Chief IT – For IT Leaders & Decision Makers
Chief IT – For IT Leaders & Decision Makers
Latest News
Obstinately clinging to iconic obsolescence
As those around me in the Protega office will...
Championing for open source collaboration
Having been fortunate to be in California’s Silicon Valley...
Fighting financial cybercrime with data
Cybercrime is a serious threat to anyone and everyone...
India’s cyber trauma
Recently, India’s Defence and other ministries were placed on...
What’s causing the cybersecurity skills gap?
How the Industry is Strangling Cybersecurity Career Development It...
Scalable optics: New lanes laid for the ‘Internet of Things’ super-highway
Since I can remember, the digital world has always...
National Security reforms needed before the Internet of things
The half way approach putting all Australian’s at risk:...
Without security the Internet of Things is doomed and could kill millions!
Are we setting up the Internet of Things to...
Artificial Intelligence & Cybersecurity: Scaling up for the Internet of Things
The world may only get one chance at making...
Worrying statistics Inaugural cyber security survey for Australia
While it’s natural to assume large companies with large...
Digital technology vs national security threats
It’s no secret digital technologies have changed everything. These...
What really happened? Why it’s so hard to get the truth when investigating an incident
Something that all incident responders need to be reminded...
Completely at sea
Shipping companies are under attack! In the new era...
The great submarine leak
The wide-ranging data leak on India’s French-origin Scorpene submarines...
Combating financial fraud: How to save billions with a text
Fighting fraud is an ever escalating arms race, with...
Singapore Cyber Updates
Highlights from the Singapore International Cyber Week 2016 (10th...
IT executives take pause as technology vendors queue up outside your door
The global political stage is certainly an interesting spectacle...
Canalys Channels Forum – Interview with Peter Ryan
STEVE BRAZIER INTERVIEWS PETER RYAN, CHIEF SALES OFFICER, ENTERPRISE...
Executive Editor AISA National Conference 2016 Interview Series: Bruce Schneier
  Cybersecurity Guru Bruce Schneier, author of ‘Data &...
Fighting technology with technology: protecting children from cyber bullies
Technology has altered the way we live. This goes...
The non-IT expert’s guide to surviving a cyberattack
Cyber-crime is one of the fastest growing industries in...
The safe city and it’s need for interoperability
Most people today who live in cities, particularly large...
Prevention is still better than cure
There is still a defeatist attitude resonating through the...
Security industry must embrace modern technologies
The global security industry is growing at a rapid...
ISACA’s CSX Hosts Free Virtual Conference: “Cybersecurity Evolves”
The digital world is on a constant continuum of...
Instagram accounts hacked, altered to promote adult dating spam
Norton by Symantec has found that scammers are hacking...
Increased Cyber Threat Activity in Brazil
Global Cybersecurity Threat Report Provides Research on Advanced Threat...
The greatest threat to your business today
For as long as digital technology has existed, there...
Creating a culture of security to defend against social engineering attacks
The Fifth Annual Benchmark study on Privacy and Security...
Fake lockscreen app on Google Play: Pokemon GO Ultimate
ESET researchers have discovered fake apps on Google Play...
How will Australia keep up
The UK’s National Crime Agency (NCA) has recently published...
Cyber Threats to the Mining Industry
In today’s competitive global market for commodities and manufactured...
Five ways the cloud is helping retailers meet customer demands
Retailers can be more innovative, and satisfy the growing...
How to prevent security breaches when patching is not an option
Businesses should beware of relying too much on software...
Three factors to help organisations be less vulnerable to cyber attack
As long as the cost of perpetrating a cyber...
