Last week the Australian Government handed down its 2020 Cyber Security Strategy. As part of the strategy the Federal Government has committed to:
- Developing an enhanced regulatory framework that would impose cyber standards on operators of critical infrastructure and systems of national significance;
- Supporting SME businesses by integrating cyber security products into other service offerings;
- Considering what laws need to be changed to have a minimum cyber baseline across the economy; and
- Creating powers that allow the federal government to get on the offensive and actively defend networks and critical infrastructure.
While much of the focus for the strategy is on ensuring critical infrastructure systems are properly defended during a cyber-attack, the federal government will also assist service providers and operators to “enhance their cyber security posture”. Another noted addition to the strategy is the consideration for additional “legislative changes that set a minimum cyber security baseline across the economy”. Any changes that articulate and set a baseline for cyber security will have a positive impact on improving the resilience of all organisations small and large.
To support the initiatives, government will also expand the cyber security incident exercise program run by the Australian Cyber Security Centre. Confirmed is the investment of $1.67 billion in a number of already-known initiatives aimed at enhancing Australia’s cyber security over the next decade. The strategy outlines the actions each of us are responsible for including:
- Action by the Government to protect Australians, businesses and critical infrastructure from the most sophisticated of cyber threats;
- Action by businesses both small and large to secure their products and services and protect their customers from known cyber vulnerabilities; and
- Action by the community to practice secure online behaviours and make informed online decisions.
In June, Australian Prime Minister Scott Morrison stated the country was under cyber-attack from a state-based actor.
“The Australian government knows it was a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used”.
The strategy’s key elements include proposed laws and an “enhanced regulatory framework” to secure critical infrastructure, deemed the “best way to protect Australians at scale”. The new framework will outline the government’s minimum expectation, including an “enforceable positive security obligation for designated critical infrastructure entities”. The strategy states “These powers will ensure the Australian Government can actively defend networks and help the private sector recover in the event of a cyber-attack,” and will be delivered through amendments to the Security of Critical Infrastructure Act.
The strategy also covers the enhancement of technology as a strategy and outlines that “Integrating cybersecurity products into other service offerings will help protect SMEs at scale and recognises that many businesses cannot employ dedicated cybersecurity staff.” In 2019 McGrathNicol and ResponSight were awarded an AustCyber grant to in relation to building and deploying FDetect, our technology-enabled forensic investigations and risk profiling service. Michelle Price, CEO of AustCyber said:
“We know the growing demand for cyber security products and services is a significant economic opportunity for Australia – it’s how we respond as a nation to this opportunity that will drive sustained growth and better management of risk. Supporting cyber resiliency across the Australian economy improves our nation’s overall global competitiveness, as well as its security.”