ATSE urges focus on cyber resilience

The Australian Academy of Technology and Engineering (ATSE) has advised the Department of Home Affairs to focus on cyber resilience in the face of cyber attacks.

In a submission to the department’s call for views into Australia’s 2020 Cyber Security Strategy, the academy warned that complete cybersecurity cannot be achieved.

Instead, the focus should be on developing the ability to continue operating in the face of a cyber attack, according to Academy Fellow Dr Jacqueline Craig.

Craig, a former chief of the Cyber Electronic Warfare Division of the Defence Science and Technology group, warned that increased dependence on connected systems is increasing the cyber risk for Australia.

“Australia must develop strong cybersecurity systems and measures by playing a leading role in the development of cyber technology and its application in business, industry, government and society. Cybersecurity must be positioned as an enabler for our digital future,” she said.

“The academy believes that complete cybersecurity cannot be achieved, and Australia must focus on achieving cyber resilience, which is the ability to continue operating in the face of a cyber attack. That involves understanding critical dependencies and system vulnerabilities that are key to achieving cyber resilience.”

As part of its guidance, the academy has recommended that the government seek to establish national cybersecurity standards which are developed by knowledgeable bodies and technical experts.

Regulations should also be established laying out the liability of providers of cyber goods and services for data security and privacy.

The academy is also recommending that the department’s new cybersecurity strategy make a more proactive approach to managing future vulnerabilities and threats associated with emerging technologies such as the Internet of Things.

In addition, the government and education sector should address Australia’s cyber skills shortage as a matter of high priority.

Other recommendations include establishing a ‘trusted partner’ status for suppliers that adhere to defined standards, and the establishment of regulations ensuring the liability of providers of cyber goods and services for data security and privacy.

But the academy has also warned that Australia’s controversial decryption Bill represents a significant barrier to expanding Australia’s cybersecurity sector, as overseas investment in Australian cyber products and services will be tempered by the concern that they are insecure.

“As a trusted global cyber nation, Australia will need to maintain the highest of cybersecurity standards including the development of a top-class professional cybersecurity workforce and a comprehensive education program for its citizens,” Craig said.

“Emphasis on cybersecurity will be on proactive, rather than reactive, approaches, and will include: techniques for predicting likely threats and vulnerabilities; tools and techniques for achieving real-time comprehensive cyber situational awareness; and methods for ensuring business continuity in the face of cyber attack.”

Image credit: ©stock.adobe.com/au/immimagery