Thursday, 21 April 2016 17:18

Federal Government releases cybersecurity strategy

By

The Federal Government today unveiled its cyber security strategy along with the appointment of Alastair MacGibbon as the Prime Minister's special adviser on cyber security.

"The Australian Government has a duty to protect our nation from cyber attack and to ensure that we can defend our interests in cyberspace. We must safeguard against criminality, espionage, sabotage and unfair competition online," said the Prime Minister, Malcolm Turnbull.

Australia's Cyber Security Strategy [PDF] says "we must elevate cyber security as an issue of national importance."

The strategy has five main aspects.


A national cyber partnership

As much of the nation's digital infrastructure is privately owned, the government proposes annual cyber security meetings hosted by the Prime Minister and attended by leaders from the business and research communities.

The Australian Cyber Security Centre will move to new premises providing room for growth and better cooperation with the private sector, and the government will sponsor research into the costs of malicious activity to help local organisations make better investment and risk management decisions.

Strong cyber defences

The government proposes better information sharing between the public and private sectors, with joint cyber threat sharing centres and an online portal.

The cyber security and cybercrime capacity and capability of the Australian Cyber Security Centre, CERT Australia, Australian Signals Directorate, Australian Crime Commission and Australian Federal Police.

Governments, businesses and the research community will co-design national voluntary cyber security guidelines to promote good practice by all organisations, and voluntary cyber security governance 'health checks' will be offered.

Global responsibility and influence

As most cybercrime targeting Australians originates overseas, partnerships with international law enforcement, intelligence agencies and other computer emergency response
teams will be developed to help build cyber capacity to prevent and shut down safe
havens for cyber criminals.

Australia will appoint a cyber ambassador charged with identifying opportunities for such collaboration and to represent the country on related issues.

Growth and innovation

Cyber security is seen as an export growth opportunity, so the government will establish a Cyber Security Growth Centre, and boost the cyber security capacity of the CSIRO's Data61 in part by instituting a PhD scholarship program.

A cyber smart nation

There are two main aspects to this part of the policy: increasing the number of skilled cyber security professionals through the education system, and sustained joint public-private awareness initiatives and education campaigns to help ensure all Australians understand how to protect themselves online.


The strategy seems to have received a positive reception from industry.

Cisco senior vice president and chief security and trust officer John N. Stewart - one of the five experts selected by the Department of Prime Minister and Cabinet to provide key recommendations - said "Digitisation continues to be a driver of Australia's economic transition, causing industry and government leaders to focus on managing risk, creating opportunities to differentiate, cultivating an IT service base that is globally competitive, and building trust. cyber security can be that differentiator and business advantage."

Webroot APAC managing director Robbie Upcroft told iTWire that the strategy is "all very encouraging" but in the light of the "rising tide of threats hitting small businesses" more attention could have been paid to that sector as larger organisations already have protective mechanisms in place.

Upcroft said the government should broaden its outreach program by including accountants and other professionals that provide advice to small businesses.

While the government's proposals for threat intelligence sharing makes sense, it presents commercial challenges. "We would welcome a discussion" of this aspect, Upcroft said.

Australia's Cyber Security Strategy is "something we all should be encouraged by," it is "one thing to announce a policy, another to enact it," he said.

WatchGuard Technologies APAC technical director Rob Collins said "As a pre-sales engineer with various internet security companies over the years, I've preached the importance of strong cyber security too often to deaf ears.

"Government agencies that are not taking advantage of the latest technologies like Sandbox malware analysis and layered security are leaving themselves vulnerable.

"Hopefully, with these announcements and funding for education and establishing best practices, CEOs and CIOs will appreciate the need and budget for robust cyber security initiatives."

Ian McAdam, Symantec's ANZ managing director Ian McAdam said "With the incidence and severity of cyber security threats increasing across the country, Symantec supports the Australian Government's Cyber Security Strategy.

"The investment announced by the government today demonstrates there is no one silver bullet that can protect our nation from cyber security threats. The government's strategy to apply a multi-pronged approach across cyber security education, partnerships, research and development, and global awareness is an important step in helping to reduce cyber security threats.

"Given the borderless nature of cybercrime, building trusted partnerships with the private sector and other governments to share intelligence that tackles critical cyber risks will be critical to helping Australia stay on the offensive."

CyberArk ANZ regional director Sam Ghebranious thought the government's $230 million cyber security investment will support the overall raising of awareness of the problem of cyber security and opportunities for Australian security skills development.

But he also said "today's confirmation by the government that the attack on the Bureau of Meteorology was indeed the target of a cyber attack provides compelling evidence that governments need to make a fundamental shift in their overall security strategies.

"Historically, many government agencies have simply failed when it comes to the basics of passing Security 101, including patching servers, implementing regular system updates, and tightening controls around privileged accounts and administrator credentials."

Ghebranious added "We believe the Australian government is well positioned to play a leadership role in helping raise awareness about cyber security risks and provide the resources needed to help enterprises and government agencies develop robust, proactive IT security strategies, including greater access to education and training. Today's announcement is very encouraging for the community."

Dell SecureWorks APJ head of incident response and forensics Liam Rowland said "The Government Security Strategy tells us something with certainty, the Australian government is getting very serious about Cyber Security, meaning organisations operating in Australia are going to need to follow suit."

"Australia's attitude to security, as a whole, is evolving. It is critical anyone that operates in Australia evolves with it."

He also drew the attention of Australian businesses to the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015, which the government is seeking to pass.

"With the new cyber security strategy and breach notification regulations coming into place in Australia, organisations will now have to be transparent around breaches. This means people will be asking more questions about why their data wasn't secured to the degree to prevent a breach should one occur. If the cause is because the business didn't have an incident response plan in place, not only will they be fined under the new regulations and have to report it to their stakeholders but also may face customer backlash and resentment around the loss of their personal data."

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments