Daniel Lai, the head of ASX-listed archTIS, told iTWire that while any announcement of an increase in potential future funding from the government towards improving Australia’s Cyber Security position was welcome, this announcement would also do little to help industry or small business and project them from "the real and present danger that exists from malicious cyber actors".
Morrison announced the funding on Monday. Fifty million dollars will go towards hiring people to expand the workforce, while another $40 million would be allocated for the Australian Cyber Security Centre to work with the Australian Federal Police to counter attacks by cyber criminals from outside the country.
The ACSC will get an additional $26 million to provide assistance to the community in the event of any cyber attacks and the remaining $40 million to hire more military cyber experts over the next four years.
"There is no preventive aspect to the announcement to deal with the threat today," said Lai. "Whilst it is needed, it is another ‘finger in the dike’ fix.
"Until there is a proper strategy to appropriately fund and address the enormity of the problem and introduce preventive measures for government, industry and small business, we will continue to see Australian national secrets and intellectual property stolen."
Asked what he meant by "preventive aspect", Lai said: "The announcement focused on human resource training and advice [that] will take significant time to add value to addressing the issue.
"Human resource training does not address the current threat. Advice services are [a] post attack or new exploit [mitigation strategy]."
He said preventive measures were about immediate investment in security controls and products to defend against current attacks.
"There was no announcement of a fund or incentive for important government agencies, industries or small business to draw down to improve their current cyber security posture to defend against attacks," Lai added.
He said a holistic strategy would address the protection of Australia's national defence, law enforcement, border and critical infrastructure industries.
"It would broadly cover all aspects of cyber including information security, incident management, recovery, insurance and accreditation and certification.
"Right now there is no implementation plan for this, no centralised ecosystem to understand the relationship to develop an integrated strategy and policy with industry and small business."