{"id":83790,"date":"2023-11-28T06:00:14","date_gmt":"2023-11-27T19:00:14","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=83790"},"modified":"2023-11-27T16:59:57","modified_gmt":"2023-11-27T05:59:57","slug":"australias-new-cybersecurity-strategy-tackles-the-tough-issues","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/","title":{"rendered":"Australia\u2019s new cybersecurity strategy tackles the tough issues"},"content":{"rendered":"
<\/figure>\n

The\u00a0cybersecurity strategy<\/a>\u00a0released last week by the Albanese government is about collaboration and communication, not about conjuring our worst national-security nightmares. It\u2019s focused on industry and consumers.<\/p>\n

The government, industry and citizens must work together with trust for Australia to make real changes in our cybersecurity, and this strategy recognises that. One of\u00a0Cyber Security Minister Clare O\u2019Neil\u2019s<\/a>\u00a0objectives seems to be humanising cyber and making it appealing and accessible to everyday Australians.<\/p>\n

Of the six \u2018cyber shields\u2019 in the strategy, \u2018strong businesses and citizens\u2019 is number one. The first actions out of the gate are directly helping small and medium-sized businesses with free cyber health checks and establishing a small business cybersecurity resilience service to give advice. Arguably, these are things the\u00a0Australian Cyber Security Centre<\/a>\u00a0should be doing already, but the $7.2 million health checks and $11 million advice program have been welcomed by industry groups.<\/p>\n

The government is also inviting business to \u2018co-design options\u2019 for regulation or legislative changes that affect industry. These include a ransomware reporting obligation, a new cyber incident review board, a code of practice for cyber incident response providers, mandatory standards for smart devices, a voluntary labelling scheme for smart devices and a code of practice for software development.<\/p>\n

It\u2019s great that the government is including industry in the conversation, but open-ended \u2018co-design\u2019 risks delaying real action. These phases must be strictly controlled with defined end dates.<\/p>\n

More broadly, the strategy isn\u2019t revolutionary. On a generous assessment, perhaps eight of the 48 prescribed actions are new initiatives. The rest Australia has tried before, or has already introduced.<\/p>\n

This shows that, even in a constantly moving cybersecurity landscape, there are enduring problems. It also shows that the government is willing to build on what has been done before rather than wipe the slate clean for the sake of politics.<\/p>\n

The two most important enduring problems that frustrate Australia\u2019s cybersecurity are information-sharing and cyber workforce shortages, and each has a \u2018cyber shield\u2019 dedicated to it.<\/p>\n

Information asymmetries between consumers, companies and governments make stopping threats and responding to incidents slow, ineffective and expensive. The strategy seeks to improve information-sharing by creating better motivations and opportunities to share.<\/p>\n

Share-price drops, reputation risks and legal ramifications are among the reasons companies avoid reporting cyber incidents to the government. Sometimes it\u2019s honest confusion about when and how to report. The strategy proposes a range of actions to create the right environment to motivate information-sharing.<\/p>\n

The \u2018no fault, no liability\u2019 ransomware reporting proposal and a proposed \u2018limited use obligation\u2019 that clarifies how the Australian Signals Directorate and the cybersecurity coordinator may use cyber incident reporting will give companies greater peace of mind. Clarifying the cybersecurity reporting obligations for owners and operators of critical infrastructure<\/a> will remove ambiguity about how and when to report.<\/p>\n

The strategy also creates opportunities and platforms to foster industry\u2013government threat intelligence sharing through a cyber executive council, streamlining ASD\u2019s reporting portal and establishing or scaling up Information Sharing and Analysis Centres\u2014a model that has worked fairly effectively in the United States for 20 years.<\/p>\n

The co-led\u00a0Microsoft\u2013ASD Cyber Shield, or MACS<\/a>\u2014although currently opaque\u2014should also enhance national threat intelligence sharing and capabilities. It will focus on detecting, analysing and defending against sophisticated nation-state cyber threats.<\/p>\n

Australia\u2019s cyber workforce, however, is the fly in the ointment. Our workforce shortage has been around for decades and is only getting bigger. The problem is even more acute in government, where below-market salaries and onerous security requirements are additional barriers to an adequate cyber workforce.<\/p>\n

The strategy refers to building the local cyber skills pipeline through better workforce analysis, vocational training, changes to the primary and secondary curriculum, and additional higher education Commonwealth-supported places. These are good but existing policies. The strategy\u2019s only real new action is increasing skilled migration. In the same breath, questions of detail are shifted to the government\u2019s upcoming\u00a0migration strategy\u00a0to answer.<\/p>\n

Australia isn\u2019t alone in the global struggle to attract talent, and skilled migration settings are difficult to get right. It also raises complex questions about other major policy areas, not least of which are housing, infrastructure and the\u00a0cost of living.<\/p>\n

