{"id":51624,"date":"2019-11-01T11:00:31","date_gmt":"2019-11-01T00:00:31","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=51624"},"modified":"2019-11-01T10:10:37","modified_gmt":"2019-10-31T23:10:37","slug":"australias-2020-cybersecurity-strategy-defining-the-mission","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/australias-2020-cybersecurity-strategy-defining-the-mission\/","title":{"rendered":"Australia\u2019s 2020 cybersecurity strategy: defining the mission"},"content":{"rendered":"
<\/figure>\n

Three summers ago, I was walking with my husband along a South Coast beach when we noticed a woman diving into the surf with her two teenage children. From where we stood, it was obvious they were heading straight into a rip. They were 500 metres from the flags. Close enough to have walked there with ease. But far enough away to drown before help arrived.<\/p>\n

The mother managed to keep her feet and grab her daughter. However, her son was carried away from the beach, so she followed him into the water. To my horror, my husband ran across the beach and followed them in.<\/p>\n

I stood and watched as all three were swiftly washed away from the shore. Luckily, the boy and his mother could both swim, but they were fighting against the current. My husband was calling for them to swing across the beach and out of the rip. Fortunately they did, so this story has a happy ending. Everyone survived, but it could have ended in tragedy.<\/p>\n

As they emerged from the surf, I pointed down the beach and roared at the mother in white-hot rage. \u2018Swim between the flags\u2019, I yelled. \u2018My husband could have drowned trying to save you and your children because you chose to ignore this warning.\u2019<\/p>\n

Australians know the surf as their playground. It is a source of tremendous enjoyment. But bitter experience has taught us it can also be deadly. Which is why we\u2019ve developed a unique national mission where volunteers band together around the country to patrol the beaches and keep us safe.<\/p>\n

If you swim between the flags in Australia, the chances you will drown are remote. Test the waters outside the flags and the risk of drowning rises exponentially.<\/p>\n

We need to have the same attitude to cybersecurity. We need to develop the same culture of risk management and resilience we impose on the beach. And that begins with defining our national mission.<\/p>\n

Since 2016, there\u2019s been a lot of activity on the cybersecurity front in Australia. Loads of strategies, policies, advisory groups, action plans, frameworks, dialogues, agreements, workshops and delegations. But I still don\u2019t get the sense that we\u2019re all pulling together towards a common goal. Because that common goal, and the values and principles underpinning it, hasn\u2019t been defined.<\/p>\n

So, the starting point for the next strategy needs to be a clear and collectively developed articulation of what we\u2019re trying to preserve and protect in cybersecurity, who is responsible for what, and what cyber resilience looks like.<\/p>\n

It has to be a unique national mission that will focus the efforts of the nation; guide cybersecurity priorities in policy, standards, legislation, education, training, research, innovation, sovereign capability, and private-sector and public-sector engagement and investment; and embed a cyber-resilient culture in Australia.<\/p>\n

We then need to mobilise and empower Australians, particularly individuals and small businesses, to get on board and play their part through an education and awareness campaign modelled on the success of \u2018Slip, Slop, Slap\u2019.<\/p>\n

The campaign would be a call to action to work together to build a \u2018herd immunity\u2019 in cyber resilience by giving Australians the confidence and tools to understand and manage cyber risks. It would aim to encourage Australians to manage their cybersecurity in the same way they manage the physical security of their home or car\u2014to protect not just themselves, but the nation.<\/p>\n

The campaign would also provide an overarching frame for the separate efforts currently being conducted by state, territory and local governments and industry and should be led by the Australian Cyber Security Centre.<\/p>\n

The next version of the strategy also needs to get the government\u2019s own house in order, as a matter of urgency.<\/p>\n

Multiple Australian National Audit Office cyber resilience reports<\/a> over many years have found that just 29% of audited government agencies comply with mandatory cybersecurity standards\u2014even after the Bureau of Meteorology<\/a>, Department of Parliamentary Services<\/a>, Australian Bureau of Statistics<\/a> and Australian National University<\/a> incidents.<\/p>\n

At a time when significant data breaches and cyberattacks are an almost daily occurrence, this is simply unacceptable. These are agencies that hold sensitive and personal data on every Australian and information<\/a> \u2018across a range of economic, commercial, policy or regulatory, national security, program and service delivery and corporate activities.\u2019<\/p>\n

Government entities<\/a> must be the \u2018exemplar<\/a>\u2019 by which others in the community measure themselves. The Joint Committee on Public Accounts and Audit\u2019s recommendations of 2017<\/a> should be fully implemented now, particularly mandating:<\/p>\n