“That’s why working as an ecosystem is so important.”
Earlier, Home Affairs and Cybersecurity Minister Clare O’Neil said Australia’s new cybersecurity strategy, to be released later this year, would feature a detailed plan for information sharing that would help block threats before they caused any damage,
“By 2030, we envision a world where threat intelligence can be exchanged in real-time, at machine speed – and then threats blocked before they cause significant harm,” the minister said.
Business closes ranks
“We heard clearly that the community and business want government there, in the fight and at the table with them. But government has to show some leadership. We can’t demand business improve but not have our own house in order.”
The security chiefs spoke about the effectiveness of sharing information with each other but closed ranks around publicly sharing information, which was backed by the cybersecurity minister.
In response to a question about Optus’ decision to keep private the details of a Deloitte investigation into its cyber breach last September, Ms O’Neil said the telco was under no obligation to release the report.
“Optus is entitled to do with the report what they would like to do,” Ms O’Neil told the Summit on the one-year anniversary of the Optus data breach that compromised the personal data of more than 9 million of its customers.
“We’ve got a big problem to solve here and I think kind of rehashing the events of the last year isn’t necessarily helping us do that.”
Telstra security chief Narelle Devine told the Summit a company might choose not to publish a detailed post-mortem of a hack because the system could still be vulnerable or present in other businesses.
“You don’t know how long it’s going to take to actually technically rectify some of these issues,” Me Devine said.
“There are legacy systems that are unmatchable, they are not easily upgradeable, they could take several years to change out.
“There could be some very good reason as to why that’s not being shared. It also might not be an uplift in that particular company. It might be a vulnerability that is now known to them but actually still exists in other areas of the ecosystem in Australia.”