Prime Minister Scott Morrison recently announced that the Australian Government will invest $1.35bn in cybersecurity and information warfare capabilities over the next 10 years. The funds will boost the cybersecurity activities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) and focus on mitigating cyber threats.
The catalyst for the government’s renewed focus on building Australia’s offensive capabilities is the recent escalation in the frequency, scale and sophistication of cyber threats against Australia’s critical infrastructure. 
The Cyber Enhanced Situational Awareness and Response (CESAR) Plan
The Cyber Enhanced Situational Awareness and Response (CESAR) plan comprises new initiatives and funding to:
- Build new offensive capabilities against international cyber actors, to disrupt and block their activities to prevent attacks against Australian governments and businesses;
- Deliver a new cyber threat-sharing platform to facilitate intelligence sharing between industry and government and to block emerging threats in near real time;
- Develop new capabilities to allow the ASD and Australia’s major telcos to prevent malicious cyber-attacks reaching Australians by more efficient blocking of known malicious websites and computer viruses;
- Enhance Australia’s ability to rapidly detect and respond to emerging cyber threats by expanding ASD’s data science and intelligence capabilities;
- Deliver a national situational awareness capability to better enable ASD to understand and respond to cyber threats on a national scale; and
- Establish cutting-edge research laboratories to better understand threats to emerging technology, ensuring that ASD continues to provide timely and authoritative advice about the most secure approaches for organisations to adopt new technology.
The Cybersecurity Skills Shortage
Importantly, the government is also allocating $470m for job creation at the ASD to address the cybersecurity skills shortage. However, it is currently unclear how the significant skills shortage will be addressed in the short-to medium term. More details are likely to be included in the imminent release of the 2020 Cyber Security Strategy, an update on the inaugural 2016 version.
The ABC also recently reported that a Department of Defence review suggested Australia was unprepared for cyberwarfare and similar threats. It claims that regular audits of the cybersecurity preparedness of government departments indicates a need for improvement. This position seems to be validated in the March 2020 release by the ACSC of the Commonwealth Cyber Security Posture in 2019 report, which highlights that “most Commonwealth entities had only ‘ad hoc’ or ‘developing’ compliance with the government cybersecurity mitigation framework”.
Addressing Cyber Threats
Yesterday, Australia’s Digital Trust Report 2020 was released. It highlights the role ‘digital trust’ plays in attracting investment and driving jobs growth. A key finding of the report is that a 4-week digital disruption could cost the economy AU$30 billion, or ~1.5 per cent of GDP, and an estimated loss of 163,000 jobs. This would significantly increase when loss of trust in digital infrastructure and data integrity is taken into account.
In Summary
- Agilient welcomes the new Government initiatives to improve Australia’s ability to pre-empt and address emerging cyber threats, and the considerable funding boost to address the cybersecurity skills shortage.
- The recent escalation in the frequency, scale and sophistication of cyber-attacks directed at critical infrastructure, government agencies and corporates (e.g. Toll Group, Lion, Fisher & Paykel) highlights that all organisations should regularly review their cyber resilience plans to ensure they are fit-for-purpose.
- The Coronavirus pandemic has highlighted that organisations can rapidly adapt and adopt new digital technologies and remote work capabilities. However, it has also exposed the business risks of poor cyber hygiene. As organisations progressively enhance their AI and IoT capabilities, it is critical that their cyber risk management strategies are robust.
- Agilient has extensive experience in working with government agencies, corporates and critical infrastructure providers, to ensure that they are cyber-resilient. Our clients value our customised approach, which aligns their risk tolerance with appropriate risk mitigation strategies. This provides executive teams with confidence that their enterprise is well prepared to withstand potential cyber threats, thereby protecting their valuable assets, people and revenues.
Contact Agilient to appraise your organisation’s cyber-resilience.