Modern Australian
The Times

Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach

  • Written by Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University

Prime Minister Scott Morrison revealed last month Australia is actively being attacked by hostile foreign governments.

An advisory note posted on the government’s Australian Cyber Security Centre website said the attackers were targeting various vulnerable networks and systems, potentially trying to damage or disable them.

Read more: China's disinformation threat is real. We need better defences against state-based cyber campaigns

Governments – along with individuals and the private sector – have an important role in addressing cyber risks that threaten our national security. At some point this year, the federal government’s new cybersecurity strategy is set to be announced.

Many in the industry hope it will be comprehensive and backed by significantly more investment than the previous one, to address what is a growing threat. Currently, a cybercrime incident is reported every ten minutes in Australia.

However, due to the unexpected budget impacts of the coronavirus pandemic, there may simply not be enough money to invest in the programs we need to stay protected from large-scale cyberattacks.

An underwhelming delivery

We know governments test each other’s cyber defences in the interest of their own national security.

Information warfare (such as through disinformation campaigns) between governments has taken place for many years.

Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach Last year, US Attorney General William Barr testified before a senate judiciary committee hearing on the investigation into Russia’s meddling with the 2016 presidential election. The disinformation campaign was one of the most notable large-scale information warfare attempts of recent years. Clodagh Kilcoyne/Reuters

In 2016, then prime minister Malcolm Turnbull released Australia’s first cybersecurity strategy. It involved investments of more than A$230m across four years for five “themes of action” including including stronger cyber defences, and growth and innovation in the sector.

Read more: Bushfires, bots and arson claims: Australia flung in the global disinformation spotlight

The strategy envisioned making Australia a “cyber smart nation”, by ensuring we had the skills and knowledge needed to thrive in the digital age, while staying cyber safe.

But overall, the strategy was poorly implemented.

For instance, improving cybersecurity requires close collaboration between government, industry, academia and community. To this end, Joint Cyber Security Centres were announced so various parties could share knowledge.

However, prior to COVID-19, plans were in motion to align these centres with the Australian Signals Directorate’s higher security classification. This would hinder a collaborative environment by restricting movement within, and access to, the centres.

Moreover, only 32% of cybersecurity professionals have visited a centre, highlighting the government’s failure to engage with the sector.

Four years on from the initial strategy’s release, the “smart nation” vision seems lost. The cybersecurity sector faces skills shortages, and the public and businesses remain largely unaware of how to protect themselves.

It’s clear a cybersecurity reset is required.

Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach Then Minister for Defence Christopher Pyne at the official 2018 opening of Adelaide’s Joint Cyber Security Centre. Sam Wundke/AAP

We need a targeted, forward-thinking strategy

The release of the Morrison government’s new strategy has been delayed due to COVID-19, but we have some idea of what to expect.

The government has announced it will redirect existing defence funding to the Australian Signals Directorate (ASD) and Australian Cyber Security Centre (ACSC) to employ up to 500 additional staff to tackle cybercrime.

But how this will work in a market with skills shortages is unclear.

Read more: Morrison announces repurposing of defence money to fight increasing cyber threats

Also, redirecting existing funding into cybersecurity is positive, but it is only one part of the solution. What’s missing from the conversation is strategic, long-term investment.

Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach Former Prime Minister Malcolm Turnbull at the August 2018 opening of the Australian Cyber Security Centre in Canberra. MICK TSIKAS/AAP

A holistic, interdisciplinary approach

Effective cybersecurity is about more than technology – it’s about people (from a range of backgrounds), user behaviour, business processes, problem solving capability, regulations, industry standards and policy.

I’ve read 156 submissions to the upcoming cybersecurity strategy, which was open to public comment. I also have knowledge of confidential submissions not made public.

Drawing on these views, and my own expertise, here are five elements I believe the upcoming strategy should contain:

1. Educate to drive behavioural change

The “Slip, slop, slap” health awareness campaign was one of the most successful we’ve ever had.

It drove real social behavioural change in Australia. A similar change is required to help make Australians more knowledgeable about cybersecurity issues, and how technology can be exploited.

This isn’t a quick fix, and will likely be a long-term effort.

