The new adviser to the department of Prime Minister and Cabinet on cyber security matters, Alastair MacGibbon, has criticised the government’s strategy, saying that elements of it will fail.
The former children’s e-safety commissioner said one of his main tasks will involve identifying which aspects of the strategy are likely to be unsuccessful and scrap them.
While addressing a gathering of intellectual property lawyers, MacGibbon said the old way of doing business, where governments did not share enough information with industry, was a recipe for disaster and must be addressed.
“That will never be enough, if what we do is continue what I would call the broken model of cyber security for government, what we will end up with is just more and more people staffing a war we can not win,” he said.
MacGibbon said the most important part of the strategy was growing a cyber security ecosystem and developing such an environment, led by an increased commitment to information sharing between government and industry.
“There is a very strong commitment from the government to build strong relationships with industry," he added.
MacGibbon also warned that this would not necessarily be an easy process.
“Those who have sat in industry and sat in government know that it is easier said than done to build that strong and trusted relationship.
“We are going to build on the existing collaboration, we will build upon the foundations that Cert Australia have created through the ASD [Australian Signals Directorate] and Australian Cyber Security Centre."
MacGibbon added that one of the key concepts of this strategy was the building of information sharing hubs in capital cities so that “people don’t have to traipse down to Canberra”.
MacGibbon also committed to creating health checks for business, some paid for by the government, some subsidised by the government, some carried out free of charge by industry itself to help reduce vulnerabilities to attack.
“We will up the ante in relation to commonwealth government agencies which are quite often subject to attack," he added.
“We will be providing more and more intelligence, we will be providing more and more services."
MacGibbon said a healthy cyber security ecosystem would only come about if the country had a cyber-savvy population.
“It is no more important anywhere than in the cyber security space to make sure that students are studying STEM," he added.
In addition, MacGibbon highlighted the “significant work being done” with Data 61 and its CEO, Adrian Turner, and said it was important for the future of the country and economy to be able to grow these cyber skills at home and export them rather than importing talent.
“If we continue down the path that we have been on, if we continue with the way governments have operated and the way corprates have operated, we are destined to fail," he added.
“It is not a success story, but I am not a sky is falling guy, I actually fundamentally believe that there is a strong and secure future for this country when it comes to cyber."
Updated: Following publication of this article, MacGibbon posted this comment on the author's LinkedIn post.
"Not quite what I said. I'm not critical of the strategy, in fact it addresses several old failings. But it makes sense that with 33 initiatives some will be more effective than others and we need to identify what's working and - just as importantly - what isn't.
"Rather than being a negative , industry and the public see that attitude as a positive realistic approach from government. And, given the pace of change in this space, you'd expect and hope we evolve our approach to best protect Australia."