The Industry Advisory Panel (IAP) established by the Federal Government to provide strategic advice on Australia’s 2020 Cyber Security Strategy has delivered its report, including 60 recommendations to bolster Australia’s critical cyber defences.
IAP Chair Andrew Penn said there had never been a more important time for Australia to strengthen its cyber defences.
“The Panel’s recommendations are designed to create robust and adaptable defences able to evolve as threats evolve and technologies change,” Mr Penn said.
“Today technology sits at the very heart of the lives of most Australians and increasingly shapes our economy, our society and our future. It is fast changing how we live, learn and work, and embracing our digital future will be central to our post-COVID-19 recovery and long-term competitiveness.
“At the same time, we need to be alert to the fact that this acceleration in the digital economy exposes us to a greater risk of cyber threats. We are seeing increased levels of malicious cyber activity, both state-based and criminal. Successfully meeting this challenge requires upgrading Australia’s cyber defences to be strong, adaptive and built around a strategic framework that is coordinated, integrated and capable.
“The 2020 Cyber Security Strategy has an opportunity to be all of those things and provide an enormous – and never more important – contribution to a safer, more prosperous Australia,” Mr Penn said.
The Panel’s recommendations are structured around a framework with five key pillars:
- Deterrence:The Government should establish clear consequences for those targeting businesses and Australians. A key priority is increasing transparency on Government investigative activity, more frequent attribution and consequences applied where appropriate, and strengthening the Australian Cyber Security Centre’s (ACSC’s) ability to disrupt cyber criminals by targeting the proceeds of cybercrime.
- Prevention: Prevention is vital and should include initiatives to help businesses and Australians remain safer online. Industry should increase its cyber security capabilities and be increasingly responsible for ensuring their digital products and services are cyber safe and secure, protecting their customers from foreseeable cyber security harm. While Australians have access to trusted goods and services, they also need to be supported with advice on how to practice safe behaviours at home and work. A clear definition is required for what constitutes critical infrastructure and systems of national significance across the public and private sectors. This should be developed with consistent, principles-based regulatory requirements to implement reasonable protection against cyber threats for both the public and private sectors.
- Detection:There is clear need for the development of a mechanism between industry and Government for real-time sharing of threat information, beginning with critical infrastructure operators. The Government should also empower industry to automatically detect and block a greater proportion of known cyber security threats in real-time including initiatives such as ‘cleaner pipes’.
- Resilience:We know malicious cyber activity is hitting Australians hard. The tactics andtechniques used by malicious cyber actors are evolving so quickly that individuals, businesses and critical infrastructure operators in Australia are not fully able to protect themselves and their assets against every cyber security threat. As a result, it is recommended that the Government should strengthen the incident response and victim support options already in place. This should include conducting cyber security exercises in partnership with the private sector. Speed is key when it comes to recovering from cyber incidents, it is therefore proposed that critical infrastructure operators should collaborate more closely to increase preparedness for major cyber incidents.
- Investment:The Joint Cyber Security Centre (JCSC) program is a highly valuable asset and should be strengthened to form a key delivery mechanism for the initiatives under the 2020 Cyber Security Strategy. This should include increased resources and the establishment of a national board in partnership with industry, states and territories with an integrated governance structure underpinned by a charter outlining scope and deliverables.
Panel background
The 2020 Cyber Security Strategy Industry Advisory Panel was established by the Minister for Home Affairs Peter Dutton in November 2019 to provide advice from an industry perspective on best practices in cyber security and related fields; emerging cyber security trends and threats; key strategic priorities for the 2020 Cyber Security Strategy; significant obstacles and barriers for the delivery of the 2020 Cyber Security Strategy; and the effect of proposed initiatives on different elements of the economy, both domestic and international.
The panel was chaired by Andrew Penn, CEO of Telstra; with Robert Mansfield, Chair of Vocus Group; Robyn Denholm, Chair of Tesla; Chris Deeble, CEO of Northrop Grumman Australia; Darren Kane, Chief Security Officer NBN Co and Kirstjen Nielsen, formerly U.S. Secretary of Homeland Security from 2017-2019 as members.
The Panel’s recommendations are designed to strike the balance between increasing cyber defences while promoting the development of a digital economy and countering threats to the economy, safety, sovereignty and national security. A full copy of the report can be found here: https://mysecuritymarketplace.com/reports/australias-2020-cyber-security-strategy-industry-advisory-panel-report/