2. Build resilience in critical infrastructure

COVID-19 has demonstrated how easily societies can be disrupted, particularly key supply chains and systems.

We need improved processes, regulation and standards to ensure the infrastructure we rely on is cyber-resilient. When breaches occur, organisations must be prepared to resolve them and restore services.

Banks are a good example, as they rely on thousands of suppliers. On this front, the Australian Prudential Regulation Authority last year introduced a prudential standard called CPS234, aimed at improving resilience against information security incidents (including cyberattacks).

3. Help small businesses

More grants and tax incentives for small businesses will enable them to access technology and talent to improve their cybersecurity capabilities.

A coordinated approach is needed through all levels of government to raise awareness of the adverse impacts cyberattacks have on businesses. This includes the consequences of customer data and privacy breaches.

It’s also crucial businesses know where to independently seek clear and concise advice when required.

4. Nurture the talent pipeline

Almost every day I hear about the industry’s cybersecurity skills shortage. I also hear from students how tough it can be to get a job in cybersecurity, even with any number of certifications.

It’s easy for businesses to poach existing talent from other organisation rather than hire graduates or interns. To break this cycle, we need improved educational courses focused on the skills employers want.

There should also be incentives for businesses to employ interns and graduates.

5. Cut the bureaucratic red tape

The federal government needs to do more to address Australia’s cybersecurity problem holistically – not just with additional legislation and funding for existing government agencies.

Hierarchies and dealings within the sector are currently overly complex.

Simplification and common sense are required.

Protecting Australians from outside parties intent on exploiting the technology we use isn’t something we can achieve overnight.

The digital cybersecurity strategy to be delivered by the Morrison Government needs to not only be impactful, but also built with future governments in mind. In such volatile times, it has never been more important to protect Australians.

Authors: Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University

Read more https://theconversation.com/our-cybersecurity-isnt-just-under-attack-from-foreign-states-there-are-holes-in-the-governments-approach-137403

7 Signs It's Time to Upgrade Your Piston Air Compressor

If you run a workshop, panel shop, or fabrication business anywhere around Perth, you already know what heat and dust do to equipment over a few sum...

How Long Do Bathroom Renovations Melbourne Take? Step-by-Step Process Explained

Planning a bathroom renovation is exciting, but one of the biggest questions homeowners ask is, "How long will it take?" While every project is uniq...

Why Your Skin Breaks Out: The Science of Acne Explained

Acne is the most common skin condition in the world. An estimated 85% of people experience it at some point between the ages of 12 and 24, and a gro...

10 Swimwear Trends Australian Women Are Wearing This Summer

Every Australian summer brings a fresh wave of swimwear trends, but some styles have much greater staying power than others. While fashion constantly ...

Why Regular Skills Updates Are Essential for Licensed Security Officers

A guard at a Brisbane shopping centre gets a call about a shoplifter who's turned aggressive.  They’ve done the job for six years. But their de-...

10 Benefits of Choosing Professional Tutoring Penrith Services

Every student has unique learning strengths, challenges, and academic goals. While classroom teaching provides essential knowledge and structure, so...

Sunshine Coast Baby Classes Prove Big Hit Among First-Time Mums

There's a movement gaining traction on the Sunshine Coast, providing a village of support, socialisation and relief for first-time mothers and babie...

Father's Day Gift Ideas for Men Who Are Hard to Buy For

Some dads are easy to buy for. Others do not want anything, already have everything, or give you the classic "don't worry about me" answer every yea...

Top 5 Mistakes That Wear Out Your Brakes Faster

Brakes don't need frequent replacements like oil changes do.   But a lot of the wear happens quietly, over months, because of habits most drivers...

Plantation Shutters vs Curtains: Which Is Better for Your New Home?

Moving into a new home is an exciting opportunity to personalise your space and make it your own. While many homeowners focus on furniture, flooring...

Celebration of Life vs Traditional Funeral: What's the Difference?

When saying goodbye to someone you love, there is no single way to honour their life. Every family has different traditions, beliefs, and preference...

Building Approval for Roofing Projects: What Homeowners Need to Know

Roofing projects are an important part of maintaining and protecting your home. Whether you're repairing storm damage, replacing an ageing roof, or ...

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...