2016: The year focus on Cyber Security took off in Australia
As I made the journey across to Washington DC for the inaugural Australia-US Cyber Security Dialogue, I reflected on just how much mileage there has been on the cyber security front in the last 6 months. I start the timeline in April when the Prime Minister, Malcolm Turnbull, launched his Cyber-Security Strategy. This strategy had a long digestion period, partly driven by the fact that cyber security is a relatively new and evolving domain where there are few, if any, blueprints for the government to follow. In fact the April Strategy was the first in around 6 years and set the scene to focus on this important domain for the nation.
Since April, we have had a stream of events and actions that has propelled Cyber Security to the forefront. A few positive ones like initiatives designed to raise the cyber security stature of all Australians, both public and private sectors and our citizens. Collaboration centres to drive innovation and intelligence sharing, and negative events like the on-line Census that elevated one such cyber event type – Distributed Denial of Service (DDOS) – into the nation’s vocabulary.
5 Pronged Approach to Cyber Security
As we move forward, I see the need for a five pronged approach to Cyber-security:
- A clear strategy
- The right culture to deliver on the strategy
- A strong technology & cyber security capability within Australia
- Measurement & transparency
This approach can be applied equally well at a business, or government agency level, as it can be to our Nation as a whole. And as we look to take on a leadership role in our region, they represent clear steps to assess where we need to focus that leadership energy. It’s this last regional dimension that is particularly exciting for Australia and what motivates me personally when I enter into this week’s dialogue.
When applying the above approach to the Australian Government, we now have a cyber security strategy in place, its now about the focus on the right culture and mindset to deliver. We have numerous elements in place… but there are still gaps. We still have a few government departments that look for every opportunity to bypass the advise of their own cyber experts – Australian Signals Directorate (ASD) as an example. This is unhelpful to a culture when we need everyone working together on a collective outcome. Ultimately it’s the weakest link that drives how secure we are as a nation. We must have a tighter approach to being aligned here as the consequences are real and significant – reputational and financial.
Further, the Australian government has recognised just how important the cyber world is for jobs. We can’t outsource this domain to low cost jurisdictions that themselves may be the source of attacks and espionage. It’s a key area for jobs for the future for Australia – and highly skilled ones that demand big salaries. We also need to have deep capabilities within government and the private sector so that we can play our part, and get the respect of our Allies, especially the USA, in the regional and global domain