In a keynote address to CeBIT Australia 2016 recently, First Assistant Secretary, Cyber Policy and Intelligence Division, Department of Prime Minister and Cabinet, Lynwen Connick, called for a proactive and balanced approach to cyber security that took into account both the risks and the opportunities that the digital economy presents to governments, business and citizens.
The timely presentation follows the April launch of the federal government’s Cyber Security Strategy, an update on the 2014 strategy announced under Prime Minister Tony Abbott.
To set the scene, Ms Connick quoted the Prime Minister when he said, “The internet is the most transformative piece of infrastructure ever created. It has changed the world, it has changed history, it has changed us.”
This somewhat lofty description is based on compelling statistics. The internet is growing at breakneck speed.
“The value of the internet-based economies in the G7 is likely to be over US$4 trillion a year – an increase of 88 per cent since 2010,” Ms Connick said.
“Australia’s slice of this pie grew from $50 billion in 2011 to $79 billion in 2014. This is largely in sectors like agriculture, retail and transport. Based on current estimates it’s likely to reach A$139 billion by 2020.
“As people and systems become increasingly connected, the quantity and the value of information held online are growing,” she said.
“And so are efforts to steal and exploit that information. Australian and overseas organisations across the private and public sectors have been compromised by either criminal or state-sponsored intrusions.
“Figures vary, but cyber crimes are estimated to cost over a billion each year and by some estimates that could be $17 billion each year,” she said. “It’s estimated that one in five Australians have had personal information stolen.”
However, she also reminded the audience that the risks did not outweigh the opportunities the internet delivered.
In presenting the government’s cyber security initiatives, Ms Connick said, “The internet is fundamentally important to our future prosperity. We will only succeed if there is trust in the internet, in new technologies and new online business operations.”
The government has invested more than $230 million over 33 initiatives in its new cyber security strategy. “This is on top of the $400 million over the next decade that has been in cyber security [outlined] in the Defence White Paper, she said. “We are building on a strong base. Australia has world-class cyber security capability. But the threats are real and growing.”
Ms Connick explained that the government proposed to build that trust through five “pillars” to address cyber security.
The first being a national cyber partnership that aims to create a “concerted effort to ensure that the Internet remains free and open for all to use and that we can trust the transactions and the devices that we use to connect to it,” she said.
“It requires a joint approach between the public and private sectors [as well as] international partnerships in this global economy. The threats are serious and should be an issue for senior leaders not just for IT people and cyber professionals,” Ms Connick said.
As part of the partnership, the federal government feels that cyber security must “become the staple agenda for board agendas and leader’s meetings”. In response it will facilitate private-public cooperation through annual meetings between the Prime Minister and business leaders to set the national agenda and to discuss progress on cyber security initiatives.
This will be matched with real-time information sharing and the establishment of joint threat sharing centres in capital cities that will be connected to an online sharing network or portal that provides threat and mitigation information.
Cyber security requires more than threat sharing, however, and Ms Connick said the government’s second initiative was strong cyber defences at home.
“We need to be able to detect and respond to intrusions, exercise our incident response so that we are confident so that we can respond if we need to,” she said.
The government aims to find vulnerabilities and intrusions and to develop responses. This will include voluntary health checks to help organisations gauge their readiness and provide benchmark reports compared to their peers.
Also the government will allocate $6.7 million to keeping the Internet “open and free for all to use”. Under the global responsibility and influence pillar, a new “cyber ambassador” will be appointed to play a lead role in this work for Australia.
“And we will be working with international partners to build capacity, particularly in our region, to make sure we are protected from cyber crime which can emanate from beyond our borders and to build up resilience,” Ms Connick said.
As part of the fourth pillar – growth and innovation – the government will encourage research and development plus commercialisation of cyber security solutions by establishing cyber security growth centres as part of the government’s program of industry growth centres.
Bringing together “researchers, innovators, entrepreneurs, venture capitalists, governments and big companies who need innovative cyber security solutions”, the centres will be run like companies with CEOs appointed in population growth centres with the aim to grow jobs while solving cyber security issues for the nation.
In outlining the final initiative, Ms Connick said it was essential that Australia became a cyber smart nation. The associated $38 million initiative will cover education across all sectors including better alignment of tertiary courses to assist with the cyber skills shortage and greater diversity in the cyber security workforce.
It was a lot of ground to cover, but Ms Connick managed to balance both the risk and the opportunity presented by the digital economy. Clearly, the internet was worth protecting and this strategy appears to be a serious, multi-disciplinary approach to the challenges ahead.