Cyber security ‘needs a new approach’

A government advisory group helping prepare Australia’s 2020 Cyber Security Strategy will publish its recommendations on Tuesday.

David Swan and Glenda Korporaal

2 min read

12:00AMJuly 18, 2020

Australian business leaders discuss how COVID-19 has impacted their businesses and their lives

A government advisory group helping prepare Australia’s 2020 Cyber Security Strategy will publish its recommendations on Tuesday, The Weekend Australian can reveal.

Speaking at a roundtable discussion with the Business Council of Australia, Telstra boss Andy Penn said the panel’s report would include about 60 recommendations to the government, urging it to increase spending in Australia’s cyber security industry.

The industry group chaired by Mr Penn includes Tesla chair Robyn Denholm, former US secretary of homeland security Kirstjen Nielsen, Vocus chair Robert Mansfield, NBN Co chief security officer Darren Kane and others.

It comes weeks after Prime Minister Scott Morrison warned of a sophisticated ongoing cyber attack by a nation state, presumed to be China, affecting “all levels of government”, and just days after it was revealed Russian hackers were behind a campaign to steal data relating to a COVID-19 vaccine.

“It’s encouraging to see the government is already taking action and initiatives in relation to a number of the recommendations. But seeing that follow through is going to be important,” Mr Penn said.

“If we want to accelerate the digital economy and as we’ve all moved to work and study from home, and we do more business online, we are putting ourselves in a more cyber-vulnerable environment. Therefore we’ve got to build the cyber defences to match that.”

Mr Penn said Telstra had seen a significant increase in cyber attacks in recent weeks, and government and industry needed to take that a ‘‘completely different approach’’ to cyber security.

“It used to be if you wanted to rob a bank, you used to have to basically drive into town on your horse and go into the bank and sort of hold up the teller, whereas now you can rob a bank from the other side of the world, and there’s a fair chance that nobody will catch you,” he said.

“And if I do catch you, it’s very difficult for the Australian government to effectively impose its jurisdiction on a crime that’s occurring on the other side of the world.

“It is quite a volatile environment at the moment, and I think another reason why now is the right time for the government to be thinking about its level of investment in improving our cyber defences, particularly as we are going to become more and more reliant on the digital economy.”

The release of Tuesday’s report represents one of the last steps before the federal government releases its four-year cyber strategy, which comes after 213 submissions from industry largely calling for a major overhaul of the nation’s cyber-security infrastructure and a build-up of greater technical capacity to protect Australian companies and individuals.

The government has already announced a $1.3bn funding boost for the Australian Signals Directorate’s cyber capabilities, and has also said it would build a “sovereign cloud” to help protect Australia’s pool of sensitive data.

With a spike in cyber threats during the COVID-19 pandemic, AusTender documents reveal the Australian Signals Directorate and other government bodies, including the Department of Education and Australian Securities & Investments Commission, have spent more than $4.2m on cyber security firms since late April.

Additional reporting: Geoff Chambers