Feedback from consultation will be used to form a superseding document to the 2016 Cyber Security Strategy.
The federal government intends a revised approach to cover the present cyber threat environment, publishing a discussion paper[ PDF] that is aimed at a better comprehension of the magnitude of the threats experienced by Australian businesses and families.
In April 2016, the Australian government introduced the country’s present cyber security policy and gave the cause AU$230 million.
“Despite powerful advancement against the 2016 targets, the environment for threats has altered considerably and we must adapt this strategy to enhance the safety of businesses and the community,” Home Affairs Minister Peter Dutton said in the foreword of the paper.
“Australia needs to be a world leader in cyber threat detection, avoidance and reaction, meaning that the state and business must cooperate more closely than ever before.”
The approach was said at that moment to protect the nation’s cyber networks against organized criminals and state-sponsored aggressors alongside the AUD400 million for cyber operations given in the Defense White Paper.
The document lists the attempts of the government since 2016 to open the Australian Cyber Security Centre, set up joint Cyber security centers across five capitals, introduced Cyber.gov.au, appointed Cyber Affairs Ambassador to Dr Tobias Feakin, openly assigned cyber incidents to countries, promoted national sector through the Australian Cyber Security Growth.
The Australian Cyber Security Strategy 2020: A call for opinions requested participants to give their opinion on the cyber threat setting and on what threats government should focus.
It asks participants whether they agree with the Government’s knowledge of who manages cyber risk in the economy and whether this is the best way of doing this.
The government also wants to understand if its function should shift to provide Australian companies with higher help in defense against malicious actors, particularly changes that can be made to keep the faith of the Australian community when using their cyber security capacities.
The government is also looking for feedback on the safety protection of cyber products and services that customers should apply, what role the government and industry should play in promoting consumer cyber-security, and how both can boost the safety, quality and efficiency of cybersecurity and digital services in a “sensitive” way;
The discussion document proposes a “confident marketplace” for security-related products and services to be obtained, seeking advice on how to approach building greater confidence in IT supply chains and how cyber security can be integrated with digital offers.
A total of 26 issues have been requested in the discussion document, including examples of best practices in the cyber field; the private networks which should be regarded as “critical structures” that need greater cyber defenses; how should the government develop a financing model around cyber security; and whether there are obstacles presently preventing the development of Australia’s cyber insurance industry.
It also seeks to understand how a hostile environment can be created for malicious cyber players.
The consultation ended on 1 November 2019.
The paper reports that AU$2.3 billion were robbed from Australian customers by cyber criminals in 2017, while in 2017-18 the Australian Cyber Crime Online Reporting Network (ACORN), obtained 53,474 reports and in 2018-19 another 64,528 reports.
964 information infringement notifications were also produced from April 2018 to March 2019, of which 60% were malicious or criminal attacks, according to the Notifiable Data Breaches system.
Info Manual updates
The ACSC published this week updates to the Australian Government Information Security Manual (ISM) that help organizations create a strategic structure for the protection of their devices and data against cyber threats.
The ISM[ PDF] is based on a set of fundamental principles for cyber security: governing, protecting, detecting and reacting.
The ISM also provides 22 cybersecurity guidelines for governance, physical security, personnel security, and IT and security.
“The rules help and empower organizations to define cyber safety hazards and choose adequate safety controls to handle those hazards efficiently,” the government said. “The rules also promote the flexibility of organizations so that they are able to innovate and provide creative, yet safe, internet services to the Australian public.” The updated handbook comes after a 12-month workshop to transition it to a principles-based cybersecurity structure through a compliance data safety handbook.
The state said that it will be updated monthly.