Australia to develop new cyber security strategy

Australia plans to develop a new cyber security strategy that aims to strengthen the country’s critical infrastructure, among other goals, following a spate of high-profile cyber attacks against Australian companies this year.

Speaking at the National Press Club today, minister for home affairs and minister for cyber security Clare O’Neil said the strategy will be led by Cyber Security Cooperative Research Centre CEO Rachael Falk, former Telstra CEO Andy Penn, and former Chief of Air Force Mel Hupfeld.

There will also be an expert panel drawn from around the world, led by former UK National Cyber Security Centre CEO and Oxford University professor Ciaran Martin.

“What I am most worried about is cascading disasters,” said O’Neil. “Imagine a future January, where we see a Black Saturday-size bushfire in the south-east, a major flood in the north, then overlay a cyber attack on a major hospital system in the west.

“Our country would be fully absorbed in the management of domestic crises. Then consider how capable we would be of engaging with a security issue in our region.”

According to O’Neil, Australia has been in a “cyber slumber”, as evidenced by former prime minister Scott Morrison’s decision to abolish the cyber security ministry when he came to office.

But the Optus and Medibank breaches have been a wake-up call. “I felt them deeply, my family was caught up in both,” said O’Neil. “It’s now my job to turn this set of disasters into a permanent step-change in cyber security for the country.”

It would be unreasonable to expect to see detailed policy proposals, given that the minister was announcing work to develop a strategy, not the strategy itself. But her stated goal is to make Australia “the world’s most cyber-secure country by 2030”.

O’Neil listed four ways that the government plans to make that happen: bringing the nation into the fight to protect citizens and the economy; strengthening international engagements so that Australia can be a global cyber leader; strengthening critical infrastructure and government networks; and building sovereign cyber security capabilities.

During questions after the address, O’Neil said: “We’re not spending enough on cyber defence at the moment. One of my challenges is how we are going to address that problem.” She noted that securing government infrastructure will be expensive.

The minister appeared to be calling for bipartisan support for the development and implementation of the strategy when she said: “Many in the opposition are good, thoughtful people who know that the approach we are taking – strong, serious, depoliticised – is how we make our country safer.”

The announcement was welcomed by at least some parts of the IT industry.

“The federal government’s announcement of a new cyber security strategy for a cyber-secure Australia is a timely and necessary development that we hope will play a critical role in bolstering Australia’s cyber resilience,” said Adrian Covich, Proofpoint’s senior director in Asia-Pacific and Japan.

“While the cyber security strategy is a positive step forward, we must ensure collaboration between government, enterprises, industry partners and educational institutions so that, as a nation, we have the capabilities and cyber skills required to safeguard Australia.

“With the government’s new strategy, we hope Australia can work toward adopting a clear, unified approach to anticipating and overcoming future cyber security challenges.”