10 year strategy to ensure a secure online world for Australia.
The Australian Department of Home Affairs will invest $1.67 billion over 10 years in its Australian Cyber Security Strategy 2020.
The latest strategy was created to help “achieve” and create a more secure online world for Australians, their businesses, and the essential services upon which we all depend.
It will be delivered through:
- Action by governments to strengthen the protection of Australians, businesses and critical infrastructure from the most sophisticated threats.
- Action by businesses to secure their products and services and protect their customers from known cyber vulnerabilities.
- Action by the community to practice secure online behaviours and make informed purchasing decisions.
While this Strategy is an Australian Government initiative, we recognise the essential role of state, territory, local governments, businesses, academia, international partners, and the broader community in strengthening Australia’s cyber security.
The Australian Cyber Security Strategy 2020 was crafted between September 2019 and February 2020 we met with about 1,400 people from across the country in face-to-face consultations, including workshops, roundtables, and bilateral meetings.
There were 215 written submissions in response to the Department’s call for views. Of those submissions, 156 were public and have been published.
The Minister for Home Affairs also established an Industry Advisory Panel to provide strategic advice to support the development of the Australian Cyber Security Strategy 2020. The Industry Advisory Panel has released its final report available at 2020 Cyber Security Strategy Industry Advisory Panel.
The Australian Cyber Security Strategy 2020 replaces Australia’s 2016 Cyber Security Strategy.
Australia’s peak industry body for innovation technology, The Australian Information Industry Association (AIIA), supports the four-year cyber security strategy, designed to combat online fraudsters and empower businesses to be more cyber vigilant.
Ron Gauci, CEO at AIIA said critical infrastructure is increasingly becoming a target for cybercrime. Operational technology used in critical infrastructure, manufacturing, sensors or building controllers traditionally operate on separate networks with different protocols.
In recent years we have seen the line blurred with these devices becoming IP-enabled or connected to IoT-type devices.
“Whilst the cyber security industry has long suffered a shortage of skills, there is an even larger gap of experts who understand the traditionally engineering focused domain of operational technology and cyber security,” he said. “Australia is currently short of 2,300 workers in cyber security, with an expected demand of at least 17,600 additional professionals required in the sector by 2026 – we hope this investment and focus goes some way to addressing the gap,” Gauci said.
The AIIA put forward the following suggestions relating to cyber security:
- Secure remote working, access to secure infrastructure and robust business continuity solutions are key to supporting Australian businesses but investment in these areas will also stimulate employment, particularly across technology innovators and incubation hubs.
- Extend Australia’s 2020 Cyber Security strategy to include Cyber Resiliency and enhance and promote support to Australian SMEs through Cyber awareness and support programmes and continue to invest in Cyber Security skills, in particular the area of Operational Technology security.
- Improved Governance and operational initiatives to strengthen the collaborative learning structure created through the national Joint Cyber Security Centres network to encourage knowledge transfer between government and industry around both cyber resiliency and cyber incidents and further extend this support to SMEs.
- That the Australian Signals Directorate (ACSC) continues to take a leadership role in advising and providing support on cyber security issues.
- Provide incentives to support small businesses to invest in cyber security upskilling and better promote available initiatives.
Aidan Tudehope managing director at Macquarie Government said with COVID, Australia was facing the greatest economic crisis in 100 years. And cyber security sector is a key sector to provide the jobs of the future.
“The various government agencies responsible for implementing the strategy need to use it to help address the mass levels of unemployment being experienced across Australia,” he said. “We can’t afford to wait two-to-three years when it will be too late to innovate our way out of this crisis.”
While the strategy, tellingly announced from the very top, is not isolated. Alongside new government cloud security guidelines from the Australian Cyber Security Centre and the Digital Transformation Agency, and Minister Stuart Robert’s planned data sovereignty policy, the Government’s direction is unequivocal.
“Security, skills and sovereignty – right now and developed here in Australia,” he said. Recent tensions with China have highlighted the importance of data, its sovereignty, and the infrastructure and personnel that hold and access it.”
According to Tudehope, many providers in Australia are subject to the laws of foreign jurisdictions, which extend to the data they hold.
“In tandem, there are Australian providers with operations and infrastructure abroad. Government is clear that they want sensitive data to be held in Australia by AU providers so that foreign jurisdictions don’t apply,” he said. “This direction has the added benefit of supporting local jobs when we need them most.”