Push to review cyber incidents like plane crashes


Joseph Brookes
Senior Reporter

The recently established US cyber safety board wants other countries employ its new way of reviewing incidents and to partner on global solutions for the fast changing cyber environment.

Following an executive order from US President Joe Biden, the Cyber Safety Review Board (CSRB) was established in February. One of its members of the CSRB  this week backed Australia’s maturity and holistic approach to cyber policy.

The public-private initiative is aiming to improve US cybersecurity by forensically analysing significant cyber attacks starting with the Log4j vulnerability discovered last year and compromising millions of devices.

The concept of the CSRB comes from a US transportation safety board, established in the 1960s to review transport incidents, including their cause and ways to mitigate risks.

The transportation board still exists and has made thousands of safety recommendations based on their investigations, most of them adopted. These include things like smart airbags, marine fire safety and lifesaving devices, and smoke detectors in plane lavatories.

FIRB rules
Sydney airport Photo credit: Eigenblau / Shutterstock.com

CSRB member and Verizon cyber security lead Christopher Novak said the transport board is one of the reasons cars, planes and trains have never been safer in the US, and applying the same approach to cyber incidents will help identify systemic issues and lead to better policies.

“[We are trying to] dig into that, figure out how we can then influence things like public policy or making regulations or even just industry best practices and recommendations. That’s really the mission of the cyber safety review board. I’m very hopeful that other countries will start tagging onto that and following similar suit.”

Mr Novak told InnovationAus.com the approach could be adopted elsewhere, with Australia a leading candidate because of its “holistic” approach to cybersecurity and existing relationship with the US.

Cybersecurity is a key feature of Australia-US agreements and groups like AUKUS, the Quad and the Five Eyes alliance, all initiatives Mr Novak says are paying dividends in reducing the impact of cyber attacks.

“[The alliances] are probably one of the most valuable things that the agencies can do. Because there is so much out there that we see. When we look at things from our backbone, we rarely ever see something just once. It’s almost always done hundreds or thousands or more times.

“That means that if we can learn from one, we can potentially mitigate many of the others, and then obviously share that information with those that we have a relationship with.”

Mr Novak also endorsed Australia’s overall maturity level on cyber and approach to national policy, including the recent $10 billion REDSPICE initiative, despite the federal government’s own struggles with cybersecurity and what critics say is a lack of accountability and policy co-design.

The US cybersecurity expert said Australia still has some areas for improvement but is taking a clear-eyed approach to cybersecurity by equipping its spy agencies and moving to protect critical infrastructure, and not stopping at data and privacy protection

“You need to be looking at it beyond the data because…now we have all this operational technology: we have energy grids, we have autonomous driving vehicles, we have all sorts of other things that have impacts beyond just It hurts my wallet,” Mr Novak said.

“So I think that view is something that governments around the world need to mature and look at more holistically than maybe they have [in the past]. I think Australia has at least started to look at that quite well.”

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories