This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
The role of the National Cyber Security Coordinator is to coordinate Australia’s strategic response to cyber security threats, opportunities and challenges.
My office coordinates the whole-of-government response to significant cyber incidents, working closely with operationally independent technical, law enforcement, and regulatory agencies, and coordinating whole of economy consequence management.
I also have responsibility for overseeing the delivery of the 2023-2030 Australian Cyber Security Strategy to help improve Australia’s cyber resilience, and drive whole of nation cyber security awareness, education and prevention.
As we look towards the future of cyber and its impact on national security at a global scale, what does effective security collaboration at an international level look like?
Australia remains deeply invested in building strong international partnerships – an acknowledgment that cyber security is borderless. The threats we face, and the opportunities available are shared.
Continued international collaboration is critical as we seek to uphold global cyber standards and together leverage the immense opportunities of secure global commons.
We have refocused Australia’s cyber cooperation and capacity building efforts to be more targeted, impactful and sustainable, enabling our partners in the Pacific and Southeast Asia to better prevent cyber incidents and recover quickly when they occur.
Australia is also a founding member of the Counter Ransomware Initiative (CRI) and co-chairs the International Counter Ransomware Task Force with Lithuania. Both efforts demonstrate the importance of international collaboration on the global ransomware challenges.
Our participation in the Quad Senior Cyber Group also demonstrates our commitment to maintaining an Indo-Pacific that is inclusive, resilient and equipped to detect and deter cyber-attacks.
I see a future where Australia continues to drive global cooperation to develop common standards and effectively prevent, deter and respond to cyber security challenges, making us all more secure.
To subscribe to the GovInsider bulletin, click here.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the cybersecurity scene globally?
Cybercrime is insidious, increasing in scale and sophistication globally.
In Australia, we continue to face a deteriorating cyber threat environment, with the Australian Signals Directorate’s Annual Cyber Threat Report 2023-24 advising that a cybercrime is reported every six minutes.
This is consistent with global reporting, which highlight cyber incidents as the top global business risk for the fourth year running.
We are also witnessing an increase in state actors conducting malicious cyber activities. Under the 2023-30 Australian Cyber Security Strategy, Australia will continue to uphold international law and the agreed framework for responsible state behaviour.
We will impose a cost on those responsible for cyber incidents, including making public attributions and imposing sanctions when we have sufficient evidence and it is in our national interests to do so.
We are currently watching the emergence of AI-driven cyberwarfare where hackers and professionals are using AI tools for both attack and defend. How can industry and government harness this occurrence to improve their own security measures?
Cyber security is a critical thread in almost all aspects of our economy.
AI offers incredible opportunities and great potential to drive economic efficiency, but will almost certainly exacerbate existing and future national security risks.
The Australian Government is providing practical guidance through Voluntary AI Safety Standards, supporting businesses to adopt AI safely and responsibly, as well as continuing to develop mandatory guardrails for the use of AI in high-risk settings.
We are also engaging internationally to ensure the global governance of AI strengthens safe and responsible practices internationally, reflecting our democratic values and respect for human rights.
Wherever technology offers us creative and innovative solutions, we know we need to identify and mitigate new risks. We must ensure our technology is secure by design.
Technology underpins our critical infrastructure and delivers the essential services that are the foundation of our economy, security and sovereignty; while supporting the standard of living we have all come to expect.
When looking to improve whole-of-country cybersecurity posture, what has been the biggest vulnerability and how have you responded to this?
As we continue to build our digital economy, we must translate our strong physical culture into a strong cyber security culture.
Our 2023-30 Australian Cyber Security Strategy is our foundational national response to cyber security uplift and addresses cyber security posture across six layers, we call shields.
These shields are focused on: Strong businesses and citizens; Safe technology; World-class threat sharing and block; Protected critical infrastructure; Sovereign capabilities; and Resilient region and global leadership.
There are still things that every Australian can do, to make us all more cyber secure and we continue to invest in these initiatives.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your role in facilitating the Plan B approach and why it is important?
Australia has strong regulation requiring critical infrastructure to maintain cyber security incident response plans.
A large part of my role is exercising these plans and collaborating across the economy to ensure we are sharing best practice and lessons learnt.
When the worst happens, we collaborate across the Australian Government to support impacted entities through the provision of a highly coordinated response, seeking to minimise harm and ensure victim entities are resilient & bounce back rapidly.
This includes convening all sectors of the economy required to ensure broader consequences are minimised and harms are mitigated to the greatest extent possible.
Looking into the future, what are your hopes for development of the cyber industry?
Developing our cyber workforce and partnering with industry are top priorities.
A key goal under the Strategy, is for Australia to have a flourishing cyber industry.
Only through focused collaboration between industry and government, can we tackle some of the toughest cyber security problems and harness the opportunities presented by technologies like AI and quantum computing.
Reflecting on your leadership experience across defense and cyber, what advice can you give us?
The rapid pace of change – of both threats and technology – means that cyber security must be about collaboration and not competition.
Cyber security is national security, economic stability and prosperity. Governments cannot do this alone. Strong and trusted public – private partnerships are critical.
And while we need a sector that is collaborative, creative, innovative, agile and diverse, like most challenges, it also requires strong leadership.
Leaders at every level need to drive informed decisions around priorities, risk and resources. It’s also an incredibly demanding field.
We need leaders to not only drive uplift & capability, but to promote the support culture and structures than protect and grow our workforce.
Can you explain the importance of professionalising the cyber industry?
Growing and professionalising the cyber industry is critical for building a resilient and trusted digital future.
As cyber threats become more complex, we need a workforce that is not only sufficiently sized but also skilled and accountable.
Australia is making significant investments in growing and professionalising the cyber security industry Introducing clear pathways and consistent standards removes barrier and fosters growth of through both horizontal and vertical avenues.
Professionalisation also helps to attract new talent. The new generation of cyber professionals want to know there’s a structured and respected career waiting for them, where they can achieve their full potential.
It’s the responsibility of both Government and industry to endorse a career in cyber as vital to national security and our way of life.
We often see lower numbers of women entering the cyber workforce. How can the cyber community break down barriers to entry to engage more demographics of the population in the workforce globally?
Diversity in the workplace is vital to building a responsive, creative, innovative, and future ready workforce.
We must ensure the narrative and culture across the cyber field is right. There is nothing inherently exclusive or masculine about cyber security and we must ensure that those entering the workforce or looking to change fields understand the pathways available to them, and that all who seek to serve in the field have the opportunity to reach their full potential.
To that end, we are working closely with industry to ensure we can attract, grow and retain a workforce that’s not only capable but varied in perspective. This includes increasing employment of women and First Nations people.
