Challenges generally bring out the best in Australians. Floods, bushfires, drought and even a global pandemic show that our society is adept at standing together to find a way of working through whatever is thrown at us.
COVID in particular showed what is possible when communities, governments and institutions work together to overcome adversity. This includes coming up with a national plan of action, working collaboratively with government, industry and experts to devise and implement it, and working proactively with the community to help them stay informed and safe.
We need to apply these lessons to our national response to the cyber security challenge Australia is facing in the wake of the large-scale cyber-attack on Optus.
In Australia and around the globe, governments, businesses, and individuals are increasingly being targeted by cyber criminals.
Cybersecurity and cyber resilience has never been more important.
It’s therefore critical that we view the response to the cyber-attack on Optus as an opportunity to work together to fight back and protect our community and businesses – and for government and industry to work together to improve our national cybersecurity readiness and resilience.
Of course, there is no silver bullet, however, a comprehensive response developed through government and the tech industry working collaboratively is a good place to start. This response needs to include four essential components:
- A clear national cybersecurity plan, with supporting coordination mechanism;
- A modernised legal regime fit for the digital age;
- Better use of new technologies that can improve cybersecurity and data security;
- More investment in building cyber awareness, capability and skills, including for small businesses, consumers and cyber professionals.
First, Australia needs a new cybersecurity strategy to help identify our cyber resilience objectives as a country, the key measures needed to realise them, and a comprehensive model for delivering them. The strategy should also review the current models for preventing, disclosing, coordinating and collaborating around cyber-attacks and identified where they can be enhanced.
Second, we support reform to Australia’s legal and standards framework to ensure they are fit for the digital age, particularly in areas such as privacy law. These reforms should also address practical problems like the barriers to businesses sharing data with financial institutions and governments following a data breach. We also need a better model for reviewing proposed new laws that require or extend sensitive data collection obligations on government agencies or private sector firms’ implementation to assess the data risks they may create.
Third, there are a number of technical solutions that can help consumers, businesses and governments improve cybersecurity and reduce the need for sensitive data sharing. This includes expanded, secure and trusted digital identity and document solutions and more widespread use of two-factor authentication. We need to consider how to better use these technologies as part of Australia’s response.
Finally, Australia needs to invest in improving cyber awareness, capabilities and skills. There is a chronic shortage of skilled cyber professionals in Australia – for example, research by the Tech Council found that cyber professionals were the profession taking the longest time to fill during the pandemic (60 days, rather than the economy-wide average of 30 days). Attracting more people to the profession, modernising training products and pathways, and prioritising cyber professionals in skilled migration program and bringing down processing times are all measures we can and need to act on as a matter of urgency.
We also need to do more to support awareness and upskilling amongst groups such as consumers and SMEs. The government should consider how measures such as the Tech Investment Boost and Skills Boost can be targeted to cybersecurity to help SMEs rapidly improve their cyber skills and practices, in an affordable, supported way.
The Australian tech sector stands ready to help lift Australia’s cyber resilience. The Tech Council of Australia has brought together a dedicated ‘tiger team’ of multidisciplinary experts from across our membership to identify solutions and quickly consider proposals made by the government.
This group will also have the capacity to assist government in identifying and developing potential long-term responses that the government can progress through its new cybersecurity strategy.
The challenge of combating cyber criminals and securing the private information of our citizens will not be a short or easy road. However, by working together — as Australians have always done — we can take back the initiative in making the digital world a safer and more secure environment for Australians.
Kate Pounder is the CEO of the Tech Council of Australia, the peak industry body for Australia’s tech sector. Providing a trusted voice for Australia’s technology industry, with over 140 members, the Tech Council comprises the full spectrum of tech companies.
