Strategic pillars of change: Analysis of the cyber security strategy


On the 21st April, the Federal Government’s long-awaited Cyber Security Strategy was launched from Sydney’s Australian Technology Park. Needless to say, the InfoSec community has been hungry for change for some time and the anticipation in the room was palpable. Nevertheless, Prime Minister Turnbull didn’t disappoint. The new strategy does, on the surface of it, seems to deliver on all the strategic pillars of change needed to provide the economic stimulus we need for innovation and development of our national cyber capability.

Turnbull pledged $230mn over the next four four years, to be spent on five key themes of action. This may well seem like a trivial investment, given the billion-dollar price tags associated with security investment elsewhere, however, it’s a start and should at least start to help develop the three-way government, industry and citizen step-change we need to succeed. The cash will be allocated to 33 separate initiatives that will instill the five top-level narratives into governments, enterprises, SMBs and our personal lives.

One of the most important and possibly overlooked outcomes that I think will really help make this strategy a reality is the creation of two new roles within government. This was a pleasant surprise, showing us all the strategic importance of cyber security with the Prime Minister and is testament to his understanding of the problem space; he’s actually serious. The government needs dedicated leadership and advocacy in cyber security, so the first of the new appointees, taking on the role of Special Advisor on Cyber Security to the Prime Minister, was handed to Children’s E-Safety Commissioner Alastair MacGibbon. This is great news for the community since Alistair is well respected and a true advocate on the cyber security’s importance to our everyday lives. The second role will be appointed over the next few months by Foreign Minister, Julie Bishop, as Cyber Ambassador to champion a “secure, open and free Internet,” here in Australia, representing our cyber security interests overseas.

A National Cyber Partnership

“We will also sponsor research to better understand the costs of malicious cyber activity to the Australian economy”

The first of the five themes of action is called the National Cyber Partnership. This involves national business leaders, security researchers and government getting together every year to work with the Prime Minister on implementation of the strategy and to help drive its implementation across all of Australia’s states and territories. One of the outcomes of the initial setup of the National Cyber Partnership is to streamline security governance in Commonwealth Government agencies and ensure everyone knows who is responsible and what they are responsible for. The disjointed and overly complicated delegation of authority in the Protective Security Policy Framework (PSPF) will hopefully be replaced by something less onerous and eminently more usable, especially for the smaller agencies where it’s not appropriate to have a massively hierarchical and overly distributed set of functions. Turnbull also committed funding to relocate the Australian Cyber Security Centre (ACSC) from its current location in Canberra’s Ben Chifley Building another, as yet unannounced facility to make it more accessible to industry. This is smart as it aligns with what’s already been demonstrated as effective elsewhere, such as in the UK, where the government invested in their new National Cyber Security Centre ( news/NCSC) to be located in London rather than in the inaccessible headquarters of GCHQ in Cheltenham…Click HERE to find out more about this article