There\u2019s a sense that increasing migration is an easy answer to what should be a more expensive and difficult conversation on how to build on the existing policies. One moonshot would be to redirect some of the\u00a0$15 billion National Reconstruction Fund\u00a0into subsidising education to get tens of thousands of young Australians into cyber training and careers.<\/p>\n

As with all strategies, implementation is essential. An action plan naming lead agencies offers welcome accountability. The strategy\u2019s two-year \u2018horizons\u2019 also create a realistic runway with what should be built-in evaluation and pivot points.<\/p>\n

And we should expect to pivot, given the degrading security environment and the rate of development of transformational technologies like artificial intelligence. On these, the strategy\u2019s actions are unlikely to put Australia ahead of the curve, being limited to \u2018embedding\u2019 cybersecurity into ongoing work and updating the Information Security Manual.<\/p>\n

In many ways, the Department of Home Affairs and the broader Australian government are well placed to move forward on cybersecurity. As the strategy itself states, we have robust regulation in the recent Security of Critical Infrastructure Act and strong offensive and defensive capabilities with ASD\u2019s REDSPICE funding of $9.9 billion over 10 years. Australia is a trusted partner sitting within a powerful set of multilateral arrangements, including the\u00a0Five Eyes,\u00a0AUKUS, the\u00a0Quad\u00a0and\u00a0the Pacific Islands Forum.<\/p>\n

Home Affairs has also established the new cybersecurity coordinator\u2019s office, a separate team to manage the strategy\u2019s implementation, and a detailed action plan to execute. On the other hand, the department is still reeling from the departures of secretary\u00a0Mike Pezzulo in September<\/a> and cybersecurity coordinator\u00a0Darren Goldie last week<\/a>, after only four months in the job.<\/p>\n

Dennis Richardson\u2019s\u00a0scathing<\/a>\u00a0review of Home Affairs\u2019 handling of offshore detention was leaked around the same time Goldie\u2019s recall was announced. One of the unspoken actions of this strategy\u2019s first horizon out to 2025 will be navigating Home Affairs\u2019 leadership uncertainty, fiscal constraint and external scrutiny.<\/p>\n","protected":false},"excerpt":{"rendered":"

The\u00a0cybersecurity strategy\u00a0released last week by the Albanese government is about collaboration and communication, not about conjuring our worst national-security nightmares. It\u2019s focused on industry and consumers. The government, industry and citizens must work together with …<\/p>\n","protected":false},"author":1835,"featured_media":83793,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,2138,332,136],"class_list":["post-83790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cybersecurity","tag-technology","tag-workforce"],"acf":[],"yoast_head":"\nAustralia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Australia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The\u00a0cybersecurity strategy\u00a0released last week by the Albanese government is about collaboration and communication, not about conjuring our worst national-security nightmares. It\u2019s focused on industry and consumers. The government, industry and citizens must work together with ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-27T19:00:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-27T05:59:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"691\" \/>\n\t<meta property=\"og:image:height\" content=\"443\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mike Bareja\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mike Bareja\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg\",\"width\":691,\"height\":443,\"caption\":\"1336250799\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/\",\"name\":\"Australia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#primaryimage\"},\"datePublished\":\"2023-11-27T19:00:14+00:00\",\"dateModified\":\"2023-11-27T05:59:57+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Australia\u2019s new cybersecurity strategy tackles the tough issues\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb\",\"name\":\"Mike Bareja\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g\",\"caption\":\"Mike Bareja\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/mike-bareja\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Australia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/","og_locale":"en_US","og_type":"article","og_title":"Australia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist","og_description":"The\u00a0cybersecurity strategy\u00a0released last week by the Albanese government is about collaboration and communication, not about conjuring our worst national-security nightmares. It\u2019s focused on industry and consumers. The government, industry and citizens must work together with ...","og_url":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2023-11-27T19:00:14+00:00","article_modified_time":"2023-11-27T05:59:57+00:00","og_image":[{"width":691,"height":443,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg","type":"image\/jpeg"}],"author":"Mike Bareja","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Mike Bareja","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-1336250799.jpg","width":691,"height":443,"caption":"1336250799"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/","url":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/","name":"Australia\u2019s new cybersecurity strategy tackles the tough issues | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#primaryimage"},"datePublished":"2023-11-27T19:00:14+00:00","dateModified":"2023-11-27T05:59:57+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/australias-new-cybersecurity-strategy-tackles-the-tough-issues\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Australia\u2019s new cybersecurity strategy tackles the tough issues"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/dde97d168dc4a89b1c8c867bf33dd8eb","name":"Mike Bareja","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a45f970ead272e8ec96577cd3d85d417?s=96&d=mm&r=g","caption":"Mike Bareja"},"url":"https:\/\/www.aspistrategist.ru\/author\/mike-bareja\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83790"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1835"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=83790"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83790\/revisions"}],"predecessor-version":[{"id":83795,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83790\/revisions\/83795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/83793"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=83790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=83790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=83790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}