As part of prime minister Tony Abbott’s review into Australia’s cyber security policy and strategy, technology giant Cisco was invited to provide industry insights on how cyber security can be bolstered in Australia.
In its report released today, Cisco said as Australia’s future becomes increasingly hyper-connected and critically dependent on technology, a strong cyber security capability is crucial for Australia to be a global leader as the world economy enters the next wave of digital enablement.
It also suggested that current cyber insecurity is taxing Australia’s economic growth.
“Globally, national losses from cyber security incidents are estimated to be as high as 1% of GDP, which for Australia, could be as much as $17 billion per year,” the report said.
“It is also estimated that the Group of Twenty (G20) economies have lost 2.5 million jobs to counterfeiting and piracy.”
For a positive cyber security environment in Australia, Cisco said there was a need to focus on a partnership between government, public and private entities and these three entities needed to focus on
- uplifting cyber security leadership;
- implementing state-based Cyber Security Centres; building and maintaining trust;
- enabling a greater level of information sharing; incentivising innovation and positive cyber security behaviours;
- and creating a national cyber security curriculum ‘engine’.
Here are Cisco’s 8 recommendations for a secure cyber future in Australia:
1. A national cyber security strategy.
A national cyber security strategy with a 10-year outlook and a 20-year view for skill building should be created. This should be reviewed every one to two years. The strategy must take a bipartisan approach that allows a coherent strategy to be implemented beyond election cycles.
2. Uplifting cyber security leadership.
Cyber security leadership needs to play a greater role in corporations and institutions. Executive committees and boards need to lead this transformation, whether this is in government or in business. This could include CEO level accountability for the integrity, confidentiality, and assured availability of data, systems and services. The government should also integrate cyber security requirements into their procurement and acquisition processes, to drive the market toward greater cyber security maturity.
3. Building and maintaining trust.
The government must invest in its ability to shape multilateral and bilateral frameworks, international and regional forums, and trade outcomes that differentiate Australia as offering the cleanest, safest and most versatile digital infrastructure. This will support trade and investment in Australia.
4. Positioning Australia to maximise the advantage of digital transitions.
With Australia assuming the position of a world-leading adopter of digital market transitions, there’s an opportunity to position our nation as a global leader in cyber security operational excellence. For example, the growth of the number of “things” connected to the internet is fundamentally changing the landscape for cyber security and a minimum standard for connected devices needs to be established and enforced. Australia could lead the world in setting and testing these standards.
5. Enabling greater information sharing.
There is a need for information sharing across national and multinational boundaries, including between government and the private sector. This needs to include support for machine-speed solutions. It should be guided by the principles that information sharing is bidirectional, voluntary, increases trust, is actionable and relevant, and doesn’t cause conflict with other regulations. Furthermore, there needs to be a regime that offers protection from, or is compliant with, privacy, data protection, and corporate reporting requirements.
6. Implementing new state-based cyber security centres.
The formation of the Australian Cyber Security Centre (ACSC) is a positive step in enhancing Australia’s cyber security framework. However, there is a need to expand its reach to better influence the Australian states, as well as to widen access to skilled personnel. This should be done through lower classification areas within the ACSC, as well as virtualisation of the ACSC to include state-based centres. New cyber security Centres of Excellence will create a hub for learning, as well as create local liaison centres for state and local government, and industry.
7. Accelerating innovation and positive cyber security behaviours and outcomes.
Appropriate incentives for investing in research and development, including the formation of incubators, must be introduced to accelerate innovation and skill development. Incentives should also be introduced to accelerate preferred behaviours and outcomes for cyber security by Australian government agencies and business.
8. Building skills, education and training.
From a skills perspective, the key priority is to define the national cyber security curriculum “engine”, including a program that maps skills, and is accountable for hiring, education and training.