Prime Minister Malcolm Turnbull during a meeting on cyber security at Parliament House in Canberra on Wednesday 31 May 2017. Photo: Andrew Meares In April last year, the federal government released Australia’s Cyber Security Strategy, seeking to enable innovation, growth and prosperity. While not a perfect document (I’d argue ASX100 companies have the bench strength to sort out their own cyber-security issues) and with a focus on national security (I’d argue the attention should be on economic security), it’s a solid effort at placing Australia at the global forefront. Indeed, it’s significantly better than the 2009 attempt.
The online environment is changing rapidly. Whether it’s the way we now use mobile smart devices, interact via social media, consume government services or use ride-sharing apps, many could not predict four years ago the way technology changed how we now work and play. So creating a four-year cyber-security strategy was always going to be difficult to design, let alone implement. The Public Sector Informant: latest issue
We’re now seeing a refreshingly open dialogue from the government on cyber security. The Prime Minster has acknowledged publicly that Australia has the capability to “hack back” against cyber adversaries attacking the nation’s assets and infrastructure – marking a significant change in government posture and communications policy. We also saw a review into the 2016 eCensus, which focused on cyber security becoming a core platform for digital transformation and acknowledged that public confidence in the government’s ability to deliver on public expectations was diminished.
The first annual update of the strategy includes many positive results, scoring actions against actual deliverables. Of course, it’s only year one and, like all service delivery implementation, the results were never going to be lineal; rather, it will be lumpy as stakeholders get used to working with each other and new ideas are tried and tested. Most notably, the conversation has started: in government, businesses and among individuals. Cyber security has become mainstream dialogue.
Unfortunately, some, such as the Australian Strategic Policy Institute, have been overly critical of the results thus far, blaming the design of the strategy, ad hoc government communications, insufficient expectations with industry partners and difficulty in quantifying success. It’s easy to pick holes in the delivery of 33 initiatives at their first gate, but let’s wait until processes fully bed down and cultural change starts permeating across government, business and society.
Protecting Australia’s critical information assets is a journey, not a destination. It will require many more strategies, coordinated by government, but largely led by the private sector – as custodians of our economy. This collaboration will take time; some wins will be quick, some a slow-burn.
The online environment is ever changing. There is a constant discovery of threats and vulnerabilities. However, to get the benefits of digital, we must all play our part to improve the nation’s cyber security.
Adjunct Professor Nigel Phair is director of the Centre for Internet Safety at the University of Canberra. Twitter: @nphair
This story Administrator ready to work first appeared on Nanjing Night Net.