{"id":83016,"date":"2023-10-18T12:00:03","date_gmt":"2023-10-18T01:00:03","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=83016"},"modified":"2023-10-18T11:57:13","modified_gmt":"2023-10-18T00:57:13","slug":"shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/","title":{"rendered":"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy"},"content":{"rendered":"
<\/figure>\n

Australia\u2019s new cybersecurity strategy <\/a>is all but released. Home Affairs Minister Clare O\u2019Neil and National Cyber Security Coordinator Darren Goldie have familiarised the government and industry with the strategy\u2019s six \u2018cyber shields\u2019 and timeline of two-year \u2018horizons\u2019 out to 2030.<\/p>\n

The six shields remix the 2009 strategy\u2019s seven \u2018strategic priorities\u2019, the 2016 strategy\u2019s five \u2018themes\u2019 and 2020\u2019s 16 \u2018key themes\u2019. That\u2019s not a bad thing. Over these four iterations, Australia has avoided pigeonholing cybersecurity as only a national security issue and correctly characterised it as a whole-of-nation problem that needs multistakeholder solutions.<\/p>\n

Strategies are hard to write, but they\u2019re even harder to land. Cyber is a contested space\u2014every person and their dog have opinions about what should and shouldn\u2019t be included. The process of developing a coherent and actionable strategy thus becomes one of cruel prioritisation\u2014not only excluding things from the strategy\u2019s scope, but making hard, clear decisions on where the government\u2019s responsibility starts and ends. This makes O\u2019Neil\u2019s push to have the new strategy ready for release less than a year after its announcement all the more impressive.<\/p>\n

Once the strategy is released, the real work begins. A good strategy has actions and an implementation plan. The next step is real-world scoping, resourcing and scheduling of those actions. It\u2019s one thing to say that agency X will deliver action Y by year Z. It\u2019s another to put people to work and make it happen. The new strategy needs make a soft landing and keep momentum across the vagaries of agency restructures and future governments.<\/p>\n

To steer and propel the strategy after its release, O\u2019Neil and Goldie should focus on three communication themes: merge, maintain and modify.<\/p>\n

First, communications around the strategy should merge cyber\u2019s national security importance with a compelling vision that speaks to the average Australian. Cybersecurity is a whole-of-nation effort. The strategy should seek to recruit all Australians into this conversation.<\/p>\n

Any national cybersecurity strategy must have defence and national security at its core. But outside the Canberra bubble, these ideas tend to be unfamiliar and irrelevant. In a recent survey of Australians<\/a> by market research firm Ipsos, defence ranked 17th among the 19 top issues, falling from its average of 14th place over the past 12 years. Surveys<\/a> by universities<\/a> and a polling company<\/a> support that finding<\/a>.<\/p>\n

This isn\u2019t about the government seeking the community\u2019s social licence to manage aspects of cybersecurity. It\u2019s about our ability to improve cybersecurity depending in large part on the community\u2019s informed participation. Everyone has a phone in their pocket, everyone has data, everyone has a role to play in cybersecurity. Communications around the strategy should avoid selling cyber as only a national security issue and instead illustrate a concept that\u2019s more familiar and positive.<\/p>\n

The concept of public health gives Australians a recognisable and compelling vision for cybersecurity. The public health metaphor has hovered for years around the edges of cybersecurity discourse. It\u2019s time to centre it. Like health, cyber is a problem we can\u2019t entirely solve, only manage. And like with health, there\u2019s a whole-of-nation system paired with personal accountability. Communicating Australia\u2019s cybersecurity strategy through a public health lens will help explain roles, responsibilities and structures.<\/p>\n

Second, O\u2019Neil and Goldie should focus on how they will maintain the strategy through shifting governments, agencies and budgets. Cybersecurity strategy in Australia has been plagued by short\u2011term thinking, fluctuating policy, on-and-off official positions and reactionary regulatory regimes. The 2023 strategy\u2019s three horizons over seven years are a welcome early peek at a structured, long\u2011term view.<\/p>\n

Undoubtedly, the strategy will be supported by the ongoing funding of $9.9 billion over 10 years for the Australian Signals Directorate\u2019s REDSPICE<\/a> program announced in 2022. That alone gives some certainty. But public assessment and communication of how well the government is using this funding will further boost its effectiveness. In other words, regular evaluation will help the government maintain the new strategy.<\/p>\n

Evaluation builds transparency, keeps the conversation alive and adds to the evidence base that supports better cyber policy and strategy. The 2016 strategy had one public evaluation with its first (and only) annual update. The 2020 strategy did better, with its industry advisory committee releasing annual reports in 2021 and 2022 that evaluated progress on the 19 actions. These were excellent products. They delivered much-needed specifics\u2014such as metrics and accountabilities for actions\u2014and held the government to account.<\/p>\n

