Governments, businesses and the research community together advance Australia’s cyber security.

To achieve our goal, the Government will:

  • host annual cyber security leaders’ meetings, where the Prime Minister and business leaders set the strategic cyber security agenda and drive this Strategy’s implementation.
  • streamline its cyber security governance and structures to improve interaction between the private and public sectors and will relocate the Australian Cyber Security Centre to allow for its growth and to enable the Government and the private sector to work more effectively together.
  • work with the private sector and academic community to better understand the cost of malicious cyber activity to the Australian economy and measure the effectiveness of cyber security investment.

National co-leadership and cross-sectoral partnerships are essential for strong cyber security.

Cyber security needs to be driven from the top. Economic and national security imperatives mean that cyber security is a strategic issue for leaders—Ministers, senior executives and boards—not just for ICT and security staff. More strategic discussions between public and private sector leaders will focus on practical outcomes and elevate cyber security, both as a business risk and as a strategic opportunity rather than just as an operational matter.

Government and business leaders can do more to raise cyber security’s prominence within their organisations, teams and peer groups. Including cyber security as a priority for corporate boards and international leaders will demonstrate that cyber security is a strategic priority for Australia.

Actions so far

  • The national Computer Emergency Response Team (CERT) Australia partners with over 500 businesses and advises on cyber security threats to the owners and operators of Australia’s critical infrastructure. CERT Australia also works directly with other computer emergency response teams around the world. As part of their partnership arrangements, CERT Australia regularly convenes National and Regional Information Exchanges with businesses.
  • The Cyber Security Challenge Australia is an annual cyber security competition for Australian tertiary students run by an alliance comprising Australian Government, business, academic and research professionals who are committed to supporting the next generation of Australian cyber security talent. The competition runs over 24-hours and tests the technical and communications skills of participants while promoting cyber security careers.
  • Australian businesses and our research community are partnering to improve cyber security information sharing and innovation. Boards are increasingly considering cyber security issues. Some businesses share their data on malicious software with the Government while others are investing in research and development in cyber security technologies.

We are all responsible for our own activities in cyberspace, including being aware of the risks and how to protect ourselves and those who we are connected to.

More senior leaders of Australian organisations need to better understand cyber risk. Strengthened cyber security partnerships across the public and private sectors will give us a competitive advantage and increase Australia’s potential as a modern, connected and innovative economy.

Under this Strategy, Government and business leaders will co-design national cyber security initiatives, including the Prime Minister holding annual Cyber Security meetings with business leaders. The meetings will bring together leaders from many sectors of the Australian economy to discuss how Government and business can collaborate to strengthen our economy and national security by building greater resilience to cyber security threats.

It is vital the public and private sectors work together to ensure individual and collective security, across the spectrum of cyber security challenges and opportunities that Australia faces.

Clear roles and responsibilities

Organisations need easy and consistent interfaces with Government agencies on cyber security. A new streamlined Government cyber security structure will bring together disparate elements of both the policy and operational areas.

The Prime Minister will be supported by a Minister Assisting the Prime Minister for cyber security to lead the Government’s work with business leaders to implement the initiatives.

In addition to the appointment of a Minister Assisting the Prime Minister on cyber security, the nation’s cyber security governance will have three coordinated, strategic level pillars.

Government’s Cyber Security Architecture

First, the Department of the Prime Minister and Cabinet will strengthen its current lead role on cyber security policy and be the central point for policy issues to ensure a simplified Government policy interface for stakeholders. The Department will provide integrated oversight of the Government’s cyber security policy and implementation of this Strategy. It will also prioritise the Government’s activities against the Strategy’s national cyber security objectives.

Leadership and advocacy of this work will be driven by a new position in the Department, the Prime Minister’s Special Adviser on Cyber Security. The Special Adviser will lead the development of cyber security strategy and policy, provide clear objectives and priorities to operational agencies and oversee agencies’ implementation of those priorities. The Special Adviser will also ensure the Government is partnering effectively with Australian governments, the private sector, non governmental organisations, the research community and international partners.

Second, the Australian Cyber Security Centre (ACSC), better guided by whole of nation cyber security priorities, will continue to bring together the Government’s operational cyber security capabilities and build on its world renowned cyber expertise to support a broader range of organisations at the operational level. In addition, ACSC outreach will be further improved and streamlined to make it easier for the private sector to interact. Recognising that Defence, in particular the Australian Signals Directorate, does much of the heavy lifting for the Government’s role in defending Australia against malicious cyber activity, it will continue to lead the ACSC.

The ACSC will move to a new location. This will enable a more integrated partnership between the Government and its operational stakeholders, including businesses, the research and academic community and foreign partners collaborating with the ACSC.

Relocation may improve the ability of relevant ACSC agencies to quickly recruit new people and offer more flexible arrangements to continue to attract and retain a highly skilled workforce. It will enable the ACSC to accommodate new staff recruited as a result of the Strategy’s implementation.

Third, the Minister for Foreign Affairs will appoint a Cyber Ambassador to lead Australia’s international cyber effort. The Ambassador, working closely with and guided by the work of the Special Adviser on Cyber Security, will advocate for an open, free and secure internet based on our values of free speech, privacy and the rule of law. This role will include ensuring Australia has a coordinated approach to cyber capacity building in our region, continuing to advocate against state censorship of the internet and promoting our view that the opportunities provided by the internet should be available to all people.

Better understanding of costs and benefits

Statistical data on the national impact of cyber security compromises will enable Australian businesses and governments to make informed decisions when managing cyber risks. Data collection measures will help Australian governments and the private sector alike to make evidence based investment decisions that address the reality of cyber security threats to Australia’s economy and security.

To help organisations better understand the impacts of malicious cyber activities, the Government will also sponsor research to better understand the cost of malicious cyber activity to the Australian economy.

Cyber security cannot be left to the Government alone to solve. Organisations and individuals play an essential role in effectively reducing cyber security risk.

Mike Burgess, Chief Information Security Officer, Telstra and member of the Cyber Security Review’s Independent Panel of Experts Read more