The Australian federal government announced its first plans for what the 2023-30 national cybersecurity strategy will look like by educating citizens and businesses, investing in cyber skills and collaborating with national and international partners.
Home Affairs Minister Clare O’Neil revealed the plan for the strategy–which is expected to be released by the end of 2023–during the AFR Cyber Summit. “So, these shields will help protect our business, our organisations and our citizens, and it will mean that we won’t be alone or in our silos trying to manage this problem. It will mean a cohesive, planned national response that builds to a more protected Australia,” O’Neil said.
Australia’s six cyber shields
The first shield proposes a long-term education of citizens and businesses so by 2030 they understand cyberthreats and how to protect themselves. This “shield” comes with a plan B that plans for citizens and businesses to have proper supports in place so that when they are the victim of cyber-attack, they’re able to get back up off the mat very quickly.
The second shield is for safer technology. The federal government will have software treated like any other consumer product that is deemed insecure. “So, in 2030 our vision for safe technology is a world where we have clear global standards for digital safety in products that will help us drive the development of security into those products from their very inception,” O’Neil said.
This is connected to the April announcement from Australia, Canada, Germany, the Netherlands, New Zealand, the UK and the US; which will see ten agencies from these seven countries join forces to create a guide for software developer organisations to ensure their products are both secure by design and by default.
The third shield aims to be a world-class threat sharing and blocking system. This means a future where by 2030 threat intelligence can be exchanged between government and business at real-time machine speed and then threats blocked before they cause any harm.
Something in the likes of this has already been put in motion by the World Economic Forum and some of the largest technology companies in the world, the Cybercrime Atlas. The Atlas aims to map the cybercriminal ecosystem worldwide and allow global law enforcement agencies to access that information when fighting cybercrime.
The fourth proposed shield will focus on protecting Australian’s access to critical infrastructure, with the Home Affairs and Cybersecurity minister saying that “part of this year will be about government lifting up its own cyber defences to make sure we’re protecting our country.”
A much needed action given the most recent audits on councils and public agencies across Australia have found many to be lacking basic security controls or even understanding of cybersecurity. In NSW, almost half of the councils do not have a formal cybersecurity plan in place and are failing to share cyber risks with those in charge of governance. In Queensland, councils are taking too long to resolve high-risk issues with 65% of unresolved significant deficiencies at 30 June 2022 remained unresolved more than 12 months after being identified. While nine public agencies in Victoria have not fully set up Microsoft 365 cloud-based identity and device controls
The fifth cyber shield will be sovereign capability through cyber skills “where cybersecurity is a really desirable profession for young people around the country and that we are making sure that we have the system that’s adaptable in itself,” O’Neil said. This is a direct response to one of the many common feedback received by the government during the discussion for the development of the new cybersecurity strategy. “There was universal recognition of the need to do more about cyber skills and the sense that when it comes to the cyber industry, quality can be a little bit hard to discern for many Australian companies.”
The sixth shield will be undertaking coordinated global action and pushing for a more resilient region. Assistant Minister for Foreign Affairs Tim Watts is in charge of this and will help the government to understand how it can build strong and valuable partnerships within the region to assist countries struggling with this problem.
How the strategy will be delivered
The strategy will be delivered in two-year blocks, with the first running through to 2025 which is about “building out strong foundations,” said O’Neil. “As the cyber challenge reshapes, we will take stock and each two years when [we] build out the next phase of this plan that will ultimately see the country surrounded by these six firm shields of protection that will help keep our citizens safe.”
The minister alerted that this does not mean a world without cyberattacks. “No government can promise this. What it will mean is having the clear national approach that will build to more than the sum of the parts. It means a world where we’re using every piece of information that all your companies have about the cyber threat so we can build a clear national picture and respond to it as quickly as possible. It’s a world where when we do come under cyberattacks we’re able to bounce back quickly and where government is a convenor and a leader and a partner to all of you in helping tackle that challenge.”
O’Neil also shared some common factors in the discussion paper submissions including one of the clear areas of critique for government was around its role in incident response, and there has been a lot of enthusiasm for the appointment of a National Cyber Coordinator.
On the topic of ransomware she said there’s more recognition that Australia cannot continue indefinitely to be a country where it is a part of business to be funnelling money into cyber criminal gangs. “But we also heard that we do not have the proper supports in place today to be able to implement an outright ban on ransomware payments.”
Click Here For The Original Source.
