Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Risk & Compliance
System Design & Architecture
Technology & Solutions
The Skills Gap - Training & Development
Threat Landscape
Vulnerabilities

Australia publishes Cyber Security Strategy focused on navigating cyber landscape, releases Action Plan 

November 22, 2023
Australia publishes Cyber Security Strategy focused on navigating cyber landscape, releases Action Plan 

The Australian government released on Wednesday its 2023-2030 Australian Cyber Security Strategy that aims to make the country a global leader in cybersecurity by 2030. It focuses on enhancing cybersecurity, managing cyber risks, and providing better support to citizens and businesses when it comes to navigating the cyber landscape. To implement the measures put forth in the Strategy, an Action Plan has been developed detailing the key initiatives that will commence across government over the next two years.

The strategy introduces six cyber shields, which serve as additional layers of defense against cyber threats. These shields prioritize the protection of Australian citizens and businesses. The six shields include strong businesses and citizens, safe technology, effective threat sharing and blocking, safeguarding critical infrastructure, promoting sovereign capabilities, and fostering a resilient region and global leadership.

The Cyber Security Strategy document represents a significant shift in the perception of cyber security, transforming it from a purely technical matter to a comprehensive national effort. The strategy aims to enhance support for civilians and industries, taking concrete steps to address critical cybersecurity concerns faced by Australian communities and businesses. Additionally, it emphasizes the importance of leveraging the collective strength of the entire nation to combat cyber threats, facilitated by stronger public-private partnerships.

“Over the past 18 months, millions of Australians have been affected by devastating cyber incidents. On average, one cybercrime is reported every 6 minutes, with ransomware alone causing up to $3 billion in damages to the Australian economy every year,” Clare O’Neil, Minister for Home Affairs and Cyber Security, wrote in the nation’s Cyber Security Strategy document. “And, we have good reasons to believe that the threat is going to continue to grow. Artificial intelligence and machine learning will bring new kinds of risk. The Internet of Things will lead to billions of additional devices being connected to the Internet, opening new scope for cyberattack. And, our geopolitical environment is the most challenging we have faced since the Second World War.”

Looking at the document as a game-changer, O’Neil said that Australia is “not only reinforcing our defences. We’re also investing in national cyber resilience, so we can bounce back when we get hit. And we’re fighting back, deploying Australia’s leading cyber capabilities to put malicious actors on notice. We are rallying our international network of cyber guns to help break the business model of ransomware and cybercrime.”

The release of the Cyber Security Strategy document follows the February release of a discussion paper seeking views on how the government can achieve its vision under the 2023-2030 Australian Cyber Security Strategy. The paper called for recommendations as to what it should consider when developing cyber security measures to better protect and enhance collective cyber resilience, both in Australia and in the region. 

Australia is committed to implementing its strategy through three distinct horizons. To realize its vision for 2030, the document recognizes the need for a multi-phased approach and continuous collaboration between the government and industry to enhance its cyber maturity.

In Horizon 1 (2023–25), Australia will strengthen its foundations, address critical gaps in the cyber shields, build better protections for most vulnerable citizens and businesses, and support improved cyber maturity uplift across the region. In Horizon 2 (2026–28), the country will scale cyber maturity across the whole economy and make further investments in the broader cyber ecosystem, continuing to scale up the cyber industry and grow a diverse cyber workforce. In Horizon 3 (2029–30), the Strategy outlined that it will advance the global frontier of cyber security, leading to the development of emerging cyber technologies capable of adapting to new risks and opportunities across the cyber landscape.

The Australian government has released its Action Plan, which complements the Strategy by outlining the initiatives that will be implemented in Horizon 1. The plan is focused on strengthening Australia’s cyber security foundations and addressing critical gaps in the nation’s cyber shields. By fostering deep partnerships between industry and government, the aim is to build strong businesses and citizens. Through collaborative efforts, the Australian government and industry will work together to enhance cyber shields and bolster the nation’s overall cyber resilience.

The Action Plan details immediate actions that it will take as first steps on the journey towards the 2030 vision. It defines clear accountabilities for each initiative, identifying lead and supporting agencies. To ensure that it remains on track, the government will continue to evaluate its progress and adjust the plan in response to new threats or emerging technologies.

On the critical infrastructure cyber shield of the Cyber Security Strategy document, to achieve the 2030 vision, the Australian government will clarify the scope of critical infrastructure regulation by continuing consultation with industry to ensure that its critical infrastructure laws remain fit for purpose. 

Under the initiative, the government will ensure that it is protecting the right entities and assets. It will also work on strengthening cybersecurity obligations and compliance for critical infrastructure by enhancing cybersecurity obligations for systems of national significance, ensuring that critical infrastructure is compliant with cybersecurity obligations, and helping critical infrastructure manage the consequences of cyber incidents. 

The document will also uplift the cybersecurity of the Commonwealth government by strengthening the cyber maturity of government departments and agencies, identifying and protecting critical systems across the government, and uplifting the cyber skills of the Australian Public Service (APS). It also pressure-tests Australia’s critical infrastructure to identify vulnerabilities, where the government will conduct national cyber security exercises across the economy, and build playbooks for incident response

As part of Horizon 1, the government will work with industry “to co-design a suite of landmark legislative reforms that will help us strengthen our cyber shields. This will include options for new cyber obligations, streamlined reporting processes, improved incident response, and better sharing of lessons learned after a cyber incident. This package will be designed with careful consideration to minimise regulatory burden. As we want our laws to reflect expert advice and consider the needs of all Australians, we are kicking off a targeted co-design process before these changes are made,” the Strategy document outlined.

Alongside the Strategy and Action Plan, the Australian government will shortly release a Consultation Paper to work directly with industry to inform proposed legislative reform on new initiatives to address gaps in existing laws; and amendments to the Security of Critical Infrastructure Act 2018 to strengthen protections for critical infrastructure.

This consultation is a clear step towards the Australian Government’s commitment to shepherding a new era of genuine public-private co-leadership to enhance Australia’s cyber security and resilience. The consultation period will run until March 2024.

Last week, the Australian Signals Directorate (ASD) through its Australian Cyber Security Centre (ASCS) published a cyber threat report that provides an overview of cyber threats affecting Australia, how ASD is responding, and advice on how organizations can better protect themselves. 

Across the reporting period, ASD responded to over 1,100 cybersecurity incidents from Australian entities. Ransomware comprised over 10 percent of all incidents similar to the previous financial year. Separately, nearly 94,000 reports were made to law enforcement through ReportCyber – around one every six minutes.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation