COVID-19 has led to more Australians working, studying and connecting online than ever before.
Cyber criminals have adapted their strategies to take advantage of this development, resulting in an unprecedented threat to our cyber security.
In its 2020 Cyber Security Strategy, the Australian government outlines how it plans to address these threats and create a more secure online environment for Australians, their businesses, and the essential services they depend on.
These efforts are backed by an investment of $1.67 billion over ten years in cyber security. This is the largest ever financial commitment to cyber security in Australia, and a significant increase from the $230 million invested as part of the 2016 Cyber Security Strategy.
The 2020 Strategy consists of actions required from three key stakeholders to improve cyber security and combat cybercrime: governments, businesses, and the community.
Actions by governments
Unsurprisingly, the heart of the 2020 Strategy hinges on the actions of the Australian government, who have been assigned nine key actions.
1. Protect critical infrastructure in a national emergency
The Australian government will introduce new laws requiring businesses to protect systems and minimise the impact of cyber incidents.
This will ensure Australia can recover quickly from a cyber security emergency.
2. Enhance incident response procedures
$10 million will be invested in an expanded National Exercise Program that will bring government agencies together with private sector organisations to plan and prepare for cyber security incidents.
This will help to ensure that in the event of a cyber incident, Australia’s essential services can be quickly restored.
3. Bolster law enforcement capabilities, including on the dark web
This initiative will be supported by:
- $124.9 million investment to strengthen law enforcement’s counter-cybercrime capabilities. $89.9 million of this amount is dedicated to the AFP.
- $31.6 million investment to expand the ability of the Australian Cyber Security Centre (ACSC) to counter global cybercrime and assist domestic law enforcement agencies.
This will help to protect Australians from cybercrime and strengthen the economy.
4. Harden Australian government IT
The Australian Government will strengthen defences of its networks by centralising their management and operation. This will particularly reduce vulnerabilities of smaller agencies with less cyber security capability.
This is important to Australians to ensure they have confidence that their data is secure.
5. Improve threat information sharing
This initiative will be supported by investments of:
- $35.3 million through the ACSC to deliver a new partner portal and threat-sharing platform.
- $1.6 million to enhance the cyber security of Australian universities.
This will not only help to protect critical infrastructure and businesses, but also the public.
6. Uphold international law and norms
The Australian government will impose stronger consequences for those who don’t adhere to international laws and agreed norms concerning responsible behaviour in cyberspace.
This will make Australia a less desirable target for malicious state-based cyber activity.
7. Strengthen cyber security partnerships
This initiative will be supported by investments of:
- $67.9 million to expand the Joint Cyber Security Centres (JCSC) program.
- $8.2 million to establish a Department of Home Affairs presence at each JCSC.
This will help to ensure a whole-of-government approach to cyber security engagement.
8. Clarify cyber security obligations for Australian businesses
Potential legislative changes will clarify the cyber security obligations for businesses.
Businesses will have more clarity about what they need to do to protect themselves and their customers. Consumers will have increased confidence in the security of products and services.
9. Stay ahead of the technology curve
This initiative will be supported by investments of:
- $118 million to expand data science capabilities.
- $20.2 million to establish research laboratories to better understand threats related to emerging technology.
- $469.7 million to recruit five hundred additional intelligence and cyber security personnel over 10 years.
- $385.4 million to enhance intelligence capabilities.
This will help to ensure Australia is able to adapt to emerging cyber security threats.
Actions by businesses
As evidenced in some of the required government actions, there is an onus on Australian businesses to follow new laws introduced by the government and adhere to cyber security obligations to protect themselves and their customers. This involves five key actions.
Conversely, the success of Australian businesses in implementing these actions will depend in large part on the support, training and resources received by the government.
1. Improve baseline security for critical infrastructure
Minimum cyber security requirements will be implemented for operators of critical infrastructure and systems of national significance. This work will be supported by investments of:
- $66.5 million to enable the ACSC to assist Australia’s major critical infrastructure providers. This will involve assessing their networks for vulnerabilities and enhancing cyber security.
- $62.3 million to deliver a national situational awareness capability to better enable the ACSC to understand and respond to cyber threats on a national scale.
This will help to ensure the security of Australia’s critical infrastructure, and the citizens that rely on them.
2. Uplift the cyber security of SMEs
The $8.3 million Cyber Security Connect and Protect Program will help raise the cyber security of small and medium-sized enterprises (SMEs).
This will help to strengthen Australia’s economy.
3. Create a more secure Internet of Things
The Australian Government will release the voluntary Code of Practice on the security of the Internet of Things.
This will make the devices used by households and businesses more cyber secure.
4. Grow a skilled workforce
This initiative will be supported by an investment of $50 million in the Cyber Security National Workforce Growth Program.
This program will ensure there are enough sufficiently skilled cyber security professionals in business and government. Australians will also have new career opportunities.
5. Block threats automatically
There will be research and development into new capabilities to detect and block threats at scale, supported by an investment of $12.5 million.
This will help Australians and their businesses to block threats before reaching them.
Actions by the community
Individuals need to ensure they are taking appropriate steps to protect themselves online.
While three key actions are required of the community as part of the 2020 Cyber Security Strategy, success will be influenced by the effectiveness of the Australian government in educating the public about cyber threats, and providing the tools and resources needed to safely navigate the online environment.
1. Access guidance and information on cyber security
This initiative will be supported by:
- $4.9 million investment in a public awareness campaign led by the ACSC targeting vulnerable Australians, such as the elderly.
- The Australian government will work with large businesses such as banks and internet service providers to ensure that SMEs have access to cyber security information, including toolkits that they can use to raise the cyber security awareness of their staff.
This will raise community awareness and help to reduce the impact of malicious cyber attacks.
2. Access help and support when needed
This initiative will be supported by investments of:
- $58.3 million to enhance customer engagement channels.
- $12.3 million to extend the 24/7 cyber security helpdesk to SMEs and families.
- $26.0 million to support the ACSC to expand its assistance to the SMEs and the community.
- $6.1 million to bolster services to victims of cybercrime.
This will ensure that victims of cybercrime, whether individuals or businesses, will have access to support when needed.
3. Make informed purchasing decisions
All consumers need to make smart cyber security decisions when purchasing digital devices.
The Australian government will provide consumer purchasing information related to cyber security at cyber.gov.au.
Consumers will benefit by knowing what cyber security features to look out for when buying a digital device.
Conclusion
The Australian government is investing a record $1.67 billion over ten years in cyber security, to support the implementation of its 2020 Cyber Security Strategy.
The Strategy requires actions of governments, businesses and individuals to address key threats and ensure that Australia is a safe place to connect online.
While we all need to do our part to mitigate the threat to our collective cyber security, success will largely depend on the effectiveness of the Australian government in providing support, sharing information, and clearly communicating obligations and potential new legislation to enforce them.
