Government progress on cybersecurity in Australia

Share on twitter
Share on linkedin
Share on facebook

Earlier this year, the Government’s cyber security advisor, Alastair MacGibbon, described a “prevailing ‘tick box’ compliance culture” for federal government agencies when it comes to cyber security.

Furthermore, in a report released in May the Australian Strategic Policy Institute (ASPI) recommended various areas where the Government needs to improve its approach to cyber security, particularly, in adapting and implementing the ‘National Cybersecurity Strategy 2016-2021’.

In more positive news, on July 6, the International Telecommunications Union (ITU), released its ‘Global Cybersecurity Index’, where Australia was ranked a top ten nation for its commitment to cyber security.

Cyber Security

By Dr. Drew Donnelly, Compliance Quarter

In a range of articles recently we have looked at technological developments which call for strong cyber security compliance requirements, including the Productivity Commission’s proposed data-sharing regime and developments in financial technology. Therefore, it is useful to explore the Government’s progress on cyber security. Today we look at the assessments of the ITU and ASPI on Australian cyber security and some areas that have been identified for ongoing improvement.

The Global Cybersecurity Index

The Global Cybersecurity Index (the index) measures the commitment of member states to cyber security. To make this assessment, it employs five ‘pillars’ representing features of a nation that are conducive to cyber security:

  1. Legal: legal frameworks and institutions for cyber security
  2. Technical: the presence of technical frameworks and institutions for cyber security
  3. Organisational: policy coordination institutions and strategies at national level
  4. Capacity-building: Research and development, education and training programmes etc aimed at fostering capacity building
  5. Cooperation: the presence of partnerships, cooperative frameworks and information sharing networks.

As well as its overall placing as 7th best in the world, Australia was ranked third in the Asia-Pacific region, behind Singapore and Malaysia. In particular, the index recognised Australian success in the technical arena. The certification programme for information security skills was singled out as an area of particular strength. The only pillar that Australia did not rank highly in was cooperation.

When the Government released its strategy last year it recognised the importance of improving in this area, claiming “Only Government can drive cooperation across the public and private sectors and ensure information is shared between the two.”

The ASPI review

ASPI recently reviewed the Government’s strategy and implementation progress to date. In light of their review they came up with several recommendations, including:

  • Adaptation of the strategy based on outcomes. ASPI pointed out that the Government has focused on assessing the actions it has taken to improve cyber security, rather than in assessing concrete outcomes, and adapting strategy accordingly.
  • Fixing the dispersed leadership of cyber security policy reforms across various government departments. This reinforces the assessment made by the ITU.
  • Better support for small-to-medium sized enterprises when it comes to cyber security awareness.


While the index aimed to measure cyber security commitment, it clearly emphasised the presence of certain frameworks and institutions being present in a country, rather than actual cyber security outcomes. The ASPI report also suggests that, one year into the Cybersecurity strategy, the emphasis is still on Government outputs, rather than outcomes.

Of course, the Government’s strategy is only one-year old, and many proposed reforms (such as the proposed data-sharing regime) are in their very early stages, so it is likely there will be more concrete process over the next couple of years.

Read the Index report here or the ASPI report here.

More to explorer

Frozen planet Earth climate change concept

Getting Serious: The Peak Demand Reduction Scheme

The First PDR Initiatives:
– There will be incentives (rebates) for households to purchase and install energy efficient air conditioners (rebates for businesses ACs have been available for some time via other schemes);
– Businesses with EV fleets will be able to export power from their parked vehicles back in to the grid at peak times.

The two initiatives above were cited as examples in the press release on 28 September 2021. There is very little information available as to what other initiatives will be forthcoming.

When there is a lot of energy

Alinta Energy improves systems and waives more than $1 million in customer debt following an AER investigation.

On 8 October 2021, the Australian Energy Regulator (AER) announced that, in response to an investigation, Alinta Energy have substantially improved its systems and was waiving more than $1 million in energy debt owed by more than 400 of its customers.  The outcome arose as a result of an investigation carried out by the AER into alleged non-compliance with Alinta Energy’s obligations with respect to vulnerable customers and its hardship program. The AER was concerned that during the period September 2019

Leave a Reply

Your email address will not be published. Required fields are marked *