In August 2020, the Australian Government released the Cyber Security Strategy to protect its people from cyber threats. The 2020 Strategy will create a more secure online world for Australian businesses and essential services upon which we all depend. This vision will be delivered through complementary actions by governments, businesses, and the community to ensure that information security threats are mitigated. The public can learn the best practices of operating online to protect their data.
It will be delivered through the following actions:
- Governments to strengthen the protection of Australians, businesses and critical infrastructure from the most sophisticated threats.
- Businesses to secure their products and services and protect their customers from known cyber vulnerabilities.
- Community to practice secure online behaviours and make informed purchasing decisions.
“The main element you cannot delegate to your cloud service provider is your responsibility for security, compliance and customer trust.”
― Stephane Nappo
Highlights of the Strategy:
As per the Cyber Security strategy plan, it will invest $1.67 billion over 10 years to achieve its vision. This includes:
- Protecting and defending the critical infrastructure that all Australians rely on, including cybersecurity obligations for owners and operators.
- New ways to investigate and shut down cybercrime, including on the dark web.
- Stronger defenses for Government networks and data.
- Greater collaboration to build Australia’s cyber skills pipeline
- Increased situational awareness and improved sharing of threat information.
- Stronger partnerships with industry through the Joint Cyber Security Centre program.
- Advice for small and medium enterprises to increase their cyber resilience.
- Clear guidance for businesses and consumers about securing the Internet of Things devices.
- 24/7 cybersecurity advice hotline for SMEs (Small and medium-sized enterprises) and families.
- Improved community awareness of cybersecurity threats.
Overview of the Strategy:
This strategy’s clear vision is to secure the Australians online world. It has become more actively recommended as a result of the Covid-19 situation. During the pandemic, almost all Australian businesses connected more than ever because of the online sharing platform—most of the businesses that went online and survived their livelihoods because of cyberspace.
As a result, Cybersecurity has become a fundamental and integrated part of everyday life, enabling Australians to reap the internet’s benefits safely and with confidence. Through this Strategy, the Australian Government will build trust in the online world by supporting businesses, their cyber resilience, and setting clear guidance to remain secure in cyberspace.
“In the next three years, the value of data will increase, making it even more valuable than it is today. The more efficiently you store your data, the more benefits your business will see.”
― Thomas Harrer
Some key initiatives from the 2020 Strategy:
We have summarised the Australian Cyber Security strategy’s key initiatives that you should know about:
Enhancement of the Critical Infrastructure Regulatory Framework:
Presently, the Telecommunications Sector Security Reforms and the Security of Critical Infrastructure Act 2018 (SCI Act) protects Australia’s telecommunication, electricity, water, gas, and maritime assets against cyber threats. The 2020 Strategy will expand SCI Act by adding more big sectors to enhance it’s a framework. This framework will further include banking and finance, data/cloud, defense, education, research and innovation, and food. The Australian Government has highlighted that it will be using a “principle-based approach” to implement these frameworks to provide more assistance for businesses against cyber attacks.
New Mandatory Baseline Laws for Cybersecurity standards:
The Government has advised that it will consider a number of different legal and regulatory options during a consultation with businesses keeping their cybersecurity in mind which includes:
- Privacy, consumer and data protection laws;
- Director duties; and
- Obligations on manufacturers of internet-connected devices.
Baseline laws would give cybersecurity a new direction in the upcoming days. As of today, cybersecurity laws and regulations include those contained in the Criminal Code Act 1995 (Cth) and privacy laws generally. The regulation’s scope will extend the Notifiable Data Breach Scheme, the Consumer Data Right regime, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth), and APRA Prudential Standard CPS 234 (Information Security). These baseline laws will set high standards where Australia’s business could be protected against these serious cybercrimes.
“Government should be responsible for ensuring
telecommunications operators and operators of critical services take measures to safeguard networks and services.”
Public submission to the Cyber Security Strategy 2020
Implementation and measuring progress:
The Australian Government recognizes the demand for implementation and evaluation arrangements for this Strategy. The Minister for Home Affairs has primary responsibility for delivering this Strategy, with support from other ministers as required. A Cyber Security Strategy Delivery Board, led by a senior Home Affairs official, will be responsible for implementing this Strategy.
The Australian Government budget enhanced adding another $1.67 billion to the Cyber Market. This marks a significant increase in investment from the 2016 Cyber Security Strategy (2016 Strategy), which invested only $230 million to protect Australia’s cyber interests. The 2020 Strategy builds on the 2016 Strategy and sets out several initiatives that demonstrate how government, businesses, and the community must work collaboratively to strengthen Australia’s cyber interests.
In Conclusion, both government and businesses have limited resources. The actions outlined in this Strategy address the most urgent issues. Technology is constantly changing, and measures designed to improve security in today’s online world can be quickly overtaken by new technologies, systems, software, and applications.
While this Strategy is an Australian Government initiative, it recognizes the essential role of the state, territory, local governments, businesses, academia, international partners, and the broader community in strengthening Australia’s cybersecurity. Every part of the government, business, and the community has a role to play in implementing the Cyber Security Strategy 2020.