The federal government must reinstate the position of Minister for Cybersecurity as part of the updated 2020 national Cyber Security Strategy, the Opposition and industry figures have said.
The government should also be less ambitious with big-spending items in the strategy and instead focus on specific, targeted initiatives to improve cybersecurity broadly, they said.
Last month the federal government released a discussion paper seeking community input ahead of its 2020 national Cyber Security Strategy. The country’s first ever cyber strategy was launched in 2016 and updated the following year.
The strategy was originally meant to be updated annually, but the government is instead pursuing a significant reworking of the plan to be released next year.
A Home Affairs executive discussed the upcoming strategy at a speech at the CyberCon event in Melbourne on Tuesday, but this session was closed to media despite no new information being presented.
Former Prime Minister Malcolm Turnbull appointed a Minister for Cybersecurity as part of his Cabinet, but this position was scrapped by Scott Morrison last year. Responsibilities for cybersecurity were handed to Home Affairs Minister Peter Dutton.
The reinstatement of this position must be part of next year’s strategy, shadow assistant minister for cybersecurity Tim Watts said.
“Under this third term government, Australia has had almost as many cybersecurity policies as energy policies – but there’s been no-one responsible for implementing them. The result has been a leaderless and unaccountable cybersecurity policy that has failed Australians,” Mr Watts said.
“Rather than appointing a dedicated Minister for Cyber Security, Scott Morrison has left responsibility in the hands of Peter Dutton, a minister who treats cybersecurity as an afterthought to his incompetent mismanagement of the Home Affairs portfolio.
“The Morrison government must start taking cybersecurity seriously. The Prime Minister should start by reinstating a dedicated ministerial role for cybersecurity, as part of its cybersecurity strategy review.”
Having a minister directly response for the sector is key to ensuring consistent policies and emphasis on the space, CyRise chief executive Scott Handsaker said.
“It is incredibly disappointing to not have a permanent cybersecurity minister, and it is something Australia absolutely needs in order to ensure the right level of focus and attention,” Mr Handsaker told InnovationAus.com.
“Consistency of direction is important. A dedicated minister gives weight tothe message that cybersecurity is critical for the future of Australia’s economy and security,” he said.
“The thing people find most frustrating with government is how short term initiatives can be. One day you have a cybersecurity minister and the next you don’t. Make a decision and invest in it properly for the years that are required to see a return.”
In its discussion on the 2020 cybersecurity strategy, the government outlined a dramatically changed cyber environment, and flagged drastically different roles for government and business.
It raised the potential for a more centralised architecture for cyber protection, shifting the risk away from end-users and towards businesses and industry.
The inaugural cyber strategy was too ambitious and the updated version needs to be very targeted and specific to be effective, Australian Strategic Policy Institute International Cyber Police Centre director Fergus Hanson said.
“On reflection, the first strategy was a bit too ambitious and given that we’ll have a few more funding constraints, it needs to be more targeted. One way is looking to do more through government policy rather than big spending initiatives,” Mr Hanson told InnovationAus.com.
“We probably need to reduce the scope a little bit. There are lots of things that are really important and we need to be refining it down to things that are really essential.”
These things could include requiring vendors that sell to government to meet cybersecurity standards, a low cost way to improve security, Mr Hanson said.
The government should also be looking at the Internet of Things, especially in large physical systems like driverless cars, airplanes and factories.
“I think we overlooked immediately connecting a lot of these systems to the internet and we haven’t really got the controls in place to make sure there isn’t a disaster. I think prioritising things with physical injury is a good place to start,” he said.
There also needs to be a focus on supporting cybersecurity startups, Mr Handsaker said.
“In our submission we will be strongly arguing for a greater focus on helping home-grown cybersecurity startups succeed, something which appears to be missing from the draft document,” he said.