{"id":31377,"date":"2017-04-18T14:30:07","date_gmt":"2017-04-18T04:30:07","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=31377"},"modified":"2017-04-18T13:32:11","modified_gmt":"2017-04-18T03:32:11","slug":"australias-cyber-security-strategy-one-year","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/","title":{"rendered":"Australia\u2019s Cyber Security Strategy\u2014one year on"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"551\" class=\"aligncenter size-full wp-image-31378\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png 740w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm-205x153.png 205w\" sizes=\"(max-width: 740px) 100vw, 740px\" \/><\/figure>\n<p>Friday marks 12 months since Prime Minister Malcolm Turnbull <a href=\"http:\/\/www.theaustralian.com.au\/business\/technology\/malcolm-turnbull-launches-230m-cyber-security-strategy\/news-story\/37ebefcf8a639638b445de6de8a6569e\" target=\"_blank\">launched<\/a> Australia\u2019s Cyber Security Strategy\u2014a welcome development after cyber issues spent seven years wandering in the Canberra wilderness searching for a policy. \u00a0The Strategy has prompted positive changes in Australia\u2019s approach to complex policy issues.<\/p>\n<p>The Strategy committed government to an annual review of its progress, which we hope to see this week. In anticipation of the government\u2019s own review, we\u2019ve engaged with stakeholders across industry, academia and government to gauge perceptions of success and shortfalls in the delivery of the Strategy in its first year. Those discussions revealed a number of areas where expectations of improvement in cybersecurity haven\u2019t been met.<\/p>\n<p>But there have also been successes. A new cyber leadership team in the APS and the <a href=\"https:\/\/www.dpmc.gov.au\/news-centre\/cyber-security\/hon-dan-tehan-mp-minister-assisting-prime-minister-cyber-security\" target=\"_blank\">appointment<\/a> of Dan Tehan as the Minister Assisting the Prime Minister on Cyber Security have had a constructive impact on public awareness and engagement on cyber security. The <a href=\"http:\/\/www.afr.com\/technology\/web\/security\/asx-and-asic-launch-big-company--cyber-health-checks-for-top-100-firms-20161109-gsl77l\" target=\"_blank\">ASX100 health checks<\/a> are an encouraging development in improving cybersecurity in the private sector, and the launch of the <a href=\"https:\/\/www.attorneygeneral.gov.au\/Mediareleases\/Pages\/2017\/FirstQuarter\/Turnbull-government-launches-first-joint-cyber-security-centre.aspx\" target=\"_blank\">Joint Cyber Security Centre<\/a> pilot in Brisbane is a clear sign of the commitment by both government and industry to deepen their cooperation to address cyber security threats.<\/p>\n<p>Activities designed to develop Australia\u2019s digital economy have also moved ahead at a steady clip. Government has boosted support for the domestic cyber start-up community through the <a href=\"http:\/\/www.minister.industry.gov.au\/ministers\/hunt\/media-releases\/new-growth-centre-help-australia-become-global-cyber-security-leader\" target=\"_blank\">Australian Cyber Security Growth Centre<\/a> and international <a href=\"http:\/\/www.australiaunlimited.com\/Landing-Pads\" target=\"_blank\">Austrade \u2018landing pads\u2019<\/a>. Initiatives to attract, educate and diversify the cyber workforce to ensure the sustainability of Australia\u2019s cyber industry are underway through the <a href=\"https:\/\/www.innovation.gov.au\/\" target=\"_blank\">National Innovation and Science Agenda<\/a>.<\/p>\n<p>But the Strategy\u2019s implementation has also faced its share of challenges and setbacks in areas of communication, success measurement and leading by example. Progress towards a national cyber partnership between the government and the private sector has been undermined by the ad hoc nature of government\u2019s communications and insufficient expectation management with industry partners. The Strategy called on industry to take a stronger leadership role, but the division of responsibility between government and industry has never been clearly articulated.<\/p>\n<p>The government\u2019s failure to enact a communications strategy for both private sector partners and the public means there\u2019s no coherent and comprehensive messaging on the timeline for implementing measures. This poor expectation management has led to a general feeling amongst stakeholders that implementation so far has been slow, giving rise to a lack of confidence in government\u2019s commitment to actually implement the Strategy. This perception is not unknown to government and is likely to have prompted Minister Tehan\u2019s <a href=\"http:\/\/www.theaustralian.com.au\/business\/mining-energy\/dan-tehan-ramps-up-cyber-strategy-to-get-ahead-of-threat-to-power\/news-story\/943eb8b0fefce4ac2ea3bf1e57a6bdc8\" target=\"_blank\">media statements<\/a> last month promising to speed up implementation.<\/p>\n<p>Some of the Strategy\u2019s outcomes are hard to assess because of their unquantifiable nature. In other instances, the lack of benchmark information makes it impossible to measure a relative change. And disappointingly, it seems that despite government rhetoric about the priority of cybersecurity, the financial resources afforded to implementing agencies simply don\u2019t match the size and importance of the task. The government has met its commitment to $230 million for the Strategy, but <a href=\"http:\/\/www.aph.gov.au\/About_Parliament\/Parliamentary_Departments\/Parliamentary_Library\/pubs\/rp\/BudgetReview201617\/Cybersecurity\" target=\"_blank\">most of this is reallocated or absorbed expenditure from the Defence budget<\/a>. Other departments and agencies, including PM&amp;C and DFAT, are expected to meet implementation costs from existing resources, which may contribute to the perceived slowness of Strategy implementation. We will be looking to next month\u2019s Budget to see if the original funding is supplemented this year in response to the annual assessment of progress on the Strategy.