Thursday, 21 April 2016 17:18

Federal Government releases cybersecurity strategy


The Federal Government today unveiled its cyber security strategy along with the appointment of Alastair MacGibbon as the Prime Minister's special adviser on cyber security.

"The Australian Government has a duty to protect our nation from cyber attack and to ensure that we can defend our interests in cyberspace. We must safeguard against criminality, espionage, sabotage and unfair competition online," said the Prime Minister, Malcolm Turnbull.

Australia's Cyber Security Strategy [PDF] says "we must elevate cyber security as an issue of national importance."

The strategy has five main aspects.

A national cyber partnership

As much of the nation's digital infrastructure is privately owned, the government proposes annual cyber security meetings hosted by the Prime Minister and attended by leaders from the business and research communities.

The Australian Cyber Security Centre will move to new premises providing room for growth and better cooperation with the private sector, and the government will sponsor research into the costs of malicious activity to help local organisations make better investment and risk management decisions.

Strong cyber defences

The government proposes better information sharing between the public and private sectors, with joint cyber threat sharing centres and an online portal.

The cyber security and cybercrime capacity and capability of the Australian Cyber Security Centre, CERT Australia, Australian Signals Directorate, Australian Crime Commission and Australian Federal Police.

Governments, businesses and the research community will co-design national voluntary cyber security guidelines to promote good practice by all organisations, and voluntary cyber security governance 'health checks' will be offered.

Global responsibility and influence

As most cybercrime targeting Australians originates overseas, partnerships with international law enforcement, intelligence agencies and other computer emergency response
teams will be developed to help build cyber capacity to prevent and shut down safe
havens for cyber criminals.

Australia will appoint a cyber ambassador charged with identifying opportunities for such collaboration and to represent the country on related issues.

Growth and innovation

Cyber security is seen as an export growth opportunity, so the government will establish a Cyber Security Growth Centre, and boost the cyber security capacity of the CSIRO's Data61 in part by instituting a PhD scholarship program.

A cyber smart nation

There are two main aspects to this part of the policy: increasing the number of skilled cyber security professionals through the education system, and sustained joint public-private awareness initiatives and education campaigns to help ensure all Australians understand how to protect themselves online.

The strategy seems to have received a positive reception from industry.

Cisco senior vice president and chief security and trust officer John N. Stewart - one of the five experts selected by the Department of Prime Minister and Cabinet to provide key recommendations - said "Digitisation continues to be a driver of Australia's economic transition, causing industry and government leaders to focus on managing risk, creating opportunities to differentiate, cultivating an IT service base that is globally competitive, and building trust. cyber security can be that differentiator and business advantage."

Webroot APAC managing director Robbie Upcroft told iTWire that the strategy is "all very encouraging" but in the light of the "rising tide of threats hitting small businesses" more attention could have been paid to that sector as larger organisations already have protective mechanisms in place.

Upcroft said the government should broaden its outreach program by including accountants and other professionals that provide advice to small businesses.

While the government's proposals for threat intelligence sharing makes sense, it presents commercial challenges. "We would welcome a discussion" of this aspect, Upcroft said.

Australia's Cyber Security Strategy is "something we all should be encouraged by," it is "one thing to announce a policy, another to enact it," he said.

WatchGuard Technologies APAC technical director Rob Collins said "As a pre-sales engineer with various internet security companies over the years, I've preached the importance of strong cyber security too often to deaf ears.

"Government agencies that are not taking advantage of the latest technologies like Sandbox malware analysis and layered security are leaving themselves vulnerable.

"Hopefully, with these announcements and funding for education and establishing best practices, CEOs and CIOs will appreciate the need and budget for robust cyber security initiatives."

Ian McAdam, Symantec's ANZ managing director Ian McAdam said "With the incidence and severity of cyber security threats increasing across the country, Symantec supports the Australian Government's Cyber Security Strategy.

"The investment announced by the government today demonstrates there is no one silver bullet that can protect our nation from cyber security threats. The government's strategy to apply a multi-pronged approach across cyber security education, partnerships, research and development, and global awareness is an important step in helping to reduce cyber security threats.

"Given the borderless nature of cybercrime, building trusted partnerships with the private sector and other governments to share intelligence that tackles critical cyber risks will be critical to helping Australia stay on the offensive."

CyberArk ANZ regional director Sam Ghebranious thought the government's $230 million cyber security investment will support the overall raising of awareness of the problem of cyber security and opportunities for Australian security skills development.

But he also said "today's confirmation by the government that the attack on the Bureau of Meteorology was indeed the target of a cyber attack provides compelling evidence that governments need to make a fundamental shift in their overall security strategies.

"Historically, many government agencies have simply failed when it comes to the basics of passing Security 101, including patching servers, implementing regular system updates, and tightening controls around privileged accounts and administrator credentials."

Ghebranious added "We believe the Australian government is well positioned to play a leadership role in helping raise awareness about cyber security risks and provide the resources needed to help enterprises and government agencies develop robust, proactive IT security strategies, including greater access to education and training. Today's announcement is very encouraging for the community."

Dell SecureWorks APJ head of incident response and forensics Liam Rowland said "The Government Security Strategy tells us something with certainty, the Australian government is getting very serious about Cyber Security, meaning organisations operating in Australia are going to need to follow suit."

"Australia's attitude to security, as a whole, is evolving. It is critical anyone that operates in Australia evolves with it."

He also drew the attention of Australian businesses to the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015, which the government is seeking to pass.

"With the new cyber security strategy and breach notification regulations coming into place in Australia, organisations will now have to be transparent around breaches. This means people will be asking more questions about why their data wasn't secured to the degree to prevent a breach should one occur. If the cause is because the business didn't have an incident response plan in place, not only will they be fined under the new regulations and have to report it to their stakeholders but also may face customer backlash and resentment around the loss of their personal data."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments