26/07/2024
On 22 November 2023, the Australian Government released the 2023-2030 Australian Cyber Security Strategy (the Strategy).
The goal of the strategy is for Australia to become a world leader in cyber security by 2030, and to build stronger cyber defences to enable our citizens and businesses to prosper, and to build cyber resilience so we can bounce back quickly from a cyber-attack. The strategy has identified six layers of shields which are critical to defend against cyber threats.
The six shields are:
- Strong businesses and citizens
- Safe technology
- World-class threat sharing and blocking
- Protected critical infrastructure
- Sovereign capabilities
- Resilient region and global leadership
The strategy is set to be delivered in three phases:
- 2023-2025 – Horizon 1 – Strengthen our foundations. Critical gaps in the six shields will be addressed
- 2026-2028 – Horizon 2 – Scale cyber maturity across the whole economy. Further investments will be made in the broader cyber ecosystem, continuing to scale up our cyber industry and grow a diverse cyber workforce
- 2029-2030 – Horizon 3 – Advance the global frontier of cyber security. The Australia will lead the development of emerging future-proof cyber technologies
As part of Horizon 1, the Australian Government will work with industry to design and implement legislative reforms in the cyber security areas. This will include options for new cyber obligations, streamlined reporting processes, improved incident response and better sharing of lessons learned after a cyber incident.
The following initiatives have been proposed to take place in the cyber security landscape to provide support and awareness training to businesses and individuals as part of Shield 1:
- a cyber health-check program that will offer a free, tailored assessment of cyber security maturity to small and medium businesses;
- victim support services for small businesses to help them respond to cyber incidents;
- small Business Cyber Security Resilience Service will provide small businesses with advice on how to build their cyber security capability and resilience;
- national cyber awareness campaign to help Australians understand critical cyber security threats and how to protect themselves online, including tailored cyber awareness campaigns to diverse groups;
- operation Aquila, the AFP- and ASD-led joint standing operation aimed at investigating and disrupting criminal syndicates;
- legislate a no-fault, no-liability ransomware reporting obligation for businesses;
- a new process for conducting lessons-learned reviews of significant cyber incidents and clarify business expectations of cyber governance;
- a single reporting portal on cyber.gov.au that brings key reporting links together in one place;
- legislate a limited use obligation for ASD and the Cyber Coordinator;
- an industry code of practice for incident response providers;
- continuing development in the Digital ID program and the National Strategy for Identity Resilience to reduce the need for people to share sensitive personal information with government and businesses to access services online.
For further information contact us at enquiries@griffinlegal.com.au.