Analysis of the Cyber Security Strategy: Strategic pillars of change
Strategic pillars of change: Analysis of the Cyber Security...
CenturyLink expands its cloud platform to Australia
Launches CenturyLink Cloud node in Sydney to continue international...
Five reasons the cloud makes sense for big data projects
Big data can be powerful, giving organisations extremely detailed...
Five ways managed security helps businesses keep pace with cyber threats
Cyber crime is commercial enterprise, with new tools and...
Six business and technology trends to watch in 2016
2016 will be a pivotal year for organisations pursuing...
Android.Bankosy: All ears on voice call-based 2FA
Android.Bankosy gets updated to steal passwords sent through voice...
Security in the holiday season
For many employees, the approaching holiday season means Christmas...
Securing operational technology: big data’s big role
Convergence between operational technology (OT), the hardware and software...
BAE Systems supporting Australia’s next generation of cyber security professionals
With cyber security becoming a core concern for businesses...
McAfee Labs Report Reveals Prices of Stolen Data on Dark Web
Intel Security has released The Hidden Data Economy Report which...
Palo Alto Networks revolutionises security in Asia Pacific with the introduction of Advanced Endpoint Protection offering
Offers preventative approach to stop cyberthreats at the endpoint...
Intel Security names Nicole Kidman, Jessica Mauboy and Dr Chris Brown as Most Dangerous Celebrities 2015
Intel Security has announced the results of its ninth...
BAE Systems Applied Intelligence launches Cloud-based Cyber Security in ANZ
BAE Systems Applied Intelligence has announced it is bringing its...
How to spot insider trading through behavioural analytics in the age of big data
Following this week’s  U.S. identification of an international crime...
Cisco releases first Smart Region Report focused on digital opportunities for South East Queensland
Identifies the potential of $10 billion to the region’s...
Seven ways security can cost your business
Most organisations have a pretty good sense of the...
Cisco’s Recommendations to the Australian Prime Minister & Cabinet’s 2015 Cyber Security Review
Australia’s transition towards a more digitally-enabled economy will drive...
Cisco Midyear Security Report Reveals Sophisticated Cyberattacks Are Defining the Innovation Race between Adversaries and Defenders
Findings underscore the need for retrospective analysis to reduce...
BAE Systems Applied Intelligence: Know your cyber enemy – why cyber threat intelligence is emerging as a vital security approach
Managing cyber security on an internet that was never...
Next-generation security products steal the show at 30th annual Security Exhibition & Conference
Leading security product and service suppliers including Avigilon, Ness...
FNT Software Announces Major Enhancements to Data Centre Management Software
New FNT Command 10 Includes Expanded Visualization Capabilities, Dashboards...
Why digital security must become a boardroom issue
Mikko Hietanen, Board  Director, BAE Systems Applied Intelligence gives...
A future-focused regulator for the communications market
The Government is conducting a review of the Australian...
Wireless Network the Weakest Security Link in Enterprise IT Infrastructure, According to Fortinet Global Survey of IT Leaders
9 in 10 CIOs Report Concerns Over Insufficient Wireless...
Night Vision Australia – What’s the perfect tool for Security & Law Enforcement in Australia?
FLIR Thermal Imaging Camera’s Thermal imaging cameras produce a...
BAE Systems Applied Intelligence: Why intelligence-led penetration testing needs to be the proactive defence in every business
As the cyber threat landscape evolves, so too does...
BAE Systems Applied Intelligence: Public Wi-Fi networks a threat to your businesses’ data
Recent announcements around free and open public Wi-Fi being...
Everyone has a role to play in securing Asia’s digital future
Asia is in the middle of a digital revolution,...
Honeywell: Connected Buildings delivering real outcomes
