On the 27th of February, Australia’s Prime Minister Anthony Albanese led a cybersecurity roundtable that emphasized the critical importance of protecting Australians and the economy from cyber threats. Once again, Mr Albanese’s ministry stressed that the goal was to make Australia the most cyber-secure nation by 2030.
In order to ensure that cybersecurity was given due consideration at all levels, leaders from various sectors were invited to participate in the roundtable and share their expertise and experiences. These leaders included representatives from the public service, intelligence agencies, and independent experts from business, industry, and civil society.
During the roundtable, The Minister for Home Affairs and Cyber Security, Clare O’Neil, and her appointed Expert Advisory Board, comprised of three expert leads with extensive industry and government experience, unveiled the 2023-2030 Australian Cyber Security Strategy Discussion Paper. The 26-page document goes into depth about Australia’s current cybersecurity position, the strategy they propose that will ensure that Australia is the most cyber-secure nation by 2030, and it poses questions to the general public in an effort to get input that will be invaluable in forming the strategy. Here’s what you need to know.
2023-2030 Australian Cyber Security Strategy Discussion Paper
The paper begins with a preamble from O’Neil, explaining that “Australia has a patchwork of policies, laws and frameworks that are not keeping up with the challenges presented by the digital age” before expanding on its overarching goal. By 2030, the Minister hopes that:
- Australia has a secure economy and thriving cybersecurity ecosystem;
- Our critical infrastructure and government systems are resilient and secure;
- We have a sovereign and assured capability to counter cyber threats; and
- Australia is a trusted and influential global cyber leader, working in partnership with our neighbours to lift cyber security and build a cyber resilient region.
Introduction from the Expert Advisory Board
The Board opens with a discussion about the current cybersecurity landscape wherein they highlight both the advantages and drawbacks Australia faces. Acknowledging that cyber technology can be beneficial in both advancing businesses and society, as well as being utilised for criminal activity, the board warns that “Our national resilience, economic success, and security rely on us getting our cyber settings right.”
Referring to the Optus and Medibank data breaches that occurred late in 2022, the Board then state that ransomware, espionage, and fraud pose significant threats to Australian businesses. Calling for strengthened laws to protect customer data, harden networks, and ensure a more secure economy, they state that it was “clear during these incidents that government was ill-equipped to respond, and did not have the appropriate frameworks and powers to enable an effective national response given the number of Australians whose personal information, including identity data, was compromised.”
Finally, the Board calls on the whole nation to help with strengthening Australia’s cybersecurity position. “If we are to lift and sustain cyber resilience and security, it must be an integrated whole-of-nation endeavour. We need a coordinated and concerted effort by governments, individuals, and businesses of all sizes.”
Australia's Cyber Security Opportunity
The paper continues on to further explore the federal government’s goal of Australia becoming the most cyber-secure nation by 2030, stating that this aspiration “recognises that the transition to a digital economy relies on the ability to trust that our personal data, infrastructure, and underpinning systems are secure, even as the cyber threat landscape evolves”. To some, this target may seem lofty or overly ambitious, so the Board answers the question “What would Australia look like as the most cyber secure nation by 2030?”.
To start, they believe that by 2030 digital connectivity will underpin every aspect of our lives, including social, economic, and cultural activities. This is already not far from the truth. As stated in the Board’s introduction, 99% of Australians currently have access to the internet. During the COVID-19 pandemic, internet connectivity and technology became integral in our everyday lives, and this still largely remains the case. For many businesses and even schools, digital connectivity is still vital. With 50% of Australian workplaces offering a hybrid model, technology and internet is essential for them to continue functioning.
The Board explains that the cyber environment is becoming increasingly crowded and dangerous due to both state and non-state actors and the emergence of new technologies. They go on to assure readers that they have already “invested in enduring and adaptive sovereign capabilities” to improve the nation’s cyber resilience and allow Australians to engage confidently and securely in cyberspace.
