Improving Australia’s cyber preparedness and resilience is a pressing issue that requires a whole-of-society response, according to Department of Home Affairs Secretary.
The public sector veteran used a video address to the 2020 Edith Cowan and Home Affairs Cyber Security Forum to call for closer collaboration between government, industry and academia on managing Australia’s cyber risks.
He noted that governments cannot do this on their own. Yes, in days past a lot of security threats were managed in great secrecy and by governments taking the lead, the official stated in a video message.
Government had all the information typically, and government had most of the response options and tools in their inventory. This is no longer the case, and especially so in cyber. Frankly, everyone is on the front line.
The Secretary has been expected to deliver the keynote address for the Forum, which was convened to explore the key findings of last year’s consultation on the 2020 Cyber Security Strategy, but was unable to attend in person because his department is dealing with a number of issues related to bushfires and biosecurity risks.
Developing a strong cybersecurity strategy will require improving cyber resilience. This will in turn require partnerships between governments and industry, between state and federal agencies, and with “society at large”.
One area where such partnerships can play a role is in cyber preparedness. Such a vital area cannot be left to CIOs of organisations or to government agencies to manage alone.
Preparedness is something that has to be thought about on that whole-of-society basis. The nation’s universities play a great role in adding to the country’s store of knowledge, research and thinking, as do cooperative bodies such as the CRCs, as do large corporations, as does the business sector at large, as do citizens themselves.
But at the same time, the government needs to lead these efforts, particularly in aspects to do with standards, trusted marketplaces and cyber awareness.
Exploring the latest techniques and approaches is an important aspect of the preparatory work for designing the 2020 Cyber Security Strategy.
Other important considerations for the strategy involve incident management and response. Cybersecurity planning in the modern era requires considering a hack to be inevitable, which means a response will be required.
The Secretary put forward important questions; What are the right protocols? How does the government get emergency help particularly to those who are affected most egregiously? And does a nation and a people and a society respond, particularly to those most grievous hacks which are societal-wide and which have repercussions that spread beyond IT usage?
Finally, developing a fit-for-purpose security strategy will require answering important questions about recovery and resilience.
“If data is being frozen, if essential services have gone offline, if other societal functions have been impaired, how do we respond societally? How do we respond with resilience, much in the same way as we do with disaster risk or climate risk or indeed biosecurity risk?” the official asked.
It’s these common society-wide risks that need to be mitigated and responded to that my department particularly is charged with thinking about society-wide impacts.
Findings from the conference will be used to help shape the advice the department is preparing for the government in terms of the 2020 Cyber Security Strategy, the official concluded.
The government is seeking to determine what parts of the existing strategy — which was developed in 2016 — remain fit for purpose and should be retained, and what parts should be replaced.