By Michael Brookes, Honeywell Building Solutions The Internet of...
Fortinet: How the world’s financial system found it itself under attack… from the inside
By Gary Gardiner A/NZ Director of Engineering, Fortinet Recently,...
DDLS introduces more live hacking challenge Labs
DDLS, Australia’s leading IT Training provider, has introduced even...
2015 CIO Leaders Summit Australia
Media Corp International was proud to conclude the 2015...
Gallagher introduces new technology to the security market
The latest product developments from leading security technology manufacturer,...
DDoS-for-Hire Preys Upon SaaS Apps such as Joomla
Akamai Technologies, the leading provider of cloud services for...
The world’s first 3D printed jet engine made in Melbourne
Monash University researchers along with collaborators from CSIRO and...
Minister for Defence opens new Lockheed Martin Facilities in Newcastle
Minister for Defence Kevin Andrews MP has formally opened Lockheed...
Micron, Seagate Announce Strategic Alliance
Micron Technology, and Seagate Technology have announced a strategic agreement that...
RiskMap 2015: The New World Disorder
Control Risks, the global business risk consultancy, has published...
Valentine’s Day: Avoid the heartbreak of Cyber Crime
After analysing a wave of scams spreading worldwide before...
An Australian Counter Unmanned Aircraft System – ‘Drone’ – Security Initiative
The association of Australian Certified UAV Operators Inc. (ACUO)...
New Cyber Security Campaign Focuses on Everyday Australians
The Australian Cyber Security Centre (ACSC) has released a video...
Submission for Senate Inquiry into Aviation and Airport Security
  2015 Senate Rural and Regional Affairs and Transport...
Trend Micro Researchers Discover New Adobe Zero Day Attacks
Security software vendor Trend Micro has identified yet another...
Akamai PLXsert’s Q4 2014 State of the Internet – Security Report Released
Akamai Technologies, the leading provider of cloud services for...
Indago Small Unmanned Quad Copter Aids Australian Firefighters
Western Australia’s Emergency Services Commissioner called upon Lockheed Martin’s...
Trend Micro: New “Zero-day” in Adobe Flash: What You Need to Know
By Christopher Budd Recently, we learned of a new...
New lockers allow round the clock access for Hills’ customers
Hills Limited will trial new secure lockers to allow...
2015 Big Data & Analytics Global Caxton Interactive Technology Workshop – Register Now!
Event: 2015 Big Data & Analytics Date: 16-18 February...
Keeping a trusted eye on today’s government networks
Australian government agencies must continue to evolve their IT...
Horror in Martin Place – Australasian Council of Security Professionals Comments
The Australian community has witnessed a hostage situation take...
WatchGuard Predicts Five Security Trends You Should NOT Worry About in 2015 and Five You Should
From passwords and the IoT to nation state cyber...
McAfee Labs Threat Predictions outlines Top Security Issues for 2015
Intel Security has released its McAfee Labs 2015 Threat...
Seagate Launches Data Recovery Services in Australia
Seagate Technology, a world leader in storage solutions, has announced...
Australian Businesses Lose Over US$55 Billion from Data Loss and Downtime Per Year, According to Global IT Study
EMC Corporation has announced the Australian findings of a new...
Internet of Things Drives Measurable Business Outcomes
The majority of organisations that have adopted Internet of...
Cyber Threats to Increase in Scope and Complexity in the New Year as Black Hat Hackers Become More Sophisticated, According to Fortinet 2015 Threat Predictions
As the 2015 New Year looms, Fortinet, a global...
New Seagate NAS HDD Delivers Enterprise-Class Solutions for Small and Medium Businesses
Seagate Technology has announced its new Enterprise NAS HDD...
SNP Wins NSW Business Chamber Award
SNP has been recognised, winning the state award for...
Kaspersky Lab’s 2015 short-range predictions
With cybercriminals growing in confidence, Kaspersky Lab anticipates that...
Gallagher Team Takes Top Engineering Award
