Australia’s cybersecurity strategy, launched in 2016 by former Prime Minister Malcolm Turnbull, is in need of a stronger public-private partnership to deliver on its action plan items to improve security for business. This is evidenced by the lack of full implantation of the strategy’s five core action items, lack of meaningful investment, and allocation of needed human resources necessary for the strategy’s success.
These lessons of past failure are a stepping stone for what needs to be done going forward for Australian businesses, of which small and medium-size companies comprise nearly 95 percent of the country’s business landscape according to the Small and Medium-Sized Enterprise Association of Australia (SMEA). These businesses are particularly vulnerable to cyber attacks and unwanted intrusions by outside individuals and groups deploying spyware, ransomware, and any other forms of malware designed to disrupt commerce.
It is therefore incumbent for the government, in partnership with the private business sector, and public citizens to look at ways to fully implement the recommendations of Australia’s 2016 cybersecurity strategy. Attacks that have taken place across the globe, including against the most recent U.S. Presidential election and a breach of the Australian Red Cross Blood Service’s data bring to the forefront the importance of acting with due speed to put in place a framework to prevent Australia from falling victim to the effects of an impending cyber attack.
The Action Plan Items
The five action items included in the report are:
Each of these action items was set forth as broad goal statements but without specifics or identifiable targets for implementation. For the cybersecurity strategy to result in meaningful outcomes for the country, and, in particular, for business in Australia, the group devising the policy must come together to better define the action plan items outlined in the strategy and put in place measurable goals and targets.
Accomplishing the spirit of the plan also requires a serious investment in technology by the Australian government. A technology assessment performed by management consulting group Deloitte entitled “What’s over the horizon?: Recognising opportunity in uncertainty,” in its Building the Lucky Country series (#6) outlines the steps that businesses need to take to cross the digital divide. This includes becoming less risk-averse and investing in increased cyber capability, through education, better security measures, and resiliency in the face of attacks when they occur.
Issues with Implementation
Various problems have occurred on the way to implementation of the country’s cybersecurity strategy. One of the most significant failings pointed out by the Australian Strategic Policy Institute (ASPI), an independent think tank providing expertise and advice on issues regarding defence, Australian national security, and cyber, is the lack of any plan for delivering on the actions items coupled with the nonexistence of a methodology for moving the strategy forward.
Funding is an issue that is easy to fix, provided that the government understands the importance of adequately supporting their desire to protect businesses and the public (as well as government institutions and other related organisations) from potential cybercrimes. Education and public awareness are also equally important and vital to the full implementation of Australia’s cybersecurity strategy.
A Commitment to Deliver
As former Prime Minister Turnbull stated as a prelude to setting forth the cybersecurity strategy, “A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online.” The strategy is a recognition of the increasing attacks on the country’s cyber framework and the risks these attacks pose to the economy. The financial impact of open threats to Australia’s digital network also takes an emotional toll on consumers, who lose trust and confidence in the ability of institutions, both public and private, to protect their privacy and process their business in an orderly and efficient manner.
The evaluations of the country’s implementation of its cybersecurity strategy by organisations such as ASPI paint a bleak outlook as to actions taken to date to fully realise the goals of the plan. These evaluations also serve to remind business and government officials that the commitment to deliver on the promise of securing the country’s digital network begins with measurable actions that must include risk-taking, evaluation, adjustment, and forward-thinking progress.