Share this article on:
The long-awaited 2023–2030 Australian Cyber Security Strategy is due to be released today (22 November), almost a full year after it was announced.
The Albanese government has dedicated $587 million to fund the strategy, which aims to make Australia the “world’s most cyber secure nation by 2030”, according to Minister for Home Affairs and Cyber Security Clare O’Neil.
The new strategy will “outline the government’s long-term vision for the future of Australian cyber security and the concrete steps required to get there”.
Prior to today’s announcement, here is what to expect from the 2023–2030 Australian Cyber Security Strategy.
Developing a ‘ransomware playbook’
The government has promised to develop what it calls a “ransomware playbook”, as a way of guiding breached organisations through a cyber attack, including the steps needed to prepare for a cyber attack and mitigate damage, as well as how to respond once threat actors have hit.
‘No-fault’ reporting and investigation
The Department of Home Affairs announced this week that it would be appointing a new Cyber Incident Review Board, which would conduct “no-fault” investigations into breached organisations.
These investigations are not designed to call out or prosecute affected agencies or businesses but rather to collect information as part of developing a better understanding of how threat actors work and forming plans to better defend against future attacks.
For this, new legislation will limit the amount of information accessible by other government entities after it is shared with the national cyber security coordinator and the Australian Signals Directorate.
“We need to capture lessons learned from cyber attacks so that we can strengthen our national defences and stay ahead of the threat,” said Minister O’Neil.
This comes after Deputy Prime Minister and Minister for Defence Richard Marles last week alluded to the government potentially establishing a “legal safe harbour” for breached organisations in an effort to encourage them to come forward and inform cyber agencies and watchdogs of a cyber incident swiftly.
Advancing the Digital ID program
The Albanese government hopes to bolster personal ID verification by expanding the nation’s Digital ID program, limiting the amount of sensitive information individuals need to share.
It is currently unknown how the government expects to do this, just that it would lead to the Australian people needing to share less personal information with businesses and organisations to verify their identity.
Addressing the cyber skills gap
The industry was rocked by the growth in cyber crime, leaving cyber firms understaffed and overworked. This also pushed some cyber workers to leave in pursuit of other fields due to heavy burnout.
In an effort to fill the gap in cyber skills, the government has announced plans to attract skilled migrants to grow the workforce.
The government also announced plans to increase collaboration with international partners to deter threat actors by imposing sanctions publicly on those who are behind the attacks.
Classifying telcos as critical infrastructure
Spurred on by the Optus outage earlier this month, alongside the major cyber attack it suffered last year, the government has announced plans to include telecommunication companies under the Security of Critical Infrastructure Act (SOCI), which lays out the framework that critical infrastructure operators are required to follow to ensure risks relating to data theft, foreign interference and national security are managed.
“We are setting tough new laws for our telecommunications companies to make sure that these companies are properly protecting the cyber security of Australian citizens and their data,” said Minister O’Neil.
And more...
The government also wants to be able to tell breached organisations how to act directly in the event of a national cyber crisis, with specific instructions on how to respond to a hack.
Furthermore, there are also plans to establish a voluntary scheme for smart device manufacturers to test how cyber safe their products are.
The $587 million spend is additional to the $2.3 billion that the government already spends on cyber security every year, which the Albanese government has promised to continue.