The federal government is further stepping up its efforts to improve Australia’s protection against increasing cyber threats, with Prime Minister Anthony Albanese on Monday announcing the establishment of a Coordinator for Cyber Security.
The aim is to “ensure a centrally coordinated approach” to the government’s cyber security responsibilities. This would include coordinating and “triaging” action after a major incident.
The new coordinator will be backed up by a National Office for Cyber Security in the Home Affairs department.
Australia has recently seen serious cyber breaches involving Optus and Medibank. In the latter case, clients’ health information was posted on the dark web, after a ransom bid was rejected.
The new coordinator post will be announced at a Cyber Security Roundtable in Sydney, attended by Home Affairs Minister Clare O’Neil, peak industry bodies and civil society groups.
Also at the roundtable will be the Cyber Security Strategy Expert Advisory Board comprising former CEO of Telstra Andy Penn, former Air Force chief Mel Hupfeld, and CEO of the Cyber Security Cooperative Research Centre, Rachael Falk. The government appointed the board late last year.
The government will release the 2023-2030 Australian Cyber Security Strategy – Discussion Paper, which has been produced by the advisory board.
This is part of the preparation for a new Cyber Security Strategy.
The paper canvasses ramping up the legislative framework to meet the challenges of a worsening threat environment.
Reform of the Security of Critical Infrastructure Act could include adding customer data and “systems” in the definition of critical assets. This would ensure the government’s power under the act extended to major data breaches such as in the Medibank and Optus attacks, not just operational disruptions.
A new cyber security act could bring together the cyber-specific legal obligations and standards across industry and government.
The paper also looks at opportunities for Australia to build on its existing international cyber partnerships, and the scope for contributing more to the setting of international standards on cyber security.
The government has said priorities for its new cyber security policy include increasing whole-of-nation protection efforts, ensuring critical infrastructure and government systems are resilient, building sovereign capabilities to tackle cyber threats, strengthening international engagement, and growing a national cyber workforce.