A Record Investment to Provide a More Secure Online World for All Australians
On 6 August, the Australian Government released its 2020 Cyber Security Strategy with an investment of more than 1.6 billion Australian dollars – representing the largest-ever Australian Government financial commitment to cybersecurity.
The 2020 Strategy builds on the 2016 Cyber Security Strategy, which invested AU$230 million to advance and protect Australia’s interests online across 33 initiatives.
The new Strategy was developed following an extensive consultation led by the Government, which received over 215 submissions from across Australian Government bodies, industry and members of the public. The Australian Government also met with more than 1,400 people from across the country in face-to-face consultations, including workshops, roundtables and bilateral meetings. In addition, the Minister for Home Affairs, the Hon. Peter Dutton MP, established a Cyber Security Strategy Industry Advisory Panel to provide strategic advice and guidance on the Strategy’s development.
The Strategy includes a number of initiatives, and articulates key actions and responsibilities for the Government, business and the community.
Actions for Government – Disrupting Cybercrime and Building Partnerships for a National Threat Picture
The Government has made it clear in the Strategy that it is determined to disrupt the serious criminal activity saturating the dark web. The Strategy cites recent estimates suggesting that cyber incidents cost the Australian economy up to AU$29 billion – that's a staggering 1.9% of Australia’s GDP.
To address this, the Government has signaled that it will introduce legislation to bolster the powers of law enforcement and criminal intelligence agencies to identify and disrupt individuals engaging in serious criminal activity online. The Government will invest over AU$88 million to bolster the Australian Federal Police’s capabilities to investigate and prosecute cyber criminals and create a fund to co-invest in counter-cybercrime capabilities with the states and territories.
Strengthening public-private partnerships and threat information sharing have also been identified as a key pillar for action for the Government.
The Government will strengthen its capacity to prevent or respond to malicious cyber activity, including by investing AU$62.3 million in a classified national situational awareness capability and delivering a enhanced threat-sharing platform. To bolster partnerships between businesses and governments, the Australian Government will increase its investment in the Joint Cyber Security Centres – a key initiative under the 2016 Cyber Security Strategy designed as cyberthreat and information-sharing hubs in key state capital cities – will receive AU$67 million to enable greater cybersecurity collaboration with state governments and industry (including critical infrastructure).
We welcome these initiatives, which will promote public-partnerships to combat cyber threats. Only by working together will we be able to identify and address cyber threats at scale.
Actions for Business – Securing Australia’s Critical Infrastructure, SMEs and Promoting Security by Design
In our increasingly interconnected world, improving the security and resilience of critical infrastructure entities is crucial to protecting Australia’s economy and national security. The Government has outlined the introduction of an enhanced security regulatory framework to bolster the nation’s resilience and ensure Australia can act quickly in an emergency. The framework includes security obligations for critical infrastructure providers and Government assistance to industry in response to immediate and serious cyberattacks on Australia’s most critical systems. The package will also provide over AU$66 million to assist Australia’s major critical infrastructure providers in assessing their networks for vulnerabilities and collaborating to enhance their cybersecurity posture.
Small and medium businesses also get a shout-out, with the Government noting it will work with large businesses to assist Australian small to medium businesses in upgrading their cybersecurity and growing their cybersecurity awareness. This will be accomplished, for example, by providing cybersecurity information and tools as part of bundles of secure services (such as threat blocking, antivirus and cybersecurity awareness training).
Finally, the Government notes the importance of working with industry to promote security by design – encouraging internet service providers to deliver secure internet services and noting the release of a “Voluntary Internet of Things Code of Practice” to help consumers understand the security and privacy implications of IoT devices they purchase.
Australia has been lucky to avoid a catastrophic cybersecurity incident against its businesses to date. It is widely acknowledged that the loss of an essential service could have devastating impacts across Australia. These measures are important in improving security and resilience in critical infrastructure sectors.
Actions for the Community – Improving Cybersecurity Awareness
The Government has announced measures to expand its efforts to raise awareness of cybersecurity threats and drive uptake of safe and secure online behaviors across the community. The measures include a new public awareness-raising campaign, direct engagement with the community via a training program for small businesses, older Australians and Australian families, expanding the Government’s 24/7 cybersecurity advice hotline for families and older Australians and, importantly, increasing funding to support victims of cybercrime.
These measures are welcome – educating all Australians on what steps they can take to secure their information and systems is critical in the fight against cyber adversaries. Australia has a history of large-scale, national campaigns aimed at educating citizens of all ages about steps to take to reduce certain risks, including the “Slip, Slop, Slap” campaign, which was touted as the reason for a significant reduction in skin cancer in Australia. We are pleased to see community education and awareness of cybersecurity being elevated and identified as a key priority in the national agenda.
The 2020 Cyber Security Strategy Comes at an Important Time
There could not be a more important time to release this Strategy. With the COVID 19 pandemic, more Australians are online than ever – whether it's for work, healthcare, education or entertainment. We have also seen a number of businesses accelerate their digital transformations or move online for the first time. At the same time, we have witnessed dozens of COVID-19-themed phishing campaigns targeted at Australians and Australian businesses of all sizes. On 19 June, Australian Prime Minister Scott Morrison announced that Australian organisations – across a range of sectors and levels – were being targeted by a sophisticated state-based cyber actor. The 2020 Strategy is critical in articulating how Australia will work to address cyber threats. It is an important milestone in a series of initiatives the Australian Government continues to make to improve the country’s cybersecurity posture – including the 30 June 2020, announcement of an AU$1.35 billion investment in the Cyber Enhanced Situational Awareness and Response (CESAR) package to ensure that the Australian Signals Directorate can identify more cyber threats, disrupt more foreign cybercriminals, build more partnerships with industry and governments globally and protect more Australians.
Cybersecurity is a collective opportunity and a shared responsibility. Every part of the Government, business and the community has a role to play in implementing this Strategy.
We congratulate the Australian Government on delivering the 2020 Cyber Security Strategy and on committing to a record investment in cybersecurity. Palo Alto Networks looks forward to working with the Australian Government to realise the goals of the 2020 Cyber Security Strategy.
Sarah Sloan is Head of Government Affairs and Public Policy, ANZ, Palo Alto Networks.