After a year of leaks, hacks, and private information being held to ransom, the Australian government has announced it is going to “revamp” national cyber security as one of its “fundamental priorities.”
Prime Minister Anthony Albanese has said that he will set up a whole new government department, within the Department for Home Affairs, dedicated to the fight against cyber attacks and scams run by foreign agencies and criminal gangs.
It’s designed to overhaul a 10-year national cyber security strategy established under the Morrison government which Labor targeted for review soon after taking over.
Albanese has been meeting with business, security, and technology leaders in Sydney on Monday where they launched the new strategy that aims to make Australia the world’s most digitally secure nation by 2023.
“As it stands, government policies and regulations, business sectors systems and measures, and our general awareness of capacity as a nation are simply not at the level that we need them to be,” he said.
“This is really fast-moving. It’s a rapidly evolving threat and for too many years Australia has been off the pace. Our government is determined to change that.”
The PM has called on industry leaders to help develop a plan to protect Australians at “every level.” A 25-page discussion paper has been released that seeks input from the public on how things can be improved as hacks, scams, and other issues increase in the digital sector.
The Australian Cyber Security Centre last year reported that there had been significant recent increases in cybercrime, which is now thought to cost the country more than $33 billion annually.
Experts have welcomed the announcement but have said that they’ll wait to see what the policies are and how they are going to be enforced before passing judgment.
Nigel Phair, a Professor of Cybersecurity at Monash University, told The Latch that we “could have a great swath of laws that come in next Monday morning, but if the policing jurisdictions aren’t going to internally resource it and take it seriously, it just isn’t going to work.”
“It might be a lawyer’s wet dream but the rubber’s got to hit the road somewhere,” he added.
Former Telstra chief executive Andy Penn, who led the meeting on Monday, has said he was pleased with the sentiment in the room, and that there “couldn’t be a more important time to be escalating this debate in the nation’s narrative.”
The discussion paper will be sourcing input until mid-April and the full cyber security strategy is set to be implemented by the end of the year. While we’re a little light on details at the moment, there seems to be a consensus that Australia is now taking seriously something that has previously been neglected.
“The problem with the previous strategy is that it had a big headline figure but all the money was going to defence. I’m not saying they shouldn’t have that money, quite the opposite, but there was no money elsewhere,” Phair said.
“The previous government just wasn’t taking it seriously. The current government has got a cabinet-level minister who’s got the responsibility, and I think that’s a really good start.”
However, as Phair warns, without proper enforcement of the rules, even the most stringent rules are not going to work. Last year, after the Medibank and Optus data breaches, the government increased the fines for companies who do not deal responsibly with individual data from $2 million to $50 million. Yet no company, to date, has been hit with these higher sanctions.
In addition, one of the biggest hurdles is going to be getting corporations and governments at all levels to work collaboratively with each other to report, monitor, and ensure best practice policies.
As Elliot Dellys, the founder of cyber security firm Phronesis has said, governments need to be more involved in helping organisations boost their digital security.
“The government’s heart is in the right place but this needs to be the beginning of a cultural shift, not just another regulatory hoop for organisations to jump through without the support and resourcing required to make it effective,” he has said.
Aside from the serious amount of money that Aussies lose each year to online scams, the threat of being blackmailed with personal data breaches, and the invasion of privacy that comes with being preyed upon by criminals, Phair said that if we don’t get this right, Australian’s may end up limiting their use of technology.
“The worst possible outcome is consumers not wanting to interact with organisations or government because they don’t have the confidence to do so,” he said.
“Whereas, the reality is that the best productivity we’re going to get in society is through the use of technology.”
Phair notes that cyber security is essentially an arms race “that’s just not going to end.” With criminals and foreign agents getting smarter and technological advances making it easier to steal data, regulation and oversight has to constantly be updated. This latest step, with the involvement of both industry and a new government department, could see Australia take one step ahead in this fight.