The paper, released by Home Affairs Minister Peter Dutton on Friday, says the 2020 strategy will build on the 2016 strategy that was put in place by former prime minister Malcolm Turnbull.
Dutton said the new strategy would be developed in close collaboration with industry, research partners and community groups.
"Strong collaboration and partnerships are vital to ensure this strategy is well positioned to tackle the cyber security challenges we face as a nation," he said.
"The government currently uses its cyber security capabilities within a legislative framework that was established before the Internet became a foundational element of our economy, and without a modern perspective on how malicious cyber activity crosses traditional geographical borders," the discussion paper says.
"Government’s activity is also regulated strictly by law and subject to extensive external and independent scrutiny to protect the privacy of Australians."
Last year, News Corporation newspapers reported that the Australian Signals Directorate was looking at extending its surveillance to Australians. This year, the Australian Federal Police raided the home of Annika Smethurst, the reporter who wrote the story. The government has denied that the ASD would extend its role in this manner.
The raid has been followed by court action, taken by News Corporation, along with the ABC which was raided over another story.
Another section of the discussion paper also hints that the government would like a freer hand in dealing with cyber incidents. "Under existing legislative frameworks, government can only take direct action to prevent or respond to cyber security incidents with the permission of network owners (including other government agencies)," the paper says.
"This takes time and gives malicious actors an advantage. In national emergency situations, it may be appropriate for government agencies to take swifter action."
As an example, the paper cites the Bluekeep vulnerability in older versions of Windows and suggests that there are as many as 50,000 vulnerable machines in the country, it might be better for the government to act to identify vulnerable systems before a worm based on this flaw was released.
The discussion paper includes a number of questions seeking input and comments can be submitted until 1 November.
Commenting on the release of the consultation paper, Kevin Vanhaelen, regional director for Asia-Pacific at security firm Vectra, said: "The release of today’s consultation paper is an important step in protecting Australia from foreign threats. State-sponsored attackers, seeking to do economic and political damage to another country, are naturally drawn to critical infrastructure and services.
"At one time, manufacturing, transportation, utilities, energy and other critical infrastructure were thought to be impervious to cyber attacks because the computers used to operate them did not access the internet and were separate from the corporate network. This is no longer true. The risk of nation-state threats, espionage and internal exposure has risen in today's age of connectivity."
Vanhaelen said nation states had plenty of resources, were innovative and highly motivated whereas organisations had limited time and limited human and technical resources to protect rapidly expanding attack surfaces.
"Nation states, or their sponsored proxies, have broad motivations, and expecting the unexpected is a difficult task. All organisations therefore need to realise that breaches are a case of 'when not if' and so equip themselves to identify and respond to attacks to remediate them in their early stages before catastrophic damage is done," he added.