On November 22nd the Australian Government revealed its 2023-2030 Cyber Security Strategy Action Plan. It’s a detailed plan designed to make Australia a worldwide frontrunner in cybersecurity by the decade’s end. This strategy is structured into three phases, each concentrating on different parts of improving cybersecurity. The following is an overview of this plan, please see the source link at the bottom of this article for all in-depth details.
First Phase (2023-2025): Strengthening Foundations
This initial stage aims to fill critical gaps in cyber defences, provide better protection for vulnerable citizens and businesses, and initiate the improvement of cyber maturity across the region. Key initiatives include:
- Support for Small and Medium Businesses: Introducing cyber health checks to assess and enhance cybersecurity readiness in these businesses. It also involves establishing the Small Business Cyber Security Resilience Service, offering tailored advice and support to small businesses at no cost.
- Enhanced Cyber Awareness: Expanding the national cybersecurity awareness campaign to reach a broader audience and improve understanding of cybersecurity among Australians. Specialised cyber awareness initiatives will also be funded by grants given to community organisations.
- Disruption of Cyber Threats: Strengthening efforts to disrupt cybercrime through Operation Aquila and promoting global collaboration to prevent and respond to cybercrime. Focus will also be placed on building capabilities to combat cybercrime in the Pacific and Southeast Asia.
- Combatting Ransomware: Co-developing a mandatory ransomware reporting requirement for businesses and creating a playbook to guide businesses in preparing for and recovering from ransomware attacks.
- Providing Clear Cyber Guidance for Businesses: Offering additional information on cyber governance obligations under current regulations and co-designing a Cyber Incident Review Board for no-fault incident reviews.
Second Phase (2026-2028): Expanding Reach
This phase aims to expand cyber maturity across the economy by investing further in the broader cyber ecosystem, including scaling up the cyber industry and nurturing a diverse cyber workforce.
Third Phase (2029-2030): Pioneering Innovation
The final phase focuses on advancing global cybersecurity frontiers by leading in the development of emerging cyber technologies and adapting to new risks and opportunities in the cyber landscape.
Additional Key Actions:
- Safe Technology: Adopting international security standards for digital technologies, developing a voluntary labelling scheme for smart devices, and embedding cybersecurity into software development practices.
- World-Class Threat Sharing and Blocking: Establishing an Executive Cyber Council to improve threat information sharing and scaling threat blocking capabilities to stop cyber attacks.
- Protected Critical Infrastructure: Clarifying critical infrastructure regulation, incorporating cybersecurity regulation in the aviation and maritime sectors, and enhancing cybersecurity obligations for Systems of National Significance.
- Sovereign Capabilities: Growing and professionalizing the national cyber workforce and investing in domestic cyber industry growth.
- Resilient Region and Global Leadership: Supporting a cyber-resilient region, advocating for high-quality digital trade rules, defending a free and secure internet in international forums, and upholding international law and norms of responsible state behaviour in cyberspace.
In conclusion, the strategy is designed to minimise regulatory burden, promote innovation, and maximise participation, with the Australian Government’s new Executive Cyber Council playing a crucial role in co-leadership on key cyber security issues. The flexible approach ensures adaptability to emerging technological, economic, and geopolitical trends, with the Action Plan to be reviewed every two years.
