The Albanese government today (22 November) released the 2023–2030 Australian Cyber Security Strategy action plan, detailing how Australia will achieve the ambitious target of becoming the world’s most cyber-secure country.
The plan is divided into three key “horizons”, which together span the seven-year period between 2023 and 2030.
Horizon 1 – “Strengthen our foundations” is the first stage of the strategy and is the only phase explicitly detailed in the action plan. It will run from 2023 to 2025.
During this period, the government has said it will “address critical gaps in our cyber shields, build better protections for our most vulnerable citizens and businesses, and support initial cyber maturity uplift across our region”.
This will be followed by Horizon 2 – “Expand our reach” from 2026 to 2028 and Horizon 3 – “Lead the frontier” from 2029 to 2030.
Within the action plan for Horizon 1, there are six core “shields” that form the initial goals of the Albanese government.
Shield 1 – Strong businesses and citizens: The first shield will see the government strengthen the cyber capabilities of organisations and the Australian people by introducing ways in which individuals and organisations can strengthen their cyber stance and defend themselves.
As previously announced, this will involve offering organisations free cyber health checks and working with industry to enable them to better deal with ransomware attacks.
Shield 2 – Safe technology: Fundamentally, Australians need to ensure that the technology they are using, and the way people use it, is trustworthy and safe.
As part of the second shield, the government will adopt “international security standards for consumer-grade smart devices” and contribute to a voluntary cyber code of practice for developers, encouraging them to create products that are cyber secure.
It will also explore the safe use of new technologies, such as AI, introducing regulatory frameworks that govern its safe use and development within Australia.
Shield 3 – World-class threat sharing and blocking: The government is encouraging collaboration between Australian organisations, introducing platforms in which they can share threat information.
A goal of the government is to create a whole-of-economy threat intelligence network, which would allow information to be shared between businesses, including machine-to-machine communication, at an accelerated rate.
In addition, the government wishes to work with industry professionals to establish “next-generation threat-blocking capabilities across Australian networks” and then provide incentives for organisations that adopt threat-blocking methods, with a focus on high-profile entities such as telcos, ISPs and financial institutions.
Shield 4 – Protected critical infrastructure: Minister for Home Affairs and Cyber Security Clare O’Neil has previously warned of a “dystopian future” in which threat actors are able to hold entire digitally connected cities to ransom through attacks on critical infrastructure providers, taking down power or water suppliers or hitting healthcare or emergency services.
With that, the government has announced moves to better secure critical infrastructure by redefining certain industries and strengthening the security obligations of critical infrastructure operators. It will also strengthen government security and pressure test the nation’s critical infrastructure to ensure it remains secure.
Shield 5 – Sovereign capabilities: The cyber skills gap is a key issue limiting the nation’s cyber capabilities. Cyber experts are overworked, and agencies are understaffed, meaning responses to the large number of cyber attacks launched at Australian organisations every day are slower and more rushed.
Filling this gap is a key tenant of the government’s Horizon 1 objectives, announcing that it plans to bolster the workforce by attracting skilled migrants from around the world. It also hopes to accelerate the development of cyber start-ups and small businesses with funding to address unique issues with innovative solutions.
Monash University’s Professor Nigel Phair of the Department of Software Systems and Cyber Security, faculty of Information Technology, has said that the local higher education sector will also be critical to the development of a skilled cyber workforce.
“The strategy highlights the need for a skilled workforce to solve the cyber security problems of the future,” he said.
“The higher education sector is well placed and stands ready to support the government in this aim.
“Partnerships between academia, business and government will be critical to meeting the goals of the strategy. A joined-up approach where all three sectors work together is efficient and effective.”
Shield 6 – Resilient region and global leadership: The final shield will see the government improve its international collaboration and develop international relations with other national cyber agencies, particularly in the Pacific and Southeast Asia.
It also plans to support international standards for transparent and responsible technological development and says it will uphold international legislation regarding the state of cyber security.
“The strategy is bold and ambitious – and it has to be,” said Minister O’Neil.
“Because one thing is abundantly clear from what’s happened to our cyber environment in the last five years: we simply can’t continue as we are.
“We need to push harder; we need to get in front of this problem, and for the first time, Australia’s Cyber Security Strategy will help our country do just that.”