Govt lifts cybersecurity commitment to $1.67bn

Australian Federal Police will be equipped with new tools to investigate and shut down cybercrime on the dark web as part of the federal government’s new $1.67 billion cybersecurity funding commitment announced on Thursday.

The Cyber Security Strategy 2020 will see the $1.67 billion invested over the next 10 years in what represents the government’s largest cybersecurity investment program to date.

As part of the strategy, new laws will be introduced giving the AFP and the Australian Criminal Intelligence Commission the tools and powers required to collect information on investigations of crimes conducted on the dark web or using anonymising technologies such as end-to-end encryption.

Meanwhile, the government has flagged plans to “confront illegal activity, including by using our offensive cyber capabilities against offshore criminals, consistent with international law”.

The investment will also fund the establishment of a 24/7 cybersecurity advice hotline for SMEs and families.

Meanwhile, providers of critical infrastructure will have new obligations imposed on them to shore up their assets against major cyber attacks. The commitment includes a $66 million allocation to help these companies assess their networks for vulnerabilities.

The definition of what will be considered critical infrastructure will also be expanded to incorporate banking, finance, health, food and grocery infrastructure.

The government has also committed to providing support for SMEs to upgrade their cyber defences, including by working with large businesses to develop “bundles” of secure services such as threat blocking, antivirus and cybersecurity awareness training to these SMEs.

Meanwhile, the government has flagged that it will investigate introducing regulatory reforms giving the internet-connected consumer device industry more obligations to protect end users, and is planning to encourage the development of new awareness campaigns for consumers.

The $1.67 billion commitment includes and expands on the $1.3 billion announced in June to allow for the recruitment of 500 new cyber spies for the Australian Signals Directorate (ASD).

Other initiatives in the strategy include a commitment to create a fund to co-invest in counter-cybercrime capabilities with the states and territories, and to spend $62.3 million to develop a classified national situational awareness capability.

Many of the initiatives were informed by the recommendations of the Cybersecurity Industry Advisory Panel, chaired by Telstra CEO Andy Pen, which recently published the findings of its investigations.

Warm reaction

Industry representatives and experts have generally welcomed the recommendations. Australian Information Industry Association (AIIA) CEO Ron Gauci said the commitments represent an acknowledgement that critical infrastructure is increasingly becoming a target for cybercrime.

“Operational technology used in critical infrastructure, manufacturing, sensors or building controllers traditionally operate on separate networks with different protocols. In recent years we have seen the line blurred with these devices becoming IP-enabled or connected to IoT-type devices,” he said.

“We appreciate that the Prime Minister has listened and understands the need to continue investment and support with cybersecurity — as evident by The Cyber Security Review, which was led by The Department of the Prime Minister and Cabinet, which highlighted that cybercrime is costing the Australian economy in excess of $1 billion annually in direct costs alone.”

Meanwhile, Communications Alliance CEO John Stanton praised the planned measures designed to enhance collaboration between critical infrastructure sectors by improving the sharing of threat data.

“We will engage with stakeholders to develop a clearer understanding of the details of the Strategy, such as the definitional aspects around ‘systems of national significance’ and ‘critical infrastructure entities’,” he said.

But he said it will be important that the government is clear and transparent about aspects including what will constitute systems of national significance, as well as areas where the government has raised the prospect of “direct action” by government to protect networks and systems in times of cyber crisis.

“Government needs to consult collaboratively with industry on these aspects, to ensure that the infrastructure our industry owns and operates so successfully remains actively and passively protected from cyber interference,” Stanton said.

Palo Alto Networks Head of Government Affairs and Public Policy for ANZ Sarah Sloan said the initiatives outlined in the strategy will promote public partnerships to combat cyber threats.

“Only by working together will we be able to identify and address cyber threats at scale,” she said. “In our increasingly interconnected world, improving the security and resilience of critical infrastructure entities is crucial to protecting Australia’s economy and national security.”

But Macquarie Government Managing Director Aidan Tudehope said it will be critical to act on the strategy now rather than waiting 2–3 years.

“With COVID, we are facing the greatest economic crisis in 100 years. And the cybersecurity sector is a key sector to provide the jobs of the future,” he said.

“The various government agencies responsible for implementing the strategy need to use it to help address the mass levels of unemployment being experienced across Australia. We can’t afford to wait two to three years when it will be too late to innovate our way out of this crisis.”

Image credit: ©James Thew/Dollar Photo Club