Gallagher has added another esteemed award to its growing...
Omlis Computer Security Day 2014: Mobile payment security and tokenization
In light of Computer Security Day on 30 November,...
Seagate Appoints New Managing Director of Sales & Marketing for Asia
Seagate has announced that it has appointed Rex Dong as...
New Generation of WatchGuard Firewalls Enable Mid-Size Enterprises to Keep Pace with Explosive Growth in Encrypted Traffic
WatchGuard® Technologies, a leader in multi-function firewalls, has announced next-generation...
Telstra Cyber Security Report 2014 – Join the conversation now!
Join Telstra specialists as they discuss findings from the recently...
Louis Tetu to Keynote GovInnovate Summit
Coveo announced that Chairman & CEO Louis Tetu will...
Akamai Warns of Yummba Webinject Tools and Banking Fraud
Akamai Technologies, Inc, the leading provider of cloud services...
Tenable Network Security’s Nessus v6 Enhances Advanced System Hardening, Malware Detection and Mobility Support to Reduce the Attack Surface
Tenable Network Security®, Inc., the leader in continuous network...
Gartner Says the Digital Economy Will Push Technology Spending in Australia up 4.1 percent to $78.7 Billion in 2015
Spending on technology products and services is projected to...
Imperva Introduces Bot Protection Services for the SecureSphere Web Application Firewall
Imperva Inc, pioneering the third pillar of enterprise security...
Former GCHQ Deputy Director Cyber Defence joins Wynyard Group
Wynyard Group a market leader in crime fighting software...
First Australian made vertical tails by Marand installed on F-35 Lightning II
The first vertical tails manufactured by Australian company, Marand, have...
HP Offers Partners the On-ramp to New Style of IT
HP has announced the new HP ServiceOne program for 2015...
Cubic Announces Partnership with Unreal Government Network to Create Next Generation Live, Virtual, Constructive, Gaming Training Solutions
Cubic Advanced Learning Solutions (CALS), a subsidiary of Cubic...
Palo Alto Networks Latest PAN-OS Release Expands Cloud Security Support for AWS and KVM
Palo Alto Networks, the leader in enterprise security, has...
Ovum and F5 Networks Complimentary webinar invitation – Register now!
Webinar: Telcos as an intelligent provider: Monetizing “consumer intelligence”...
Honeywell: 7 in 10 Australians fearful that cyber attacks could damage Australia’s economy
More than seven in ten surveyed adults (72 percent)...
Imperva Introduces Cloud Reference Architecture for Protecting Web Applications in Infrastructure-as-a-Service Environments
Imperva Inc, pioneering the third pillar of enterprise security...
Stuxnet Patient Zero: First Victims of the Infamous Worm Revealed
More than four years have passed since the discovery...
Inmarsat completes construction of the Global Xpress ground network
Inmarsat, the leading provider of global mobile satellite communications...
Shavlik Eliminates Known Vulnerabilities in Third-party Software with Shavlik Patch 2.1
Shavlik has announced the release of a new version of...
F5 Showcases F5 Synthesis™ Interoperability with VMware Solutions at vForum 2014
F5 Networks showcased at vForum2014 at Grand Hyatt Hotel,...
New Gartner report on Application Delivery Controllers
The application delivery controller (ADC) is a key component...
Kaspersky Lab sheds light on “Darkhotel” espionage campaign
Kaspersky Lab experts have researched the ‘Darkhotel’ espionage campaign,...
Goodbye Graffiti Resources
The WA Police Graffiti Team is taking orders for...
Aconex Launches Dynamic Manuals for Mobile Handover
Aconex, provider of a leading cloud collaboration platform for...
ONVIF Connects with International Audiences at Security Industry’s Largest Trade Shows
ONVIF, the leading global standardization initiative for IP-based physical security...
Cubic Awarded $46 Million Contract to Provide Training Systems Support for the U.S. Marine Corps
Cubic Applications, Inc., an operating company of the Mission...
UL receives confirmation from Visa for simulating the latest version of ADVT
UL is pleased to announce that its Collis Brand...
