2023–2030 AUSTRALIAN CYBER SECURITY STRATEGY DISCUSSION PAPER RELEASED: WHAT’S INSIDE?
February 27, 2023
Photo: Cyber Security Connect
The Expert Advisory Board formed to help strengthen Australian policies regarding cyber security has released its 2023–2030 Australian Cyber Security Strategy Discussion Paper today (27 February).
The paper frames the discussion about how to best respond to the current climate of cyber threats while building Australia toward a world-leading position when it comes to cyber security skills and products.
“This discussion paper is an opportunity to provide your views on how we can work together to make Australia a world leader in cyber security by 2030,” said Cyber Security Minister Claire O’Neil in the paper’s foreword.
Introduction from the Expert Advisory Board
The discussion paper opens by painting a picture of the global and domestic environment and the threats and opportunities Australia faces. It notes that cyber is both a tool for building business and society, but also for crime and espionage. One of the driving factors of change, of course, was the COVID-19 pandemic.
“The adoption of digital technologies by some organisations was sped up by three to seven years in just months,” the advisory board noted. But this uptake of technology also comes with unique opportunities for growth.
“The Australian cyber market contributed approximately $2.4 billion in gross value added (GVA) in 2022, and the sector’s GVA grew by 11 per cent from 2020 to 2022.”
“The CSIRO estimates that Australia’s cyber security revenue could reach $6 billion per year in 2026.”
But cyber crime remains the biggest rising threat.
“According to the Australian Cyber Security Centre’s (ACSC) 2021–22 Threat Report, one incident is reported on average every seven minutes, with over 76,000 cyber crime reports in 2021–22,” the advisory board said. 2022 has been a particularly challenging year, with a raft of cyber attacks against high-profile Australian businesses.
“There was no greater example of this than in September and October 2022, when over a three-week period the personal data of over 9.8 million Optus customers and 9.7 million Medibank customers was stolen by cybercriminals,” the board said. “The scale and severity of these breaches meant that cyber security became a topic that is now front and centre in board rooms and living rooms.”
“If we are to lift and sustain cyber resilience and security, it must be an integrated whole-of-nation endeavour. We need a coordinated and concerted effort by governments, individuals, and businesses of all sizes.”
Australia’s cyber security opportunity
The next section takes a broad look at what Australia may look like in 2030 as a world leader in cyber security.
It will be a country that is more connected than ever before but also faced with more threats and challenges. However, despite this, Australians can engage with cyber space with “confidence and assurance” thanks to strong policy positions and regulations.
As a world leader in cyber skills, Australian cyber security products are trusted, secure, and affordable.
“Australian-made products set the international benchmark for cyber services, created in a way that reflects the values of a democratic society, leading on safety and security while respecting basic rights,” the discussion paper proposed.
“Customers expect cyber secure technologies in the same way they expect a car to be sold with a seatbelt.”
Australia is trusted in the region, and on the world stage, as a leader in the field, and one that seeks to protect and uplift our partners. Our infrastructure is fit for purpose and well protected, and businesses and agencies alike are constantly looking to improve cyber resilience and learning.
And if an incident does occur, Australian organisations have “an agile and rapid response to mitigate its harm, recover quickly, and disrupt further malicious acts”.
Approach to consultation
The strategies to get to 2023 will build upon the foundations of previous cyber security strategies and will be constructed over a consultation phase that will continue through the final drafting and release of the strategy before the end of the year. The Expert Advisory Board and Department of Home Affairs will tackle domestic elements of the plan, while the Department of Foreign Affairs and Trade will look further abroad and keep in mind international partnerships.
“The Minister for Home Affairs and Cyber Security and the Expert Advisory Board are also being advised on global best practice by a Global Advisory Panel comprising the best minds from our closest allies,” the paper noted. “The Global Advisory Panel is chaired by Ciaran Martin CB, former CEO of the United Kingdom’s National Cyber Security Centre.”
Priorities for the 2023–2030 Australian Cyber Security Strategy
This section lays out the policy areas that need to be addressed, as well as other areas for potential action and asks questions about how these challenges can best be faced. Key among them is how to improve Australia’s regulatory frameworks. Making sure that the obligations of businesses and other agencies are clear and transparent is another key challenge in this area.
“For example, stakeholders have encouraged government to streamline reporting obligations and response requirements following a major cyber incident,” the report said.
The report also notes that we must have an international strategy as well as a domestic one. This will entail greater financial and diplomatic opportunities, as well. “How can government and industry partner to uplift cyber resilience and secure access to the digital economy, especially in south-east Asia and the Pacific?” is just one of the questions this part of the discussion paper proposed.
Finally, the challenge of keeping the government, and its mountain of sensitive data, secure is of paramount importance. Given the increasingly growing and complex threat environment of a world still in the grips of the pandemic and facing Russia’s illegal war in Ukraine, governments the world over are under higher levels of cyber threat than ever before — and Australia is a prime target, according to the paper.
Previous strategies have not measured up to the necessities this new environment demands, the paper said. The challenge is to make sure that the strategy delivers “best practice standards, evaluation, transparency, reporting, and aligned incentives; and the appropriate support, accountability and leadership for individual government departments and agencies to manage their cyber security risk profile”.
Other areas the discussion paper considers are cyber threat sharing, building Australia’s cyber workforce, and better national frameworks for how to respond to serious cyber attacks.
The consultation period for the discussion paper will last until 15 April 2023, and any responses should be mailed to [email protected].