After a number of delays, the Australian government has lifted the lid on its new cyber security strategy, aimed at consolidating the integrity of critical infrastructure from foreign adversaries and educating organisations of all sizes.
The Department of Home Affairs has posted an outline of the strategy on its website, stating that cyber criminals are “doing great harm, infiltrating systems from anywhere in the world, stealing money, identities and data from unsuspecting Australians. They are taking advantage of COVID-19 to target families and businesses, including health and medical research facilities.”
The new cyber security strategy will be bolstered by a $1.67 billion investment into cyber security infrastructure in Australia over the coming ten-years, and will see significant funds invested in:
- Protecting and actively defending the critical infrastructure that Australians rely on, including cyber security obligations for owners and operators.
- Issuing advice for small and medium-sized businesses to increase their cyber resilience
- New ways to investigate and shut down cyber crime; including on the dark web
- Stronger defences for government networks and data
- Greater collaboration to build cyber skills pipeline
- Sharing of threat information for situational awareness
- Partnerships with the Joint Cyber Security Centre
- Guidance for businesses and consumers about ‘securing Internet of Things’
- 24/7 Cyber Security hotline for small businesses and families
- Community awareness programs to promote cyber security
The importance of bolstering Australia’s information security network is imperative due to the fact that “the consequence of attacks are increasing in severity, as information systems become more central to business and society,” a submission from Sapien Cyber reads.
The Commonwealth Bank added to this sentiment, stating that “in our connected economy, an attack on one organisation can have impacts across customers and supply chains.”
A statement in the new strategy states that “these powers will ensure the Australian Government can actively defend networks and help the private sector recover in the event of a cyber attack… the nature of this assistance will depend on the circumstances, but could include expert advice, direct assistance or the use of classified tools.”
“This will reduce the potential down-time of essential services and the impact of cyber attacks on Australians.”
The 2020 strategy is underpinned by the government’s moves in 2016 to invest $230 million into cyber security. This saw the Australian Cyber Security Centre (ACSC) open its doors, as well as a Joint Cyber Security Centre for the state and territory governments, the appointment of an Ambassador for Cyber Affairs and development of a 24/7 Global Watch program.
Palo Alto Networks wrote in a public submission to the Cyber Security Strategy that “Australia’s landmark 2016 Cyber Security Strategy has been a catalyst for change, launching a series of government and private sector activities and responses to cyber security and cyber crime challenges.”
Andrew Penn, CEO of Telstra and Chair of the Industry Advisory Panel has said that “Australia will prosper as a digital economy if we continue to invest in cyber defences.”
“If we move to comprehensively protect ourselves from cyber-crime, our businesses will remain competitive, our national infrastructure will be protected, the security of our institutions – including our democratic electoral processes, which have been the subject of malicious cyber-attacks in other parts of the world – protected and the wellbeing of Australians improved. Acting quickly and decisively will also ensure the benefits outweigh the cost of remediation,” Penn added.