In late 2023, the Australian Government released its 2023-2030 Australian Cyber Security Strategy (the Strategy), designed to be a comprehensive roadmap for Australia to become a world leader in cyber security by the end of the decade.
Addressing consumer needs, issues faced by industry, government and international challenges, the Strategy aims to contribute to the overall health and wellbeing of the digital ecosystem – something all Australians increasingly rely on for their social and economic activity.
auDA hosted a webinar on 20 February 2024 in partnership with the Cyber Security Cooperative Research Centre (CSCRC) to explore the development and implementation of the Strategy. auDA CEO Rosemary Sinclair AM was joined by three experts who each played a pivotal role in developing the Strategy:
- Rachael Falk, CEO of the CSCRC and member of the Minister for Home Affairs’ Cyber Strategy Expert Advisory Board, and facilitator of the discussion
- Hamish Hansford, Deputy Secretary of Cyber and Infrastructure Security Group at the Department of Home Affairs
- Brendan Dowling, Australia’s Ambassador for Cyber Affairs and Critical Technology
Below are our key takeaways from the webinar.
Establishing Australia as a world leader in cyber security
The Australian Government’s 2023-30 Strategy is an ambitious, long-term plan that aims to tackle major challenges and establish Australia as a world leader in cyber security. As Ambassador Dowling explained, the current threat environment and scale of digitalisation has created a “much wider attack surface” and was a key motivator to “embed a whole of nation approach.”
In support of this approach, the Government engaged in significant consultation on the Strategy. It received more than 300 submissions from all parts of the community. This included auDA’s submission to the consultation, which emphasised the importance of maintaining the security and integrity of the internet as the enabler of Australia’s digital economy.
According to the Ambassador, the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) is already positioning Australia as a cyber security world leader, “We’re now seeing core elements of SOCI starting to form a baseline in terms of global critical infrastructure protection … People are wanting to learn from our approach.”
Industry leadership on security
According to Rachael Falk, “it was very tough to get cyber security on the board agenda five or six years ago in a significant way” but now “there’s no doubt it’s on – or should be on – every agenda of every board meeting, for both large and small organisations.”
Hamish Hansford agreed with this sentiment, “the environment [has] fundamentally changed”. He named the SOCI risk management program, as well as recent high-profile cyber attacks, as key activity that have made business leaders take notice. “I’m now seeing so many different companies think about the data they hold, why they hold it and the economic benefit for holding it versus the risk”.
For auDA, a critical infrastructure provider, risk management and security are core priorities. Rosemary Sinclair highlighted that auDA works towards the highest cyber security thresholds and engages closely with our partners to ensure security across the entire .au ecosystem is where it needs to be.
Supporting small business
auDA’s 2022 Digital Lives of Australians research found many small businesses consider cyber security a top concern and struggle to implement sufficient security measures. Equally, the National Cyber Security Strategy highlights there is no silver bullet to solve the cyber security challenges small businesses face.
The Strategy instead sets out a range of measures to uplift small business cyber security, including investment in training programs, more resources for cyber.gov.au and greater engagement with trusted partners that can help educate business owners, such as accountants, ICT providers and banks.
In addition, as Ambassador Dowling explained, the technology industry also has a role to play. Businesses and consumers shouldn’t have to buy an add-on to a purchase to access the basic level of security required today.
That’s where the concept of Secure-by-Design comes in. Secure-by-Design is a key feature of the Strategy that establishes a requirement for business to develop products and software with security as a default feature.
Combatting cyber crime and ensuring greater security
Collaborating with global partners to tackle cyber criminals via public attribution and sanctions across multiple jurisdictions was another key point raised, including sanctions against one of the key criminals behind the Medibank cyber attack. Rachael Falk highlighted that it was “the first time Australia used its cyber sanctions.”
Cyber criminals rely on anonymity to operate so sanctions have a real cost to them and send a clear message that they cannot operate with impunity.
Hamish noted that sanctions are one of many tools Australia has at its disposal to tackle cybercrime, and another tool is the Counter Ransomware Initiative. “Australia [has] taken a leadership role in the Counter Ransomware Initiative because we think, to be a global leader, that we need to be at the forefront of working with like-minded countries on ransomware issues.”
This stronger posture against cyber crime is something that Australia is advocating for across the international community, extending to the products we use. The interconnectedness of our world today means that many of the technologies we use in Australia are developed in a global tech market. It makes sense that baseline measures and security requirements for those technologies should be developed with regional and global entities to ensure a robust security environment.
auDA is a strong supporter of multi-stakeholder internet governance and we were pleased to see the Government reaffirm commitment to this approach in the Strategy. We believe the best outcomes are achieved when all stakeholders can participate by “being in the room” and have their voices heard. We will continue to engage with government and other stakeholders and contribute to realising the Strategy's goal of Australia becoming a world leader in cyber security.
Watch the full webinar to learn more, and keep an eye out for our next auDA event.
