Australia is stepping into a new era of cyber security with its ambitious 2023-2030 Cyber Security Strategy. In collaboration with the Executive Cyber Council, this comprehensive plan lays out a roadmap over the next seven years that will enhance the country’s resilience against cyber threats, protect businesses and citizens, and boost Australia’s position as a global leader in cyber security.
Understanding the Strategic Context
The Strategy emerges against rapid technological advancements in recent years. Artificial Intelligence (AI), quantum computing, and machine learning are not just reshaping the technological sphere; but are becoming increasingly interlaced with every aspect of our lives. From connecting with family and friends to assisting with work, entertainment, and streaming services, technology has made our lives far more convenient while simultaneously leafing to more cyber threats such as crime, espionage, and misinformation.
Recent high-profile cybersecurity incidents in Australia, including the Optus and Medibank data breaches late last year, demonstrate the severity of cyber threats and attacks. The Australian Cyber Security Centre’s report also highlighted that cyber incidents occurred every seven minutes in the 2021-2022 period, hence the need for a robust and proactive strategy to combat and prepare for such challenges.
(Source: ABC)
Strategic Objectives
The strategy is in line with Australia’s vision of rising as a global and regional leader in the APAC. Taking on a cybersecurity angle, the document acknowledges the increasing complexity and frequency of cyber attacks, stressing the urgency to protect both sensitive data and vulnerable communities. The document pushes for:
-
Legislative Reforms and Initiatives
-
Implementation of the Strategy in three phases (also called Horizons); and
-
Addressing gaps in six key areas that require cyber ‘shields’
Legislative Reforms and Initiatives
Ransomware Reporting Obligation
To provide the Government with better visibility of ransomware threats, the Strategy urges for a Ransomware Reporting Obligation. This will be a no-fault, no-liability ransomware reporting tool to help facilitate more effective management and response strategies to cyber threats and attacks.
Data Retention Requirements
The Strategy proposes amendments to data retention requirements, especially regarding non-personal data. This move addresses the challenges and risks associated with entities that hold large volumes of data for extended periods.
Amendments to the Security of Critical Infrastructure Act (SOCI Act)
Amendments to the SOCI Act are also suggested, which would increase the Government’s powers in response to perceived inadequacies. These amendments include imposing tougher cyber reporting requirements on telecommunication companies and enhancing the cyber security obligations of entities involved in critical infrastructure.
Cyber Security Standard for Smart Devices
The Strategy introduces a mandatory cyber security standard for Internet of Things (IoT) devices and a voluntary labelling scheme for consumer-grade smart devices. This is accompanied by a voluntary code of practice for app stores and app developers to uplift cyber security in software development.
(Source: Twitter)
The Three Horizons
The new Cyber Security Strategy will be implemented in three parts over a seven-year period.
Horizon 1 (2023-2025) focuses on strengthening Australia’s cyber foundations, addressing all gaps, and building stronger protection for vulnerable communities.
Horizon 2 (2026-2028) will see cybersecurity scaled across the economy, with the Government investing in the cyber ecosystem and cultivating a diverse cyber workforce.
Finally, Horizon 3 (2029-2030) envisions Australia advancing to the forefront of global and regional cybersecurity, leading the way in the development of emerging cyber technologies that can adapt to new risks and opportunities across the cyber landscape.
The Six ‘Shields’
Australia’s Cyber Security Strategy for 2023-2030 is centred on the development of six ‘cyber shields’, forming a multi-layered approach to cyber defence. These are:
- Strong Businesses and citizens
- Safe technology
- World-class threat sharing and blocking
- Protected critical infrastructure
- Sovereign capabilities
- Resilient region and global leadership
Strong Businesses and Citizens
This shield aims to strengthen the cyber defences of businesses (especially small and medium-sized), ensuring digital resilience against cyber threats. Initiatives to support this objective include:
-
Fortify cyber security for small and medium businesses.
-
Equip Australians with tools to counter cyber threats.
-
Disrupt and deter cyber attackers targeting Australia.
-
Collaborate with industries to dismantle ransomware models.
-
Offer clear cyber security guidelines for businesses.
-
Simplify access to support and advice post-cyber incidents.
-
Strengthen identity protection and support for identity theft victims.
Safe Technology
This concentrates on making our technology products and services more secure, especially for vulnerable communities, by enacting legislative actions and standards through:
-
Establishing trust in digital products and software.
-
Safeguarding critical data.
-
Encouraging the secure usage of emerging technologies
World-class Threat Sharing and Blocking
This involves developing a comprehensive threat intelligence network that can alert individuals and businesses. Australia’s Government hopes to enhance these threat-blocking capabilities by:
-
Developing a whole-of-economy threat intelligence network.
-
Expanding threat-blocking capabilities to preempt cyber attacks.
Protected Critical Infrastructure
This focuses on reinforcing the security of essential services and infrastructure through legislative reforms to the SOCI Act. Flagged industries include:
-
Communications
-
Data storage or processing
-
Defence industry
-
Transport
-
Health and medical
-
Financial services and markets
-
Higher education and research
-
Water and sewerage
-
Food and grocery
-
Space technology; and
-
Energy
Initiatives to be taken under this shield are:
-
Defining the scope of critical infrastructure regulations.
-
Heightening cyber security responsibilities and compliance for critical infrastructure.
-
Enhancing cyber security within the federal government.
-
Conducting stress tests on critical infrastructure to identify and address vulnerabilities.
Sovereign Capabilities
The government aims to address any skill gaps within Australia and develop and diversify the cyber workforce to foster a robust cybersecurity sector. Efforts include:
-
Expanding and professionalising the national cyber workforce
-
Accelerating the growth of the local cyber industry, research and innovation.
Resilient Regional and Global Leadership
The final shield concentrates on enhancing cyber resilience in the APAC region and maintaining high standards in international cyber law. This is where:
-
Australia will be positioned as a resilient and preferred global partner in the region
-
Australia will uphold, shape and defend global cyber rules, norms and standards
The Role of VPNs
While the Government prepares to execute this strategy, we must take the initiative in staying well protected from cyber threats and attacks.
Arresti VPN emerges as a pivotal tool in this strategy, for our service can help enhance your online safety through:
-
Business Cybersecurity Enhancement: Arresti VPN secures internet connections for small and medium-sized businesses, which also ensures online safety for remote workers and public Wi-Fi users.
-
Personal Cyber Safety: With a VPN, you’ll be equipped with additional security and privacy, protecting against hacking, surveillance, and data theft.
-
Cyber Resilience: A VPN will encrypt your data and activities, shielding it from unwanted third parties and reducing the risk of cyber threats and attacks
-
Infrastructure, Workforce Development, and Cyber Leadership: Using a VPN is essential to enhance critical infrastructure security, professional cyber workforce development, and organisational cyber hygiene, contributing to regional and global cyber resilience.
Conclusion
The 2023-2030 Cyber Security Strategy represents a forward-thinking and comprehensive approach to protecting Australia against cyber threats.
As Australia embarks on this ambitious journey, it is imperative for all stakeholders, including government entities, industry leaders, and the cyber community, to collaborate and contribute towards achieving these strategic goals. The success of this strategy will define Australia’s cyber resilience for years to come, making it a cornerstone of national security in the digital age.
Arresti VPN distinguishes itself as an efficient, reliable, and cost-effective solution for securing your online privacy. Opt for Arresti VPN for just $6.99USD and experience comprehensive online protection with a 30-day risk-free trial.
Stay informed, stay safe, and navigate the digital world with confidence.