Daily BulletinDaily Bulletin

The Conversation

  • Written by The Conversation Contributor
image

Most of us can relate to the government’s plan to build 12 new submarines for A$50 billion, at least in principle. But you might be alarmed to hear the government is investing only a fraction of that amount on protecting us from cyberattacks.

Our research suggests that now may be the time to think more deeply about having fewer submarines so that we can afford to pay for the cyber defence of the civil sector.

This is because we are not spending anywhere near as much as our allies on cyber defence, especially in the civil sector.

In April 2016, having declared cyberattacks to be a national emergency, US President Barack Obama announced a spending plan of A$26 billion in one year for urgent remedial policies largely to protect the non-defence sector.

In December 2015, describing the cyber threat as “one of the great challenges of our lifetime”, the UK Chancellor George Osborne announced a broadly similar remedial plan to spend almost A$800 million per year over five years.

By comparison, the latest federal budget allocated around A$100 million for one year based on its new Cyber Security Strategy released a month earlier. Yet the threats these three countries face are not different by the orders of magnitude suggested by budget comparisons.

In 2015, the Australian government said that the country had never suffered a cyberattack seriously compromising national security, stability or prosperity.

Obama said at the same time that cyberattacks posed an “extraordinary threat to the national security, foreign policy and economy of the United States”. He repeated this in March 2016 when extending the national emergency declaration for another year.

Security gap

There are two important areas where Australia is doing less than our allies, and less than we need to: protecting critical cyber infrastructure; and fighting cybercrime.

Both these areas of cyber policy have separate strategy documents. And there are no strong linkages between them and with the April 2016 Cyber Security Strategy action plan.

In 2015, the government issued two documents on critical infrastructure, a Policy Statement and a Plan, one of which has a single page on cyberattack.

But these documents use anodyne statements, such as ensuring the continuity of “service delivery”, rather than using the concept of an extreme cyber emergency that underpins planning assumptions, exercises, research and operational preparation of the US and the UK.

In terms of research, the Idaho National Laboratory and others like it conduct research on national resilience in the face of “catastrophic and potentially cascading events that will likely require substantial time to assess, respond to, and recover from.”

In the UK, the responsible agency “supports three exercises per month to test cyber resilience and response”. The US and UK work together to prepare for a terrorist cyber-enabled attack on nuclear power stations.

In his preface to the Cyber Security Strategy, Prime Minister Malcolm Turnbull said Australia needed to prepare for a “significant cyber event”, with an unspecified scale of effect.

This exemplifies the laid-back tone of most Australian policy documents on this subject.

In strong contrast, in May 2016, ASIO offered a rather gloomy assessment:

The gap is likely widening between the scale and scope of harm experienced to Australia’s sovereignty, government systems, and commercial and intellectual property, and the ability of ASIO and partner agencies to successfully mitigate that harm.

Getting serious

On cybercrime, the gap between need and and policy is even more starkly visible.

In the Cyber Security Strategy, the government did not see cybercrime as an important focus. It did say that the country doesn’t have a good handle on how much such crime was costing the economy, citing one estimate of A$1 billion and another of A$17 billion.

While collection of data on the cost of cybercrime is notoriously difficult, the wide range for this “estimate” is strong evidence of how low a priority this area of policy has been.

The Cyber Security Strategy does make a commitment to develop and implement a training plan for specialists in the field of countering cybercrime, with no further detail.

It also commits in the broadest terms to increasing the capacity of the AFP and the Australian Crime Commission (ACC) to counter cybercrime. Forward estimates for the latest budget revealed a commitment of almost A$15 million over four years to the ACC to support stronger capability to combat cybercrime.

But in this area, the cyber strategy basically passed the buck. It suggested that the main source of policy was the National Plan to Combat Cyber Crime released in 2013 by the previous government.

This is not much consolation, as that document lacks detail and certainly does not reveal a commitment of funding on a level likely to contain or reduce a cost to the economy estimated in the billions of dollars.

The government needs a more open and candid conversation in public with key stakeholders about the sort of threat scenarios we face, but especially for cybercrime and “significant cyber attack”. It also needs to develop policies and agencies, funded appropriately, that can begin to perform on a level that matches the threats.

Authors: The Conversation Contributor

Read more http://theconversation.com/the-australian-government-must-take-cyber-security-more-seriously-60231

When rehoming wildlife, Indigenous leadership delivers the best results

arrow_forward

Simplicity and quiet: my isolation playlist from ECM Records

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Prime Minister National Cabinet Statement

The National Cabinet met today to discuss Australia’s COVID-19 response, the Victoria outbreak, easing restrictions, helping Australians prepare to go back to work in a COVID-safe environment an...

Scott Morrison - avatar Scott Morrison

Business News

Reinventing The Outside Of Your Office

Efficient work is a priority in most offices. You need a comfortable interior that is functional too. The exterior also affects morale. Big companies have an amazing exterior like university ca...

News Company - avatar News Company

Kaspersky and Ferrari partnership: tailoring cybersecurity for an iconic brand

Kaspersky is commemorating the 10 year anniversary of its strategic partnership with iconic, global brand - Ferrari. The cybersecurity company is a sponsor of the brand’s Formula One racing team...

News Company - avatar News Company

Instant Steel Solutions Review

Are you keen on having the right guidance, knowledge and information about the right kind of steel purchases for your industries? If yes, then you are in the right place. There is no doubt that ...

a Guest Writer - avatar a Guest Writer



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion