Government progress on cybersecurity in Australia

Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on facebook
Facebook

Earlier this year, the Government’s cyber security advisor, Alastair MacGibbon, described a “prevailing ‘tick box’ compliance culture” for federal government agencies when it comes to cyber security.

Furthermore, in a report released in May the Australian Strategic Policy Institute (ASPI) recommended various areas where the Government needs to improve its approach to cyber security, particularly, in adapting and implementing the ‘National Cybersecurity Strategy 2016-2021’.

In more positive news, on July 6, the International Telecommunications Union (ITU), released its ‘Global Cybersecurity Index’, where Australia was ranked a top ten nation for its commitment to cyber security.

Cyber Security

By Dr. Drew Donnelly, Compliance Quarter

In a range of articles recently we have looked at technological developments which call for strong cyber security compliance requirements, including the Productivity Commission’s proposed data-sharing regime and developments in financial technology. Therefore, it is useful to explore the Government’s progress on cyber security. Today we look at the assessments of the ITU and ASPI on Australian cyber security and some areas that have been identified for ongoing improvement.

The Global Cybersecurity Index

The Global Cybersecurity Index (the index) measures the commitment of member states to cyber security. To make this assessment, it employs five ‘pillars’ representing features of a nation that are conducive to cyber security:

  1. Legal: legal frameworks and institutions for cyber security
  2. Technical: the presence of technical frameworks and institutions for cyber security
  3. Organisational: policy coordination institutions and strategies at national level
  4. Capacity-building: Research and development, education and training programmes etc aimed at fostering capacity building
  5. Cooperation: the presence of partnerships, cooperative frameworks and information sharing networks.

As well as its overall placing as 7th best in the world, Australia was ranked third in the Asia-Pacific region, behind Singapore and Malaysia. In particular, the index recognised Australian success in the technical arena. The certification programme for information security skills was singled out as an area of particular strength. The only pillar that Australia did not rank highly in was cooperation.

When the Government released its strategy last year it recognised the importance of improving in this area, claiming “Only Government can drive cooperation across the public and private sectors and ensure information is shared between the two.”

The ASPI review

ASPI recently reviewed the Government’s strategy and implementation progress to date. In light of their review they came up with several recommendations, including:

  • Adaptation of the strategy based on outcomes. ASPI pointed out that the Government has focused on assessing the actions it has taken to improve cyber security, rather than in assessing concrete outcomes, and adapting strategy accordingly.
  • Fixing the dispersed leadership of cyber security policy reforms across various government departments. This reinforces the assessment made by the ITU.
  • Better support for small-to-medium sized enterprises when it comes to cyber security awareness.

Conclusion

While the index aimed to measure cyber security commitment, it clearly emphasised the presence of certain frameworks and institutions being present in a country, rather than actual cyber security outcomes. The ASPI report also suggests that, one year into the Cybersecurity strategy, the emphasis is still on Government outputs, rather than outcomes.

Of course, the Government’s strategy is only one-year old, and many proposed reforms (such as the proposed data-sharing regime) are in their very early stages, so it is likely there will be more concrete process over the next couple of years.

Read the Index report here or the ASPI report here.

More to explorer

Technicians installing photovoltaic solar panels on roof of house.

Compliance Quarter’s Submission to the AER’s Review of the Compliance Procedures and Guidelines

On 11 April 2024, Compliance Quarter put forward its submission on proposed changes to the AER Compliance Procedures and Guidelines. The AER is reviewing its Compliance procedures and guidelines, which set out the manner and form in which energy businesses in jurisdictions that have adopted the National Energy Retail Law must submit compliance information and data to the AER. We argue that there should be consideration of measures to incentivise early reporting of potential breaches. These may, for example, take the

person wearing foo dog costume

Obligations of Energy Retailers Regarding Best Offer Information

Energy retailers in Victoria have specific obligations under the Energy Retail Code of Practice to provide clear information to customers about their ‘best offer’ – that is, the plan that would minimize the customer‘s energy costs based on their usage history. The objective is to ensure small customers can easily understand whether they are on the retailer‘s best plan for them and how to access the retailer‘s best offer if not. One of the significant challenges in the energy sector (as in banking and elsewhere) is that customers

low angle photo of sydney opera house australia

Guide to the National Energy Retail Rules

The National Energy Retail Rules (NERR) are a set of rules that govern the sale and supply of electricity and gas by retailers to consumers in Australia, alongside the related National Energy Retail Law (NERL). The NERR came into effect on 1 July 2012 in Tasmania, the Australian Capital Territory, and the Commonwealth. South Australia followed on 1 February 2013, New South Wales on 1 July 2013, and Queensland on 1 July 2015. The NERR do not yet apply in

Leave a Reply

Your email address will not be published. Required fields are marked *