The 2023 strategy should reproduce a similar arrangement for annual reviews and add major strategy updates in 2026 and 2029 at the dawns of horizons two and three. However, evaluation should be on more than just how well it is implementing its actions. It should also be clear about how well the actions improve our cybersecurity. While that may be technically difficult and politically fraught, it is essential to understanding whether the new strategy has put us on the right path.<\/p>\n

This brings us to the third communication theme. O\u2019Neil and Goldie should state publicly that they will modify the strategy when necessary. The 2023 strategy should be able to maintain a steady strategic focus and be able to react to changes in the technology and security environments.<\/p>\n

Seven years is a long time in cyber. Accelerating technologies such as artificial intelligence<\/a>, ambient computing<\/a> and brain\u2013computer interfaces<\/a> will radically shift the meaning of cybersecurity over the strategy\u2019s three horizons. Like the concept of public health<\/a>, cybersecurity is a broad, complex concept in constant flux. The strategy should look to include new concepts and actions that help us get better outcomes, while keeping cruel prioritisation front of mind. Scope creep is the enemy. The government cannot and should not be at the centre of every cybersecurity issue.<\/p>\n

In many ways, the 2023 strategy finds itself with the easiest job of the four national cyber strategies Australia has developed over the past 14 years. Yes, cyber threats are more dangerous, technology more pervasive, personal data more vulnerable and the strategic environment more turbulent. But over those 14 years, cybersecurity has become a mainstream political issue. Our cyber policies and organisational architecture have matured. And REDSPICE funding will fuel ongoing cyber capability growth. Careful narrative building and implementation vigilance will help ensure we don\u2019t miss the opportunity this presents.<\/p>\n","protected":false},"excerpt":{"rendered":"

Australia\u2019s new cybersecurity strategy is all but released. Home Affairs Minister Clare O\u2019Neil and National Cyber Security Coordinator Darren Goldie have familiarised the government and industry with the strategy\u2019s six \u2018cyber shields\u2019 and timeline of …<\/p>\n","protected":false},"author":1835,"featured_media":83017,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,391,2138,107,698],"class_list":["post-83016","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cyber","tag-cybersecurity","tag-policymaking","tag-strategic-communications"],"acf":[],"yoast_head":"\nShields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Australia\u2019s new cybersecurity strategy is all but released. Home Affairs Minister Clare O\u2019Neil and National Cyber Security Coordinator Darren Goldie have familiarised the government and industry with the strategy\u2019s six \u2018cyber shields\u2019 and timeline of ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-18T01:00:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-18T00:57:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"789\" \/>\n\t<meta property=\"og:image:height\" content=\"442\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mike Bareja\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mike Bareja\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg\",\"width\":789,\"height\":442,\"caption\":\"Cyber security abstract concept. 3D contour of shield icon on digital background. Computer safety symbol 3D illustration.\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/\",\"name\":\"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#primaryimage\"},\"datePublished\":\"2023-10-18T01:00:03+00:00\",\"dateModified\":\"2023-10-18T00:57:13+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb\",\"name\":\"Mike Bareja\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g\",\"caption\":\"Mike Bareja\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/mike-bareja\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/","og_locale":"en_US","og_type":"article","og_title":"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist","og_description":"Australia\u2019s new cybersecurity strategy is all but released. Home Affairs Minister Clare O\u2019Neil and National Cyber Security Coordinator Darren Goldie have familiarised the government and industry with the strategy\u2019s six \u2018cyber shields\u2019 and timeline of ...","og_url":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2023-10-18T01:00:03+00:00","article_modified_time":"2023-10-18T00:57:13+00:00","og_image":[{"width":789,"height":442,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg","type":"image\/jpeg"}],"author":"Mike Bareja","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Mike Bareja","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1126779135.jpg","width":789,"height":442,"caption":"Cyber security abstract concept. 3D contour of shield icon on digital background. Computer safety symbol 3D illustration."},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/","url":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/","name":"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#primaryimage"},"datePublished":"2023-10-18T01:00:03+00:00","dateModified":"2023-10-18T00:57:13+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/shields-beyond-the-horizon-landing-australias-2023-cybersecurity-strategy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Shields beyond the horizon: landing Australia\u2019s 2023 cybersecurity strategy"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb","name":"Mike Bareja","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g","caption":"Mike Bareja"},"url":"https:\/\/www.aspistrategist.ru\/author\/mike-bareja\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83016"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1835"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=83016"}],"version-history":[{"count":1,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83016\/revisions"}],"predecessor-version":[{"id":83018,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83016\/revisions\/83018"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/83017"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=83016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=83016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=83016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}