Does the release of the annual Cyber Threat Report 2022-23 align strategically with broader foreign affairs and techno-economic geopolitical agendas?
Over the past two weeks, there have been significant AI announcements with cybersecurity implications, including the Biden administration's Executive Order on AI, the UK's AI Safety Summit, and the G7 Leaders' Statement on the Hiroshima AI Process. Concurrently, Australia has faced major cyber incidents, including an attack on its largest port operator and a major outage at Optus, its second-largest telecom provider. These events underscore the urgency for secure and resilient networks.
The forthcoming Australian Cyber Security Strategy for 2023–2030 aims to position Australia as the world's most cyber-secure country by 2030. This initiative is timely, considering recent data breaches at Optus, Medibank, and Latitude Financial, which impacted millions in Australia. The global landscape is equally challenging, with cyber-attacks in Ukraine and against US critical infrastructure. With the UK and US having updated their cybersecurity strategies, Australia's revision is essential.
Australia's Ambitious Cybersecurity Strategy for 2023-2030
The upcoming Australian cybersecurity strategy is set to embrace a comprehensive approach, aligning closely with the efforts of international allies while pivoting towards a national cybersecurity enhancement.
Minister for Cyber Security and Home Affairs Clare O'Neil has outlined a framework based on "six shields" of cybersecurity: educated citizens and businesses, secure technology, effective threat sharing and blocking, dependable critical infrastructure, sovereign capabilities, and regional resilience. The importance of aligning with regional and global partners is emphasised as a key to success.
O'Neil highlights an urgent need for Australia to advance its approach to cybersecurity, both economically and for security purposes. As we await the strategy's unveiling, three policy considerations stand out: establishing coordination mechanisms, ensuring flexible resourcing for the Department to execute and promote the strategy, and fostering collaboration with industry and international partners.
A change in National Cybersecurity approach and future implications
A notable shift in this strategy is the integration of domestic and international cybersecurity efforts, as explained by Deputy Secretary Hamish Hansford. This marks a departure from the primarily domestic focus of the 2020 strategy and the separate handling of international cybersecurity in the 2021 International Cyber and Critical Technology Engagement Strategy. This integration mirrors the approach of the recent US strategy, which emphasises international partnerships as one of its key pillars.
However, one must ask: In emulating aspects of the US strategy, how will Australia ensure it addresses unique regional challenges and maintains its cybersecurity sovereignty?
The coordination of international engagement between the Departments of Home Affairs and Foreign Affairs and Trade will be crucial in this respect, ensuring a balanced and effective approach to cybersecurity challenges.
The Australian government is set to announce expansions in cybersecurity resources, guided by initiatives from the National Coordinator. These are pivotal in shaping national cybersecurity policy, responding to major cyber incidents, ensuring government-wide readiness, and enhancing cybersecurity capabilities.
The seven-year national strategy, which has been under consultation throughout 2023 since its announcement in December 2022, is expected to significantly improve Australia's cybersecurity posture. After extensive public consultation, including 220 responses, there is anticipation for its imminent release.
Cybersecurity experts and academics anticipate that the strategy will enhance the roles of federal agencies like the ASD and ASCS. The strategy, developed collaboratively across policy, operational, and security sectors, is expected to be comprehensive and pivotal in strengthening the National Coordinator's ability to lead in collaboration with Australian government entities.
The business and industrial sectors are closely watching for potential impacts from the strategy's implementation.
As O’Neil noted, “we have as a country for how we deal with cyber issues.”
The seven-year national strategy, which has been under consultation throughout 2023 since its announcement in December 2022, is expected to significantly improve Australia's cybersecurity posture. After extensive public consultation, including 220 responses, there is anticipation for its imminent release.
Anticipating the Impact of the National Cybersecurity Strategy
Cybersecurity experts and academics anticipate that the strategy will enhance the roles of federal agencies like the ASD and ASCS. The strategy, developed collaboratively across policy, operational, and security sectors, is expected to be comprehensive and pivotal in strengthening the National Coordinator's ability to lead in collaboration with Australian government entities. The business and industrial sectors are closely watching for potential impacts from the strategy's implementation.
Minister O'Neil has actively engaged the media, emphasising the Albanese government's proactive stance on cybersecurity. On Tuesday, she was at the forefront, informing the public about the government's efforts to guide businesses through the challenges of ransomware, particularly as Australia approaches the peak of its retail season with Black Friday sales and the Christmas period.
With the rise in e-commerce and online sales, there is an increased concern for businesses vulnerable to significant cyberattacks and ransomware, underscoring the need for robust cybersecurity measures.
Recent media updates and social media engagements by government officials, including Air Marshal Darren Goldie (former National Cyber Security Coordinator), have been pivotal in highlighting Australia's cybersecurity policies and resilience measures.
The focus on industry collaboration for enhanced security, demonstrated by the upcoming town hall for critical infrastructure security, underscores this commitment.
.jpg)
