Welcome investment in cyber-security strategy

| April 25, 2016

The Turnbull government has announced the new cyber-security strategy. What are the measures and are they enough to protect us from cybercrime? Associate Professor Tanveer Zia explains.

The $230 million dollar strategy to boost Australia’s cyber-security is a good start. This investment in 33 new cyber-security initiatives is on top of the $400 million to boost cyber and intelligence capabilities outlined in the 2016 Defence White paper.

It is an acknowledgement by the government that a national cyber defence approach is imperative to deal with increasingly sophisticated and well organised attacks.

During the launch the Prime Minister admitted for the first time that some government departments, most notably the Bureau of Meteorology, have been victim of cyber intrusions, at the same time as commenting that Australia has the ability to launch its own cyber-attacks if provoked.

The 65 page strategy establishes five thematic action areas for Australia’s cyber security over the next four years to 2020.

A national cyber partnership, strong cyber defences, global responsibility and influence, growth and innovation, and a cyber smart nation.

A high level government’s cyber security governance structure will include an Assistant Minister to support the Prime Minister for cyber security, a Cyber Ambassador for international engagement, and a Cyber Security Centre Coordinator to deal with operational matters.

The Prime Minister will also have a Special Advisor on Cyber Security who will oversee the governance arrangements

The real positive in this strategy is the partnering of government, private and academic institutions in reporting and tackling cyber-crime.

The government plans to establish Joint Cyber Threat Centres and to make the Australian Cyber Security Centre more accessible and public, to make it easier to share sensitive information quickly between organisations and to promote greater collaboration.

I hope this will encourage organisations, particularly those in the private sector, to report cyber security incursions so that other agencies and institutions can respond and try to address those vulnerabilities in their own systems.

There’s no harm in an organisation admitting that they have been attacked and then coming out with countermeasures. Keeping quiet about cyber security incursions means the public doesn’t know what’s happened and the hacker are encouraged to target others. Sharing hack data means we can learn from the experiences of others and develop a collective approach to counter future attacks.

The strategy also acknowledges the nationwide shortage of cyber security skills and pledges to establish academic centres of cyber security excellence in universities to ensure qualifications in the information and communication technology field provide cyber security skills.

The Australian Crime Commission estimates the annual cost of cybercrime to Australia is over $1 billion in direct costs, but some estimates say the real figure could be closer to $17 billion per year.

So is this $230 million strategy enough? If you compare it to the costs, then I would say that more would be expected from an advanced nation such as Australia but it is a good first step.