The revamped Australian Government Cyber Security Strategy will address the impact of the COVID-19 pandemic, but it is unclear when policy re-write will be released.
The Department of Home Affairs has been working on the 2020 Cyber Security Strategy for months. It received more than 200 submissions by the end of November from the private sector and has held a number of public hearings and sessions around the country.
The new strategy had been expected to be launched early this year, but it’s now unclear how long it will be delayed in light of the unfolding COVID-19 pandemic.
The government is “continuing to develop” the new strategy, a spokesperson for the Home Affairs department said, and would expand it to include any cybersecurity issues related to the current crisis.
“The 2020 Cyber Security Strategy will build on the strong foundations established by its predecessor and will take into account the rapidly evolving cybersecurity landscape, including the impact of COVID-19,” the spokesperson told InnovationAus.
The government issued a number of warnings and guidance for individuals and businesses on cyber security during the COVID-19 pandemic. It has warned about scams and phishing emails using the coronavirus and provided advice for companies to manage risk with employees working from home.
The 2020 cyber strategy will likely signal significantly different roles for government and the private sector from the first iteration four years ago. There will likely be more government-private collaboration on critical infrastructure, and a more centralised architecture for cyber protection, with a shift of the cyber risk away from end-users and onto the industry.
Former Prime Minister Malcolm Turnbull launched the first cyber strategy in 2016, with an initial plan for it to be updated annually. But the government decided that a more significant revamp of the strategy was needed. The strategy has not been updated since 2017.
A strategic panel was formed to guide the development of the strategy in November last year. The panel was criticised for being “incredibly out of balance with the reality” of the cybersecurity sector, and for being too narrow, Telstra-centric and not including any SMEs or startups.
Former US Secretary of Homeland Security Kristjen Nielsen was added to the panel in December last year.
A number of submissions to the government’s consultation on the strategy have called for better coordination of its “bewildering matrix” of cybersecurity policies and governance, and for a return of a dedicated cybersecurity minister.
Currently, cybersecurity policies are overseen by Home Affairs Minister Peter Dutton.
Do you know more? Contact James Riley via Email.
It’s going to fail. Again. I asked at the sessions if they read the submissions, and they admitted no. They also chose to make a big fanfare over the half dozen things they allege they “got right” from the original strategy (most of which is contested), and they totally failed to mention any of the hundreds of failures that resulted. They also have not been measuring anything, so half the time they’re completely unaware that the money they’re throwing at problems is not only wasted, but actually in some cases causing more harm.
And that’s not starting on the make-up of the Panel, which is overloaded with Telstra/ex-Telstra members (arguably the single biggest offender in Australia!! e.g. How many scam calls/texts have you had recently?) and has no actual experts on board.
The worst part of all – they know some things that need to be fixed: like imposing actual penalties for *government* non-compliance – but admitted that those are “too hard” and so will not be part of the strategy. “Nobody is flowing the rules – so lets just make more rules.”. We are doomed.