The Department of the Prime Minister and Cabinet has released Australia’s cybersecurity strategy revealing plans to invest more than $230 million in the next four years.
Alastair MacGibbon has been appointed as the first special advisor to the Prime Minister on cyber security.
Key representatives from the security industry were also attending Prime Minister Malcolm Turnbull’s announcement at the Australian Technology Park in Sydney.
Intel Security chief technical officer APAC, Michael Sentonas, told ARN the appointment of former children’s esafety commissioner and Dimension Data general manager security, Alastair MacGibbon, was one of the most promising aspect of the announcement.
“Alistair is really passionate about educating the next generation of knowledge workers and we need to do more to ensure that next generation know how to act as good digital citizens,” he added.
Sentonas went on to say these younger Australians need to know how to behave safely in the digital age and how to protect their identity and personal information.
“I was very pleased to see a lot of focus on education and academic centres of excellence. That is going to be a great opportunity to help with awareness programs and the cyber sharing portal.
“The announcement has a lot of components and a lot of spending. We are obviously going to have to watch and see more details but at this stage it looks absolutely fantastic.
Like every country on the planet, Australia has a security skills shortage. If we think about how rapidly technology is changing and the negative side of that with cyber security threats, that training will be critical.”
Symantec A/NZ managing director, Ian McAdam, said he supported the new strategy, outlining that Australia was one of the most targeted countries for cyberattacks.
“The investment announced by the government today demonstrates there is no one silver bullet that can protect our nation from cyber security threats. The government’s strategy to apply a multi-pronged approach across cyber security education, partnerships, research and development, and global awareness is an important step in helping to reduce cyber security threats,” McAdam said.
“Given the borderless nature of cybercrime, building trusted partnerships with the private sector and other governments to share intelligence that tackles critical cyber risks will be critical to helping Australia stay on the offensive.”
BAE Systems applied intelligence Australia general manager, Dr Rajiv Shah, said the strategy provides an excellent platform for both the public and private sector to collaborate on addressing cyber threats.
“The Strategy reflects the growing recognition that any organisation is a target, whether in financial services, the public sector, or operating critical national infrastructure. If there is private data, intellectual property, payment details, or motivation to disrupt, then there is a threat,” Shah said.
“If the government’s initiatives are acted upon, the private and public sector will be in a better position to deal with cyber threats than ever before.”
Shah highlighted that the strategy’s initiatives provide important incentives to organisations and businesses to invest time and resources in continually reassessing their risk landscape and building their cyber resiliency.
“The government is right to lean on the private sector to make the most of the technology and expertise available. BAE Systems welcomes clarity on the role it can play, so we can invest and build capability appropriately,” he said. “It’s important that in the rollout of the initiatives found in the Strategy, there is a global perspective which recognises the threats to Australian businesses and government come from everywhere. The appointment of a cyber ambassador will help Australia to have a voice on the world stage.
“The Australian Cyber Security Centre (ACSC) has gone a long way to enabling this. The Strategy looks to build on this by adding joint cyber threat sharing centres and an online threat sharing portal. It’s important to expand the sources available for information sharing from both a private and public sector perspective as quickly as possible.”
Shah said he was also pleased that government agreed with BAE Systems’ recommendations to build Australia’s cyber security skills capacity and is looking forward to working with the government to help adopt a cyber security health check scheme.
“We believe this is an area where industry can really be of assistance to Government. BAE Systems has been helping set a new direction in the education sector with our partnership with Box Hill TAFE in Melbourne to develop the first cyber security apprenticeship,” he said.
“As technology and threats change rapidly, so too must government policy and initiatives. Seven years between cyber security strategies is too long; every 12 months is a good starting point."
Cisco senior vice-president and chief security and trust officer, John Stewart, addressed the importance for Australia to address the country’s cybersecurity challenges to drive economic growth, to build and maintain trust, as well as building skills, education and training.
continues to be a driver of Australia’s economic transition, causing industry
and government leaders to focus on managing risk, creating opportunities to
differentiate, cultivating an IT service base that is globally competitive, and
building trust. Cybersecurity can be that differentiator and business
ESET senior research fellow, Nick FitzGerald, said with the threat of cyber-attacks increasing every day, the Australian government needs to make cybersecurity a top priority.
"In the coming years, we should anticipate the government will encounter higher volumes of more sophisticated threats, which will have the potential to be very damaging. As many departments become digitised, the complexity of threats will increase, putting government agencies at risk.”
“There are many different strategies the government can take to prevent cyber-attacks, or at least minimise the damage caused by them. However, one common theme across all of the strategies is proactivity, and making sure serious measures are put in place today. This will help identify the challenges in advance, predict what the attackers are looking for, and help safeguard the systems in the most effective way possible,” he mentioned.
Nuix CEO, Eddie Sheehy, commends the strategy and said it is a clear and integrated response to improve the nation’s cyber security position.
“This strategy is a robust and effective response to cyber threats, which are increasingly affecting the operation of many public and private sector organisations in Australia. It is essential that cyber-security is embedded across every organisational level to increase protection against attacks and this strategy strongly supports that approach.”