<\/p>\n<p>When reviewing the extensive <a href=\"https:\/\/cybersecuritystrategy.dpmc.gov.au\/action-plan\/index.html\" target=\"_blank\">action plan<\/a> included in the Strategy, it\u2019s government\u2019s own progress that\u2019s of most concern. The publicly available evidence suggests that federal government agencies are still deaf to the concerns about cybersecurity from their political masters and the experts at ASD. Indeed, a couple of notable incidents and reviews in 2016 should be seen as humbling indicators of the additional work that needs to be done to improve Australia\u2019s cyber posture. A <a href=\"https:\/\/www.anao.gov.au\/work\/performance-audit\/cybersecurity-follow-audit\" target=\"_blank\">March 2017 ANAO audit<\/a> of government departments revealed a sub-par standard of cybersecurity in key agencies, including the ATO and the Department of Immigration and Border Protection, which hold highly sensitive personal information on Australians. The infamous <a href=\"https:\/\/twitter.com\/hashtag\/censusfail?lang=en\" target=\"_blank\">#censusfail<\/a> also revealed a significant lack of cybersecurity knowledge in government, and the inconsistent messaging during and after the event signalled worrying dysfunction in incident response arrangements, as was later highlighted in government and Senate inquiries.<\/p>\n<p>Overcoming these issues will be critical to achieving Australia\u2019s cyber security goals, but that will require a robust assessment\u2014and, if necessary\u2014a <em>mea culpa<\/em> from government in its review of implementation progress. Government can rightly claim success on some aspects of implementation, but the overall impression is that Australia\u2019s cybersecurity posture is no stronger today than it was a year ago, and there\u2019s increasing concern that the Strategy was a bumper-sticker solution to a critical national and economic security issue.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Friday marks 12 months since Prime Minister Malcolm Turnbull launched Australia\u2019s Cyber Security Strategy\u2014a welcome development after cyber issues spent seven years wandering in the Canberra wilderness searching for a policy. \u00a0The Strategy has prompted &#8230;<\/p>\n","protected":false},"author":364,"featured_media":31378,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[531],"tags":[95,1597,1592],"class_list":["post-31377","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","tag-cyber-security","tag-cyber-strategy","tag-prime-minister-and-cabinet"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Friday marks 12 months since Prime Minister Malcolm Turnbull launched Australia\u2019s Cyber Security Strategy\u2014a welcome development after cyber issues spent seven years wandering in the Canberra wilderness searching for a policy. \u00a0The Strategy has prompted ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-18T04:30:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-04-18T03:32:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png\" \/>\n\t<meta property=\"og:image:width\" content=\"740\" \/>\n\t<meta property=\"og:image:height\" content=\"551\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png\",\"width\":740,\"height\":551},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/\",\"name\":\"Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#primaryimage\"},\"datePublished\":\"2017-04-18T04:30:07+00:00\",\"dateModified\":\"2017-04-18T03:32:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Australia\u2019s Cyber Security Strategy\u2014one year on\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/","og_locale":"en_US","og_type":"article","og_title":"Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist","og_description":"Friday marks 12 months since Prime Minister Malcolm Turnbull launched Australia\u2019s Cyber Security Strategy\u2014a welcome development after cyber issues spent seven years wandering in the Canberra wilderness searching for a policy. \u00a0The Strategy has prompted ...","og_url":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-04-18T04:30:07+00:00","article_modified_time":"2017-04-18T03:32:11+00:00","og_image":[{"width":740,"height":551,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png","type":"image\/png"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/04\/Screen-Shot-2017-04-18-at-1.27.37-pm.png","width":740,"height":551},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/","url":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/","name":"Australia\u2019s Cyber Security Strategy\u2014one year on | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#primaryimage"},"datePublished":"2017-04-18T04:30:07+00:00","dateModified":"2017-04-18T03:32:11+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/australias-cyber-security-strategy-one-year\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Australia\u2019s Cyber Security Strategy\u2014one year on"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/31377"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=31377"}],"version-history":[{"count":1,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/31377\/revisions"}],"predecessor-version":[{"id":31379,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/31377\/revisions\/31379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/31378"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=31377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=31377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=31377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}