The Australian government released its first annual update for cybersecurity strategy last week, detailing current progress and outlining the next steps for the implementation of the strategy, revealed in April 2016.
The government, through the Office of the Cyber Security Special Adviser plans to publish a view of the cyber security ecosystem and the Government’s cyber security governance arrangements. The government intends to crowdsource the identification of issues, priorities and options.
“The Australian Government recognises that cyber security is not a job that government can do alone. Technology connects us all and provides us with unheralded opportunities for innovation and profit, but it also unites us in a shared vulnerability,” the Hon Dan Tehan MP, Minister Assisting the Prime Minister for Cyber Security said.
The Critical Infrastructure Centre in the Attorney-General’s Department, established in January 2017 in cooperation with ACSC, will work closely with the national critical infrastructure companies to identify cyber vulnerabilities, develop risk assessments and risk management strategies.
The $47 million Joint Cyber Security Centre programme was launched in February 2017 to bring industry, government and law enforcement together, with the first centre in Brisbane. Automated information sharing and targeted analysis of specific cybercrime threats against Australian industry networks are priority areas for the centre.
The programme will be accelerated to meet demand with further centres to open in Melbourne, Sydney and Perth in 2017, followed by Adelaide in the first half of 2018. This is expected to ensure that there is quicker on the ground exchange of information and expertise.
The government has commenced consultation with both small and large businesses and industry associations for developing a targeted cyber security approach. Initiatives will factor in time and resource constraints for the industry. This will complement the Cyber Security Strategy commitment to expand the services of the Council of Registered Ethical Security and Testers Australia and New Zealand and provide grants to small business to access these services, starting from 2018.
The government also plans to commence work on scoping a policy approach to ICT supply chain security risks to government systems and services and collaborate with industry to identify practical measures to improve the security of Internet of Things (IoT) devices.
The Government-backed ASX 100 Cyber Health Check of Australia’s leading businesses are supposed to increase the cyber resilience in Australia’s largest companies by raising awareness and enabling ASX 100 companies to better understand their cyber security risks and opportunities.
The Australian Cyber Security Growth Network (ACSGN) will increasingly engage with the Department of Industry, Innovation and Science, the Joint Cyber Security Centres and the Academic Centres of Cyber Security Excellence as they are established, in order to bridge the links between business, government and academia. ACSGN is an industry-led and not-for-profit company responsible for delivering the activities of the Cyber Security Growth Centre initiative and it forms a key element of the government's Cyber Security Strategy
SINET61 will be run again in 2017, in partnership with ACSGN, cementing Australia as a hub for bringing together cyber innovators, buyers and investors.
Australia’s international cyber engagement strategy will involve optimised engagement efforts, combined with the delivery of a rolling series of capacity building grants. Collaborative partnerships with regional nations will be accelerated and Australian know-how on cyber security skills and governance will be shared in the region.
ACSGN has plans for two international delegations in 2017 to the UK and Singapore.
Education and outreach
In order to develop kill base to support a world leading Australian cyber security workforce, the government will extend its focus from higher education sector to building on initiatives in schools and TAFEs (Technical and Further Education institutions, which provide vocational tertiary education). These would include initiatives initiated by industry and academia, such as the Victorian ‘Cyber Games Initiative’ and the girls coding network. Initial research will be done to map the existing landscape of activity, to identify gaps, and opportunities for strengthening the student pipeline.
A “Cyber Boot Camp” will be developed for Ministers and senior public sector managers, and a Cyber Lexicon will be created to build clarity around cyber security concepts.
The Government is also developing a ‘Cyber Alumni’ concept, to maximise the skills and networks of Australia’s professional cyber security community.
The Update states that the government will align and, where appropriate, consolidate cyber security outreach programs across agencies. Research will ensure that education and awareness material is targeted to the most at-risk audiences and effectively influences the way people perceive, and act on, online risks. A new Stay Smart Online website will be launched to improve the quality and discoverability of information for Australians.
Read the full update here.