Seagate research reveals nearly half of Australian small businesses have lost work due to not backing up effectively
Of these 45% of businesses that have lost work...
FireEye Exposes Cyber Espionage Group Potentially Linked to Russian Government
FireEye research, analysis exposes long-standing operations by APT28 targeting...
Insider Threat Kill Chain: Detecting indicators of human compromise
More than one-third of all data breaches were perpetrated...
CIOs need to act on their cloudy good intentions, states Ovum
A recent survey of 65 CIOs at a Strategy...
Do you know a thought leader in ICT in...
Push for Australians’ web browsing histories to be stored
Intelligence agency ASIO is using the Snowden leaks to...
Trend Micro enhances Smart Protection Platform to better prevent, detect, analyse and respond to broad range of threats
Trend Micro Incorporated has announced the latest enhancements to the Trend...
The Evolution of the Data Centre – Exclusive Interview with Intel’s Balaji Srinivasan
Genetec Unveils Stratocast
Genetec has launched Stratocast™, a powerful yet easy-to-use Video...
Space to the subsea – emergence of agnostic integrated systems
By Chris Cubbage During September 2013, Executive Editor, Chris...
HGH Infrared Systems Debuts Spynel-S
HGH Infrared Systems, a global provider of 360 degree...
Crowd control using Video Analytics vs. Personal GPS. Which is better for safety and security?
BBC’s Click program highlighted how the Police used personal...
Simlat to supply Summit Avanced Systems
Simlat Ltd. has been chosen to provide its advanced...
Axis upgrades top-of-the-line pan/tilt/zoom series with launch of nine new cameras
The top-of-the-line AXIS Q60 PTZ Dome Network Camera Series...
New camera line from MOBOTIX is more light Sensitive and shows more detail than ever before
The new D25, M25 and Q25 5-megapixel IP camera...
Sony introduces new W series Rapid Dome IP Cameras to harness IPELA ENGINE™ PRO technology
Sony Electronics continues its commitment to advance the security...
All new Fisheye Dome cameras
ACTi delivers a new level of resolution and functionality...
ACTi’s latest PTZ
ACTi is proud to launch the very first product...
Canon presents world’s smallest Full HD PTZ surveillance camera
Canon unveils the world’s smallest full high definition (HD)...
World’s first Raytec lighting integration with Milestone VMS
Raytec is delighted to announce its integration with Milestone’s...
MOBOTIX launches lowlight exposure optimization – MxLEO
MOBOTIX AG has launched the new Lowlight Exposure Optimisation...
Integrated Milestone IP video surveillance monitors all district campuses
Milestone XProtect® open platform video management software (VMS) is...
Raytec protects critical infrastructure in Oman
The Oman Water and Electrical Board have chosen Infra-Red...
Arecont Vision’s New MegaView® 2 and MegaBall® 2 combine high performance, great aesthetics and ease of installation
Arecont Vision, the industry leader in IP-based megapixel camera...
UXC Connect secures $4.1 million contract to deliver IP surveillance and security solution for LNG project in Western Australia
UXC Connect has announced that it has secured a...
Arecont Vision unveils new SurroundVideo® 12 Megapixel 360° panoramic camera with true wide dynamic range (WDR)
Arecont Vision, the industry leader in IP megapixel camera...
FLIR and VideoIQ join forces for new site protection solution
  FLIR Systems is proud to announce the launch...
Imaging chips and pixels
Everything started with the discovery of the Charge Coupled...
The Past Present and Future of Video Analytics
Author:  Dr Rustom Kanga –  iOmniscient This article was...
HID Global Introduces Best-in-Class Features to the Industry’s Leading Retransfer ID Card Printer
HID Global has launched its enhanced FARGO® HDP5000 High...
Gallagher launch Command Centre v7.10
Gallagher Security has announced one of its most important...
City Surveillance Market Set to Double
El Segundo, Calif. (June 24, 2013)—The global market for...
PUBLIC CCTV SURVEILLANCE : NETWORKS & AWARENESS
As at 2011, living in modern Australia, and indeed...

