In an address at a cybersecurity conference in Sydney, the National Cybersecurity Coordinator Michelle McGuinness outlined Australia’s ambitious plan to become a world leader in cyber security by 2030.
The strategy, embedded within the broader 2030 Australian national security framework, recognises that achieving this goal requires not only technical prowess but also a fundamental shift in the nation’s cyber security culture.
The National Cybersecurity Coordinator provided a summary of the strategy and explained the progress across each of these goals.
“We find ourselves halfway through what is called horizon one of the strategy,” said McGuiness. “The strategy is a six-year horizon and we’re halfway through the first horizon”.
“With two more horizons to go, there is a big body of work ahead of us,” she added. “We have momentum, but also some impressive runs on the board. In just the past 12 months, we’ve delivered landmark cyber security legislation, and we now just follow eight nations that have a standalone Cyber Security Act.”
McGuinness highlighted that CISOs who have undergone major incidents over the last two to three years had to reach out to multiple different entities. The advent of the National Coordinator office has served to streamline this toil. The current cyber skills shortage gap was also highlighted.
“We will scale up our cyber industry and grow a diverse cyber workforce,” McGuiness said. “Current estimates are we are short 30,000 employees in the cybersecurity field across all aspects of the field. Women make up 17% of the this field… Quite simply, diversity is a capability, and in this great nation, diversity is also sustainability”
Her ask is that we take advantage of this huge reserve of potential is an imperative to bring all components of society into our workforce.
There is a focus now to broaden the perspective from cyber just the CISOs role to becoming everyone’s responsibility. McGuiness emphasised that we need businesses to be at the forefront of this cultural shift.
Using the analogy that in Australia we have built strong workplace safety cultures, McGuinness said, “we don’t walk past hazards and risks, we look after our people, we know how to keep our families and loved ones safe.”
“We have to start with our organisations. We must ensure that cyber resilience and risk management is embedded throughout organisations…..our systems, our people and our technologies. This is how we believe we drive a new culture across our nation.”
McGuinness acknowledged that boards, directors and senior management all have pivotal role to play in developing frameworks to manage cyber risk.
“We need cyber risks to be brought into the foreground. It must be front of mind, innate and built-in,” she said. It can’t be added on.”
McGuinness told vendors attending the conference that they have an important role to play in fostering the security culture and adopting simple secure by design principles.
“In the past 12 months, we’ve also strengthened our public-private partnership through a range of initiatives, including our national cyber intel partnership and the recent launch of the AUD6.4 million health sector information sharing, awarded to CI-ISAC.”
“Looking further afield we beefed up our role in the counter-ransom initiative and international initiative, which strengthens our region’s resilience against criminals who seek to lock us out of our data.”
The national cybersecurity coordinator also said that they are supporting businesses of all sizes in navigating this modern-day threat of ransomware through the release of the ransomware playbook, which prepares us to deal with a ransomware or cyber extortion incident.
Further the government is also reviewing their own data retention provisions to reduce the attack surface.
McGuinness highlighted the need for every Australian citizen to alter their relationship with connected devices and the digital economy. Similarly, businesses must integrate security into every facet of their operations, moving beyond mere compliance to a proactive and holistic approach.
On geopolitics and the emerging world directions, McGuinness spoke to the need to strengthen and support our sovereign capability. She noted that the roadmap to security and prosperity is doing more in Australia and relying less on large supply chains that we can’t control.
