The bulk of the $195.1 million in new funding announced in the federal government’s much-awaited 2016 Cyber Security Strategy will be divvied up between agencies within the Attorney-General’s portfolio.
Announcing the Strategy on Thursday 21 April – 17 months after the Department of Prime Minister and Cabinet (PMC) led Cyber Security Review was announced by then Prime Minister Tony Abbott – Prime Minister Malcolm Turnbull emphasised the need to tackle cybersecurity if Australia is to reach its potential for growth and innovation.
The Strategy has committed the government to 33 new cybersecurity initiatives.
The Attorney-General’s Department will receive $118.8 million over four years for its entities that operate as part of the Australian Cyber Security Centre. This includes:
- $47.3 million for CERT Australia to lead the establishment of joint cyber threat sharing centres and an online threat sharing portal that is co-designed with the private sector. This will enable a “layered approach for sharing real time public-private cyber threat information”;
- $21.5 million to increase the capability and capacity of CERT Australia;
- $20.4 million for the Australian Federal Police and $16 million for the Australian Crime Commission to increase cybercrime investigation and response capabilities with new specialist officers;
- $10 million for CERT Australia to raise cybersecurity awareness;
- $2 million for CERT Australia to lead the expansion of the government’s “exercising program” to non-government partners; and
- $1.6 million for CERT Australia to lead national voluntary good practices guidance for cybersecurity.
“Statistical data on the national impact of cyber security compromises will enable Australian businesses and governments to make informed decisions when managing cyber risks,” states the Strategy.
“By securely sharing sensitive information and working together—in real time where possible—we can build a stronger collective understanding and ability to analyse and predict cyber security threats.”
The Department of Defence will receive $51.1 million to improve the capability of the Australian Signals Directorate, including its intrusion analysis capability, complementing the $300 to $400 million over ten years that was allocated to the Cyber Security Capability Improvement program in the 2016 Defence White Paper. New initiatives include:
- $38.8 million to relocate the ACSC to a new facility to improve interaction with the private sector and “accommodate new staff recruited as a result of the Strategy’s implementation”, boosting its capacity to respond to cybersecurity threats;
- $11 million to improve its ability to identify vulnerabilities within agency systems and provide technical security advice on emerging technologies; and
- $1.3 million for a programme of assessments to evaluate the implementation of the ASD’s Strategies to Mitigate Targeted Cyber Intrusions by agencies and develop a framework for those agencies “at higher risk of malicious cyber activity”.
Intermedium reported earlier this month that ASD had already begun making panel arrangements for increasing cybersecurity workloads across Australia’s Defence Intelligence Agencies.
The Strategy also commits to ensuring that ASD’s Strategies to Mitigate Targeted Cyber Intrusions are regularly updated.
$15 million is earmarked for the Department of Industry, Innovation and Science to improve cybersecurity using small business grants, in addition to the $30 million allocated in the National Innovation and Science Agenda (NISA) for a new industry-led Cyber Security Growth Centre. The Growth Centre, to be chaired by Data61 CEO Adrian Turner and NICTA Board Member Doug Elix, will have two ‘nodes’ established at Sydney’s Australian Technology Park and at the Goods Shed in Victoria.
The NISA also provided $7.5 million to Data61 to improve cybersecurity, which accounts to the $233.1 million overall funding in the Strategy.
A new national cyber partnership between the federal government, businesses and research institutions will see an annual cybersecurity leaders’ meeting, hosted by the Prime Minister and a new Minister Assisting the Prime Minister on Cyber Security. The meeting is expected to set the cybersecurity agenda and drive the Strategy’s implementation.
“More strategic discussions between public and private sector leaders will focus on practical outcomes and elevate cyber security, both as a business risk and as a strategic opportunity rather than just as an operational matter,” states the report.
The current Office of the Children’s eSafety Commissioner Alastair MacGibbon will become the PMC’s new Special Adviser on Cyber Security. He will “lead the development of cyber security Strategy and policy, provide clear objectives and priorities to operational agencies and oversee agencies’ implementation of those priorities.” This will assist the government streamline cybersecurity governance by drawing “together disparate elements of both the policy and operational areas” to improve interaction with the public/private sectors.
The government will also develop guidance for agencies to manage supply chain security risks for ICT equipment and services.
The Strategy also addresses Australia’s approach to cybersecurity in the international arena by appointing a Cyber Ambassador at the Department of Foreign Affairs and Trade (DFAT), and publishing an international cyber engagement strategy to guide bilateral and regional cooperation. DFAT will receive $6.7 million to advocate for internet freedom and security, and for cybersecurity capacity building in the Indo-Pacific region.
The Department of Education and Training will receive $3.5 million to address skills shortages by establishing academic centres of cybersecurity excellence as well as programs to increase the number of cybersecurity professionals.
The Strategy’s initiatives will be reviewed and updated annually, with the Strategy itself to be reviewed and updated every four years.