Their aim is for Australia to be a leading brand for cyber goods and services by 2030, which will be “manufactured by a workforce with world-leading cyber skills under fair working conditions”.
Approach to Consultation
The Strategy builds upon previous strategies from 2016 and 2020, and is being developed in partnership with governments, industry, academia, and the Australian and international community. The Board expects that after consultations and drafting throughout the year, a final version of the Strategy will be available at the end of 2023.
“The Minister for Home Affairs and Cyber Security and the Expert Advisory Board are also being advised on global best practice by a Global Advisory Panel comprising the
best minds from our closest allies. The Global Advisory Panel is chaired by Ciaran Martin CB, former CEO of the United Kingdom’s National Cyber Security Centre.”
The paper highlights the urgent need for a strengthened cybersecurity position due to the COVID-19 pandemic, geopolitical conflicts, and the recent major data breaches which occurred on Australian soil.
When developing the Strategy, the Board plans to:
- Take lessons learned from previous stakeholder consultations and major incidents to inform current policy responses;
- Set out the priorities for Australia’s cyber security uplift from 2023-2030
- Seize opportunities to get ahead of changes in the risk environment, harness new technologies, and position Australia as a global leader on cyber
This section also discusses various government priorities that will run parallel with the Strategy. These include:
- The outcomes of the review of the Privacy Act 1988
- The National Plan to Combat Cybercrime
- The Digital Platform Services Inquiry 2020-25
- Commonwealth Digital ID policy development and reforms
- Measures to enhance critical technology industries and supply chain resilience
- Investment through the REDSPICE package
Priorities for the 2023-2030 Australian Cyber Security Strategy
Here, the Board has identified three core priorities. The first is “Enhancing and harmonising regulatory frameworks”. This priority highlights the importance of increasing national cyber resilience and keeping Australians and their data safe, referencing the increasing frequency and severity of major cyber incidents.
In order to make Australia the most cyber secure nation by 2030, the Board state that “Australians should have confidence that digital products and services sold are fit for purpose and include appropriate best practice cyber security protections.” Additionally, they also explore the need for explicit cybersecurity obligations and best practice standards for Australian businesses, calling out a need for increased transparency, stating “business owners often do not feel their cyber security obligations are clear or easy to follow, both from an operation perspective and as company directors”.
The second core policy area focuses on “strengthening Australia’s international strategy on cyber security”. The government wants to elevate the existing level of engagement with international partners by promoting cyber resilience. It also aims to better support the development of international technology standards and focus on uplifting the digital economy in Southeast Asia and the Pacific.
“Whether it’s developing international cyber space laws and norms, holding accountable those that flout the rules, working to lift regional cyber resilience or leveraging our humanitarian response track record to respond to severe cyber attacks, working with partners is essential to a prosperous and secure cyber environment.”
The third core policy area is “securing government systems”. Due to Australia being a target of persistent cybercrime, and given the fact that many entities are yet to implement basic cyber policies and procedures, the government plans to implement a framework that accounts for “best practice standards, evaluation, transparency, reporting, and aligned incentives. The appropriate support, accountability, and leadership for individual government departments and agencies will also be provided to manage their cyber security risk profile”.
Areas for Potential Action by 2030
In addition to the core policy areas, the paper outlines potential policy options, for which the Board is “seeking views to inform advice to Government”. Potential action areas include:
- Improving public-private mechanisms for cyber threat sharing and blocking
- Supporting Australia’s cyber security workforce and skills pipeline
- National frameworks to respond to major cyber incidents
- Community awareness and victim support
- Investing in the cyber security ecosystem
- Designing and sustaining security in new technologies
- Implementation governance and ongoing evaluation
Cyber Security Strategy Discussion Paper Questions
Finally, the Board provides readers with an opportunity to engage in the conversation and help form the 2023-2030 Strategy. They welcome responses to any number of the 21 questions that are asked throughout the paper, which need to be submitted to auscyberstrategy@homeaffairs.gov.au by the 15th of April 2023.
Talk to us
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
