The new Australian Cyber Security Strategy: a positive first step but a long road ahead
21 Apr 2016|
There’s a great deal to be positive about with the launch of the Australian Cyber Security Review and Strategy. Yes, it took a little longer than promised, but the headlines are good news for the cyber security ecosystem and illustrate that this Government is prioritising cyber in a way that previous governments haven’t. It’s vital that the Strategy is seen as the foundation of a long term commitment by Government to build capacity, relationships, security and economic exchange. Now the hard work of implementation begins.

The announcement of a four-year $230 million investment to enhance Australian cyber security capability and launch new initiatives is welcome news. The Australian government hasn’t invested in this area since 2009, so it’s well overdue. While it isn’t the sort of cyber security investment worth billions of dollars made by the US and UK, it stakes Australia’s claim to be a serious cyber security player.

The Strategy has brought with it a number of new positions, including a Minister Assisting the Prime Minister on Cyber Security. But maintaining the interest of the highest office in the land will be important for ongoing implementation, resourcing and policy development.

Given Australia’s often capricious political environment, it’s crucial that a strong bureaucracy independently drives our cyber security agenda. Within PM&C, there will be a Special Advisor for Cyber Security to lead on the policy side. On the international side, the Minister for Foreign Affairs will appoint Australia’s first Cyber Ambassador, which will allow Australia to have an ever-active and influential role in the international cyber discussion. That role is important to ensure that the internet is shaped with a clear Australian voice and perspective in mind.

Those new positions align Australia quite closely with the US which has a ‘cyber tsar’, Michael Daniel, who leads on domestic cyber policy at the White House, and a State Department head, Chris Painter, who delivers the US’s international cyber strategy and contributes to the international debate. Australia has committed itself to developing an international cyber strategy in the Review, which will be an important task for the Department and the new Ambassador.

For the Government to deliver on that strategy, it’ll require leaders that can build a real esprit de corps and encourage the mix of technical and policy experts that make up the government cybersecurity patchwork to work towards the same goals.

There’s a great deal to be excited about, but with all of the new Strategy’s positives comes a strong warning for all involved: announcements and policy documents are all well and good, but hard work is required to successfully implement the new agenda.

The Strategy makes a big push to enhance public–private collaboration. That’s nothing new, though government have not quite taken the time to explain what ‘reaching out to the private sector’ actually entails. New engagement in this strategy will focus first around moving the location of the Australian Cyber Security Centre from the highly classified ASIO building to a more flexible and accessible environment. That will allow for a broader range of private sector entities to quickly ‘plug and play’ with the centre, creating a more fluid interaction. The second initiative is focused on new Joint Cyber Threat Centres in key capital cities, to allow for real time public–private cyber threat information sharing.

To ensure those plans are successful, they must quickly be shown to be accessible, productive and effective. Removing red tape surrounding security classifications and access to information is crucial, as is providing threat information that’s timely, relevant and actionable. Rules of engagement will need to be quickly established so that there’s a clear understanding of both expectations and realities of what can be achieved.

The conversation between the public and private sectors needs to be continual. During the review process PM&C stated that they engaged with ‘over 190 public and private sector organisations’. It’s vital that this engagement is continued. Particular care must also be taken to maintain links between the two sectors at both the working and operational level, but also with top-level engagement between corporate leaders.

The strategy and its deliverables are to be applauded—there’s enough in there to draw broad attention to this vital area of economic and national security. However, the delivery of the Australian Cyber Security Strategy will be dependent upon the work that takes place once the dust has settled following today’s launch. If implemented properly, Australia will be well positioned to succeed both at home and abroad.