Strategic pillars of change: Analysis of the Cyber Security Strategy

By Tony Campbell

On the 21st April, the Federal Government’s long-awaited Cyber Security Strategy was launched from Sydney’s Australian Technology Park. Needless to say, the InfoSec community has been hungry for change for some time and the anticipation in the room was palpable. Nevertheless, Prime Minister Turnbull didn’t disappoint. The new strategy does, on the surface of it, seems to deliver on all the strategic pillars of change needed to provide the economic stimulus we need for innovation and development of our national cyber capability.CyberSecStrategy Cover

Turnbull pledged $230mn over the next four four years, to be spent on five key themes of action. This may well seem like a trivial investment, given the billion-dollar price tags associated with security investment elsewhere, however, it’s a start and should at least start to help develop the three-way government, industry and citizen step-change we need to succeed. The cash will be allocated to 33 separate initiatives that will instill the five top-level narratives into governments, enterprises, SMBs and our personal lives.

One of the most important and possibly overlooked outcomes that I think will really help make this strategy a reality is the creation of two new roles within government. This was a pleasant surprise, showing us all the strategic importance of cyber security with the Prime Minister and is testament to his understanding of the problem space; he’s actually serious. The government needs dedicated leadership and advocacy in cyber security, so the first of the new appointees, taking on the role of Special Advisor on Cyber Security to the Prime Minister, was handed to Children’s E-Safety Commissioner Alastair MacGibbon. This is great news for the community since Alistair is well respected and a true advocate on the cyber security’s importance to our everyday lives.  The second role will be appointed over the next few months by Foreign Minister, Julie Bishop, as Cyber Ambassador to champion a “secure, open and free Internet,” here in Australia, representing our cyber security interests overseas.

A National Cyber Partnership

“We will also sponsor research to better understand the costs of malicious cyber activity to the Australian economy”

The first of the five themes of action is called the National Cyber Partnership. This involves national business leaders, security researchers and government getting together every year to work with the Prime Minister on implementation of the strategy and to help drive its implementation across all of Australia’s states and territories. One of the outcomes of the initial setup of the National Cyber Partnership is to streamline security governance in Commonwealth Government agencies and ensure everyone knows who is responsible and what they are responsible for. The disjointed and overly complicated delegation of authority in the Protective Security Policy Framework (PSPF) will hopefully be replaced by something less onerous and eminently more usable, especially for the smaller agencies where it’s not appropriate to have a massively hierarchical and overly distributed set of functions. Turnbull also committed funding to relocate the Australian Cyber Security Centre (ACSC) from its current location in Canberra’s Ben Chifley Building another, as yet unannounced facility to make it more accessible to industry. This is smart as it aligns with what’s already been demonstrated as effective elsewhere, such as in the UK, where the government invested  in their new National Cyber Security Centre (https://www.cesg.gov.uk/news/NCSC) to be located in London rather than in the inaccessible headquarters of GCHQ in Cheltenham.

The costs of malicious cyber activity will also be monitored and reported through this partnership, passing the information onto business leaders and state governments so that decision makers can understand the extent of the threat and invest in appropriate countermeasures to protect their information.

Strong Cyber Defences

“Governments, businesses and the research community will co-design national voluntary cyber security guidelines to promote good practice that all organisations can use.”

The sharing of threat intelligence and information related to new and emerging attacks was at the heart of this strategic initiative. The Prime Minister specifically referred to CERT Australia’s role being enhanced in the fight against cybercrime, promising new capacity to help them do a better job of interfacing with the business community of Australia. He also said they will improve the capabilities of the Australian Signals Directorate to detect security vulnerabilities, aligning these changes with the wider Defence initiatives outlines in the recently published Defence White Paper. The government has said that it will increase the number of specialist cyber security roles on its own payroll who undertake threat detection and awareness, technical analysis, and forensic assessments of cybercrime in both the Australian Crime Commission and the Australian Federal Police.

Based on some of the work previously undertaken by ASD (such as the Top 4 and Top 35 mitigation strategies), this strategic theme will ensure that these guidelines will become more accessible and within the reach and budgets of SMBs and citizens. Guidelines for undertaking voluntary health checks will also be generated, somewhat aligned with some of the themes the UK government introduced through the Cyber Essentials (https://www.cyberstreetwise.com/cyberessentials/) scheme.

