On the 27th of February, the Australian government convened a cybersecurity roundtable to make Australia the most cyber-secure country by 2030. Members from the public service, and intelligence agencies, along with experts from business and industry, were in attendance to share their expertise and experience in the field. Ideas discussed included encouraging best practice cyber-behaviours, increasing Australia’s cyber security sector in general, and raising awareness of cybersecurity issues on a national scale.
The roundtable released a public discussion paper that will inform the development of the Australian government’s 2023-2030 cybersecurity strategy. At the same time, the Australian government announced it will be establishing a Coordinator for Cyber Security, in conjunction with a National Office for Cyber Security, which will be located within the Department of Home Affairs. The goal of this is to ensure that a centrally coordinated approach is adopted to deliver the government’s cybersecurity strategies, and it is noted the United States created a similar department – the US Office of the National Cyber Director – in 2021.
Additionally, it has been reported that the Australian Signals Directorate (ASD) may be given the authority to take over the IT systems of every company in Australia, under proposed reforms following recent high-profile security breaches.
The government is considering expanding the Security of Critical Infrastructure Act to include businesses and organisations, and their data and their systems, through a widening of the definition of critical assets. While such a move would increase the government’s ability to react to future online threats, any changes would be highly controversial, as many Australians feel that it is an overreach and an invasion of personal privacy.
The ASD is one of the country’s most powerful intelligence agencies, and the proposed changes would increase their capacity to intervene when significant events involving critical assets occur, such as the recent Optus and Medibank breaches.
Cybercrime is estimated to cost the Australian economy about $42 billion a year, and during 2021, approximately 67,500 cybercrimes were reported in Australia, though it is estimated that this number is only about 20% of the actual amount of online crime that took place during that time, and with the costs and the risks associated with cybercrime expected to increase, the Australian government and its people have a pressing need to address this matter.