“Cybersecurity is a never-ending journey, not a destination. The strategy’s approach will help improve cyber security protection measures so they are more relevant, up-to-date and effective on a daily basis, rather than a tick-box compliance exercise for organisations," Sheehy said.
WatchGuard Technologies Asia-Pacific technical director, Rob Collins, said as a pre-sales engineer with experience working in various Internet security companies over the years, he has preached the importance of strong cyber security too often to deaf ears.
"Hopefully, with these announcements and funding for education and establishing best practices, CEOs and CIOs will appreciate the need and budget for robust cyber security initiatives," he said.
However, Collins mentioned acknowledging that Australia has ‘offensive cyber capabilities’ may well ultimately paint a bigger target on our heads for hackers and could hinder political relationships with other nations.
"IT security professionals understand that cyber warfare can be just as dangerous as a real war, with power stations, water treatment facilities and uranium purification processes all vulnerable to attack," he added.
Blue Coat A/NZ chief information security officer, Damien Manuel, said the strategy is a positive step towards Australia becoming a ‘cyber smart nation’.
"The proposal to develop a highly-skilled cyber security workforce is certainly much needed. Demand in Australia and the wider Asia-Pacific region has never been higher. The profession is full of opportunity and is ideal for people with a diverse range of skills.
"It’s a great place to be and anything that can be done to promote that is a good thing," he said.
ACS CEO, Andrew Johnson, said cyber security is perhaps the biggest threat to Australia fulling the opportunities of the digital age.
StartupAUS, CEO, Alex McCauley, said the money spent on strengthening cybersecurity is money towards technology and jobs of the future - this is encouraging particularly in terms of attracting tech talent to our shores.
"StartupAUS supports the collaboration between all the key stakeholders both public and private," he added.
BDO Risk Advisory Partner, Leon Fouche, said a key component to this strategy’s effectiveness, and to the protection of all businesses, is recognising that cyber security is not just an IT issue but rather a business issue that requires ownership by the C-suite and understanding by all departments.
“The strategy’s strong focus on collaboration and education also highlights the role every business can play. While the Federal Government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices," Fouche said.
“Organisations should also look at the forthcoming designation of a Minister Assisting the Prime Minister on cyber security and consider how they might assign a similar responsibility to either an executive or management team.”
Fouche said industry players of all types and sizes should be working together and pooling their knowledge and resources in order to defend their organisations, employees and customers against cyber criminals.
“The strategy’s recommendation of voluntary governance health checks for ASX 100 organisations certainly highlights the particular risks faced by these high-profile organisations. However, private, small and mid-sized companies make up the vast majority of the business community and can be just as vulnerable to cyber-attack, especially those with an online presence and less mature IT security measures in place," he said.
"I urge all businesses, including SMEs, to undertake some level of self-assessment on a regular basis in order to understand their cyber risk exposure and their ability to respond to and recover from a cyber incident. While there are certainly technical mitigation strategies to address, again this is not just an IT issue, but a core component of business strategy."
Melbourne-based cyber security security company, Network2Share CEO and founder, Regan McKay, welcomed the Prime Minister’s announcement today and increased commitment to innovation in cyber security.
“Cyber security is not only for governments. Businesses handle all sorts of sensitive data, from financials to personal records of staff and customers," McKay said.
“The recent Panama Papers leak is an example of risks to business data due to poor cyber security practices. A business’ files and documents – their marketing plans, financial documents, product roadmap, contracts, customer databases etc – are its lifeblood."
According to CyberArk A/NZ regional director, Sam Ghebranious, the government’s $230 million investment in its cyber security strategy will support the overall raising of awareness of the problem of cyber security and opportunities for Australian security skills development.
"To be successful at warding off future cyber attacks, Australian government departments and agencies need to design their security strategies from the inside out, taking the view that attackers may have already found their way into the IT infrastructure.
"We believe the Australian government is well positioned to play a leadership role in helping raise awareness about cyber security risks and provide the resources needed to help enterprises and government agencies develop robust, proactive IT security strategies, including greater access to education and training," he added.
AIIA CEO, Rob Fitzpatrick, said the industry body has been agitating for cyber-security strategic change for some time, and it’s heartening to see such promising progress.
"The AIIA is committed to working with the Government in support of this strategy which adopts many of our recommendations and highlights a number of industry concerns.”
"The AIIA is eager to see the strategy supported by a clear implementation plan that includes milestones, targets, measures of success, investment commitments and reporting frameworks," Fitzpatrick added.
Deloitte cyber risk leader APAC, James Nunn-Price, echoed the statements of many of his counterparts saying the company was particularly supportive of the Government’s five pillar cyber security strategic focus.
“Going deeper on fewer and more targeted initiatives will make a difference, rather than try and cover the hundreds of things clamouring for attention in the cyber security space. In this way government, business and academia can all pull together to focus resources on actions that will make an impact, rather than being spread too thinly,” he added.
“By calling out growth and innovation, and nurturing home-grown expertise to generate jobs, we will build a cyber smart nation. The Government’s initiative to collaborate with academia, business and researchers, as well as fostering STEM skills through the education system, and increasing diversity in them, will, we believe enable Australia to lead cyber innovation and resilience in the Asia Pacific region.”