 Global Responsibility and Influence

“Australia will work with its international partners to champion an open, free and secure Internet.”

This was very much a running theme throughout the Prime Ministers speech, continually reinforcing Australia’s ambitions on the global stage as an influencer, innovator and economic force to be reckoned with. This is where the role of the Cyber Ambassador comes in, working under the guidance of the Minister of Foreign Affairs, where we’ll finally have a voice in the discussions of international law, intelligence, cyber warfare and the issues related to cross-jurisdictional policing that are plaguing law-enforcement agencies all over the world today.

Growth and Innovation

“Australia will position itself as a location for cyber security innovation”

The Prime Minister predicted that by 2030 the digital business economy of the Asia Pacific region could be worth as much as $625 billion, or 12% of the region’s total GDP. That’s a big number, however, the fact that annual global cybercrime is predicted to be topping $2.1 trillion dollars by 2019 means the threat of cyber-attack is the single biggest threat to our economic growth over the next few decades. The Cyber Security Strategy sets out a roadmap for research and development in cyber-related technologies and risk mitigations that will lead to more jobs for the Australian market, while improving our cyber resilience in the process.

The mechanism for achieving this is a Cyber Security Growth Centre, aligned with the National Innovation and Science Agenda (http://www.innovation.gov.au/page/agenda). This requires the creation of a national network of research and innovation hubs to be located in each of Australia’s capital cities that will work with start-ups, businesses, governments and the local research and education community. The Cyber Security Growth Centre will coordinate this network both here in Australia and also act as the conduit to overseas organisations performing a similar role. This is amazing news for the business and start-up community since this will provide a potential route to new markets that would otherwise have been difficult to tap into. Mr. Turnbull also pledged funding to boost the capacity of Data61 (CSIRO’s digital research department) to really drive this innovation agenda. This is great news for the economy, which will start to pay off in two to four years if similar initiatives overseas are used as a benchmark, such as Innovate UK (https://www.gov.uk/government/organisations/innovate-uk).

A Cyber Smart Nation

“The Government will also further improve national cyber security awareness and work to ensure all Australians understand the risks and benefits of the Internet and how to protect themselves online.”

This is a drum that I have been personally beating for the last four years, so it’s fantastic (and somewhat of a watershed moment) when the Prime Minister acknowledges the global skills shortage and what it means to the rest of his Cyber Security Strategy. Without our addressing the imminent skills shortage in Australia, the strategy will be simply impossible to deliver on. Back in 2015 (ISC)2 issued their bi-annual Frost and Sullivan Global Information Security Workforce report, suggesting that the scale of the global problem was close to 1.5 million skilled and experienced cyber security professionals would be needed to be brought into the industry, in addition to those they already expect to hire. In the UK, they acknowledged that they generally have a retiring workforce and with fewer and fewer people coming into security, the threat is real and truly imminent.

Turnbull said that the government will tackle this here in Australia by working at all levels of education and training, with the private sector, with universities, and with TAFE colleges to ensure we can channel new blood into the industry. The government will also co-design a model that establishes academic centres of cyber security excellence in universities to ensure graduates leave their time at college with relevant, practical and usable skills when they emerge into industry. Centres of excellence will also establish strong links with the Cyber Security Growth Centre to ensure innovations and ideas percolate through the Australian-wide network of national innovation centres.

The Government acknowledged that filling the cyber security pipeline with new blood will not be an easy task, which is why they will work closely with industry, schools and colleges to demonstrate to school children that this is a valid and exciting career path, one that they can prepare for with relevant subjects even from a secondary education level.

The final piece of the strategic puzzle is related to citizen security and heralds a truly new level of cyber security awareness training for Australia: one that will target every single citizen.

What’s Next?

