:
- Consolidation of various privacy and corporate responsibilities legislation and regulations into a single comprehensive Cybersecurity Act.
- Data protection beyond mandated requirements to prevent successful cyber-attacks IE the encryption of sensitive data throughout its lifecycle.
- Proper and secure use and storage of data.
- Whole of data lifecycle security responsibilities – when at rest (stored), in use and in motion across networks and in use.
- Government agencies’ and (selected) commercial sector businesses’ migration to quantum-safe cybersecurity (e.g. critical infrastructure, intellectual property, citizen identity, other valuable sovereign data).
Direct alignment of the secure national infrastructure regulatory framework with the Cybersecurity Act.
As new technologies continue to evolve, such as AI and quantum-computing, a national Cybersecurity Act should focus business and government organisations on preparedness as well as responsibility requirements.
Organisations must actively reduce the cyber-risks threatening IT/OT (Information Technology / Operational Technologies), cloud, Internet and data/voice/video network infrastructures and maintain the secure privacy of their data and their critical activities. Privacy requirements should not be limited to individual citizens’ data. Commercial data, whether business secrets, financial or business identity, should be afforded the same confidentiality.
The submission also provides context to: legislative and regulatory consolidation and clarity; prevention and protection cybersecurity requirements; the use of encryption for data protection and more. Finally, it concludes by outlining 7 core principles of data protection.
- Securing the economy and cyber scosystem
- Resilient critical infrastructure
- Sovereign capability in cybersecurity
- Policy and legislative frameworks
- International strategy and government systems
- Public-private collaboration
- Engagement in policy development
View a copy of the full submission.
