Australia has set a target to become “the most cyber secure country in the world by 2030”, and will use a reworked national cyber security strategy as the vehicle to enable that.
Minister for Home Affairs Clare O’Neil unveiled the ambition at a National Press Club address on Thursday.
The government had flagged plans to recast the cyber security strategy back in August, but details at the time had been scant.
O’Neil indicated it would be less of a recast and more of a completely “new cyber security strategy for Australia.”
“The cyber security strategy will help Australia bring the whole nation into the fight to help protect our citizens and to protect our economy,” she said.
“It will help us strengthen critical infrastructure and government networks.
“It will help us build sovereign capabilities in cyber security because this is something that Australia must be able to do for itself, and it will help us strengthen our international engagement so Australia can play a leadership role on the global stage and work in partnership with our Pacific neighbours to lift cyber security across our region.”
Immediate development of the strategy will be led by former Telstra CEO Andrew Penn, Cyber Security Cooperative Research Centre CEO Rachael Falk, and retired Air Force chief Mel Hupfeld.
In government they will be supported by Minister for Finance Katy Gallagher and by O’Neil.
However, a major part of the strategy development – and the 2030 leadership target – is the involvement of an international panel, which O’Neil said comprised “some of the biggest cyber ‘guns’ from around the world [who] love the scale of our ambition and [have] agreed to help”.
The international panel will be led by Professor Ciaran Martin, who founded the UK’s National Cyber Security Centre (NCSC).
Other participants were not immediately disclosed.
Assistant Minister for Foreign Affairs Tim Watts will run the “international focus” from a government perspective.
“We’ve got the burning platform, we’ve got the mandate for change, we’ve genuinely now got the best minds on the problem, and now it’s time to translate that into a more cyber secure Australia,” O’Neil said.
“I want Australia to be the most cyber secure country in the world by 2030, and I believe that’s possible. But we need a reset and we need a pathway to get there.”
O’Neil said that after a series of high-profile hacks on Australian companies, cyber security had become “a hot topic in the boardroom and at the kitchen table.”
“Our government has commitment and resolve to fix this but it is going to take time,” she said.
“Better cyber security for Australia means all businesses and citizens changing how they engage with the internet.
“We need to prepare for more cyber attacks over the coming years as we undertake this incredibly important work.”
O’Neil criticised the former government for axing a dedicated cyber security ministerial role in late 2020.
She said it caused Australia “not to do the work nationally over the last decade to help us prepare for this national challenge” of cyber security.
“[Former] Prime Minister [Scott] Morrison’s decision to abolish the cyber security ministry when he came to office was an absolute shocker,” O’Neil said.
The government has also made other changes to Australia’s cyber security stance, formalising a team to “hack back” against threat actors, and significantly raising penalties for organisations that do not adequately protect customer data.
As far as the joint police team taking on the hackers directly goes, that capability may still be reasonably nascent.
“It will take some time to get this singing but when it does it will change the game for cyber security in our country,” O’Neil said.