To ensure we all help Australia achieve InfoSec greatness over the next decade, each and every one of us needs to be living and breathing the strategy every day. Some of the initiatives are certainly long term plays, such as the innovation strategy driven through the Cyber Security Growth Centre and its national counterparts, however, some of them can start right away. We can all start by trying to address the skills gap. We can be promoting cyber security hygiene (good passwords, patching systems, patching applications, not clicking on dodgy links, etc.) and evangelising the value of properly implemented security awareness programmes – security awareness is not just about a one-off training course (although that is one component part that works well at its heart), instead its measure of success is in cultural change. Training can also extend outside of the workforce and cross into training employees’ families and even their friends on good cyber security practices.

I’d urge every one of us in the professional security community to become a mentor. Help someone who wants to make the career switch into security but doesn’t know where to start. Work with your HR department and hiring managers to help them define what job roles you really need in your business and what the skills and competencies map to those job roles. Adopt a skills framework, such as Skills for the Information Age (http://www.sfia-online.org/en), since this is the one that the Australian Computer Society (ACS) uses for its MySFIA skills manager. This allows everyone to work to the same underpinning definitions of skills and competency levels. Just imagine the value of being independently recognised by ACS or the Australian Information Security Association (AISA) as a practitioner-level Information Security Manager or a Lead Security Architect, where it actually means something to the community, industry and government, and remuneration discussions and hiring decisions are so much fairer.

Longer Term

The Prime Minister discussed some of the cyber-attacks we’ve seen here in Australia over the past year, such as the website attacks on David Jones and Kmart that left thousands of customers exposed to ID theft and online fraud. Turnbull specifically applauded Kmart’s response to the attack, given their rapid disclosure and reporting of the incident to the Privacy Commissioner. We all need to get smarter at handling incidents and admitting when we have been breached. We need to ensure we do the right thing, not the easy thing, especially where someone else’s data is in question. The Prime Minister also commented on the alleged attack on the Bureau of Meteorology, acknowledging it was indeed a real event and one that has been mirrored across other government departments. By acknowledging this, he’s showing that the government is playing by the rules they are setting, which in itself is a big step forward.

The tangible investment that’s been pledged, $230 million over four years, is not enough, that’s obvious, but industry needs to step up and take some accountability for investment too. It can’t all come from government; in the same way it can’t be all about industry or all about universities: this is too big a problem for any one of these groups to tackle alone. I’m hopeful that having Alastair MacGibbon in charge of the cyber security operations of our nation will see him asking for adequate funding to make the vision a reality.

Conclusion

Turnbull announced 100 new specialist cyber security jobs across his defence and intelligence agencies. He’s also announced an increase in the capacity of CERT Australia to work closer with Australian businesses, along with an increase in the capacity of the Australian Federal Police and the Australian Crime Commission to tackle cybercrime. He’s pledged to improve ASD’s capability in detecting vulnerabilities and admitted for the first time that ASD has an offensive capability (not that we didn’t already know that), one that will be managed through a framework of stringent legal oversight both at home and internationally. However, these new roles, along with the relocation of the ACSC and the commissioning of threat intelligence sharing centres and the Cyber Security Growth Centre, won’t come cheap. I’m surprised at the incredibly low budget and $230mn over the next four years won’t last long. I am hoping that the lessons learned from the UK, where the government just pledged another £1.9bn ($3.8bn AUD) to the National Cyber Security Centre will show that underinvesting in this national security measure simply won’t get the job done. For the cost of a quarter of an aircraft carrier, we could do so much more (about $1.5bn).

All in all, things are changing for the better across our InfoSec landscape. There certainly hasn’t been a more exciting time to be part of this industry and the new strategy is cause for genuine excitement, not only amongst us InfoSec geeks, but for the whole nation. The government sees Australia as a true international player on the ecommerce and innovation stage, but to recognize that the only way to achieve this goal is to improve our information security capabilities should be applauded. Not the real work begins.

Comments are closed.

Subscribe to our newsletter