Anthony Albanese to set up agency to fight cyber attacks
PM’s new agency to target state-sponsored hackers under seven-year strategy to strengthen defences and end blame-shifting.
Anthony Albanese will set up a new agency to lead Australia’s fight against mass cyber attacks by state-sponsored hackers and criminal gangs, under a seven-year strategy to strengthen defences and end blame-shifting inside government and across the private sector.
The overhaul of Scott Morrison’s $1.7bn 10-year national cyber security strategy comes amid fears Australia’s legislative, government and private sector cyber defences are not keeping pace with fast-moving technological and geostrategic threats.
The appointment of a new co-ordinator for cyber security, who will lead the National Office for Cyber Security within the Department of Home Affairs, follows Joe Biden’s establishment of a US Office of the National Cyber Director in 2021.
Tasked with leading whole-of-government co-ordination and triage of major cyber incidents, similar to last year’s Optus and Medibank hacks, the cyber security chief will lead policy development and harden commonwealth digital systems.
The Prime Minister, who is hosting a roundtable with business, security and tech leaders in Sydney on Monday, will launch consultation on the new strategy led by former Telstra chief executive Andy Penn.
As the Albanese government increases co-operation with Quad and AUKUS partners on critical technologies, quantum and critical minerals, there is also a shared focus on aligning cyber defences to thwart rapidly evolving threats emanating from Russia and China.
The Australian Cyber Security Centre last year reported significant surges in cybercrime, which is now estimated to cost the country more than $33bn annually.
Following last year’s federal election, The Australian revealed Home Affairs and Cyber Security Minister Clare O’Neil had ordered – as a top priority – an urgent review of the Morrison government’s 2020 cyber security strategy.
Ms O’Neil’s expert advisory panel, consisting of Mr Penn, former air force chief Mel Hupfeld and Cyber Security Co-operative Research Centre chief executive Rachael Falk, has provided the government with a 15-page discussion paper outlining how Australia can better protect households, businesses and governments from cyber attacks.
The paper outlines priorities and core policies for the updated cyber strategy, which will be finalised in the second half of the year and is expected to include 2030 targets that establish Australia as a world-leading cyber security force.
The Australian understands it focuses on a new cyber security act and what that should include, strengthening critical infrastructure legislation to set baseline cyber security requirements for companies and governments, boosting regional cyber resilience and building a frontline cyber workforce.
Other suggestions include establishing a cyber review board to examine incidents and inform future responses, ensuring the commonwealth sets the standards for best practice in managing data and providing better awareness and victim support.
As revealed by The Australian last week, rules imposed by the Albanese government will hold boards and directors of critical infrastructure more accountable to protect Australians from cyber and physical attacks.
The regulatory costs for businesses and governments of beefing up infrastructure defences is expected to be about $11.5bn over 10 years. Ms O’Neil said Australia’s “patchwork of policies, laws and frameworks … are not keeping up with the challenges presented by the digital age”.
The Cyber Security Minister said the case for change was clear because “voluntary measures and poorly executed plans will not get Australia where we need to be to thrive in the contested environment of 2030”.
“To achieve our vision of being the world’s most cyber-secure country by 2030, we need the unified effort of government, industry and the community,” she said. “Together, we can equip our community to reduce the number and impact of cyber incidents through improved cyber hygiene and provide clear advice on how to respond confidently.”
While responsibility for cyber security and critical infrastructure policy is led by the Department of Home Affairs, the Australian Signals Directorate and Australian Cyber Security Centre fall under Defence, the Australian Federal Police reports to the Attorney-General’s Department and the eSafety Commissioner is part of the Department of Communications.
The private sector has repeatedly raised concerns about cyber security being straddled across four departments and the spiralling costs for business to bolster their cyber defences.
The Morrison government’s strategy, which was considered by some in industry and the bureaucracy to have been rushed-out during Covid, will be refocused on boosting sovereign capability and workforce to combat threats from malicious state-based actors and criminal gangs.
Mr Penn, who also led the 2020 cyber security strategy advisory panel, warned that “our national resilience, economic success, and security rely on us getting our cyber settings right”.
“If we are to lift and sustain cyber resilience and security, it must be an integrated whole-of-nation endeavour,” Mr Penn said. “We believe that the development of a new forward-looking strategy … is a unique opportunity for us to be ambitious and innovative.”
In response to rising cyber attacks linked to China, Russia, eastern Europe, Iran and North Korea, the Morrison government announced a $9.9bn package in its pre-election budget last year for the ASD and ACSC.
The cyber security agencies, which were tasked with recruiting more than 1900 staff, are facing a skills shortage that the government is seeking to remedy by attracting more skilled migrants and upskilling Australians faster.
More Coverage
Japan intensifies frigate sales pitch with port visits
Japan is ramping up its bid to sell $10bn worth of new warships to Australia, dispatching one of its Mogami-class frigates for port visits to Darwin and Fremantle in coming weeks.
China blames Australia for fighter jet’s flare drop
China accused the RAAF P-8A Poseidon of ‘deliberately intruding into China’s airspace’ while Australia lodged an official protest over the incident that risked the lives of up to a dozen Australians.