Public and private collaboration key to cyber security strategy

Speaking at the AFR’s Cyber Summit yesterday (18 September), Ms O’Neil said the goal would be to build six cyber shields around the nation to protect individuals, businesses and organisations from cyber attacks.

The first shield is to create “strong citizens and businesses that understand that they actually do have the power to protect themselves.”

Ms O’Neil said the nation was planning that, by 2030, citizens and businesses understand the cyber threat, the actions they can take to protect themselves, and have proper backups and support in place so they can get back on their feet quickly if they become victim to an attack.

She said while cyber attacks are concerning for large companies to manage, for a small business they could be “an immediately fatal event.”

Ms O’Neil added: “No matter who we were talking to, everywhere we went in almost every consultation it was about small business. I have spoken to small business owners who are in genuine panic, who genuinely lie awake at night worried that the next day is going to bring a cyber attack that they do not have the capacity to control.

“Many Australians are desperately anxious about this problem, and I hear from a lot of people, in particular seniors and those from multicultural backgrounds, that they are actually starting to scale back their use of the internet and digital products because they are so anxious about this problem.”

The Minister for Cyber Security said the second shield is “safe technology.”

She revealed that the vision is that by 2030 “we have clear global standards for digital safety in products that will help us drive the development of security into those products from their very inception, a world where just as you can’t go into a car yard and buy a car that will not be safe to use, when you buy a digital product on sale in our country we know that it’s safe for you to use.”

Ms O’Neil explained the third shield was for real-time “world-class threat sharing and threat blocking”, specifically between government and business, to limit the harm cyber attacks can cause to the nation.

She labelled it one of the “most exciting parts” of the strategy, growing the collaboration between public and private sectors on an issue that impacts all individuals.

“This is a national challenge shared by all Australians that we will only solve if we work together,” she added.

The fourth cyber shield is protecting Australians’ access to critical infrastructure. Ms O’Neil said despite the terrible outcome of personal data being stolen, the government held greater concerns regarding attacks on the nation’s infrastructure such as water or the energy grid.

She said: “What we need to do is make sure that we’re addressing not only the problems of today but the problems of the future, and I include in this the critical role of government.”

The fifth cyber shield is Australia’s sovereign capability. Ms O’Neil said by 2030 she wants the nation to be “in a thriving cyber ecosystem” with the skills needed and with cyber security being a “desirable profession for young people around the country.”

She added: “So that means that as we innovate and as we see the cyber security problem change, that Australia is at the frontier of those technologies and those changes to make sure that we’re getting to the benefits out of what this problem presents to the country.”

The final shield as part of the national cyber security strategy was taking coordinated global action, with the cyber challenge a “truly global” one.

In her speech, Ms O’Neil commented there would be a greater focus on developing strong and valuable partnerships within “our region to assist countries which are struggling with this problem too” while looking to create a “more resilient region”.

Her address came a year after the Optus attack that saw the personal data of more than 9 million customers stolen, the biggest cyber attack in Australian history until the Medibank hack weeks later.

Ms O’Neil said the attacks had seen organisations become more transparent regarding the reporting of cyber attacks with the National Australia Bank revealing they had faced 50 million attempted hacks each month, while the ATO said it experiences 3 million attempts a month.

She stated: “If there’s a silver lining, it is that for every board that I talk to now, cyber security is a top priority for the board and it is one they discussed in every single board meeting.

“There is enormous hunger for board directors to get – to understand the problem better, and I see CEOs and other leaders who are really down in the detail, supporting their technical people and working out where they need to improve.”

Ms O’Neil warned that the strategy would not result in a world without cyber attacks but that through collaboration and the strategy “we can build a clear national picture to respond to it as quickly as possible.”

[Related: Big 4 banks caught up in HWL Ebsworth hack]