There are many reasons to be encouraged by the Federal Government’s Cyber Security Strategy for Australia, according to UXC Saltbush.
The focus on building capacity in terms of skilled cyber security professionals in the strategy is welcome. It aims to solve a structural problem that has affected the industry for some time.
Clem Colman, Chief Information Security Officer, UXC Group, said, “When it comes to skilled security resources in Australia, there are simply not enough to go around. The Government needs to work with industry, not be in competition with it. It is therefore comforting that the first section of the strategy calls for a National Cyber Partnership.
“The strategy also proposes addressing the skills shortage across all levels of education starting with universities. While greater effort at that level is warranted, UXC Saltbush believes there is also a strong case to leverage the TAFE sector at the Certificate IV or Diploma level. This will help to make inroads into that skills shortage more quickly and in a more business-focused environment.”
The strategy also outlines plans for international engagement, with the goal of having Australia “actively promote an open, free and secure cyberspace”.
Clem Colman said, “The appointment of a cyber security ambassador is a welcome effort to address the elephant in the room. Some nations permit cybercrime operations to run within their borders; many countries simply don’t have the resources to combat the problem – but others are all but openly permissive of cybercrime, especially where it targets traditional national rivals.
“Creating an ambassador to co-ordinate and negotiate on international cyber security measures is a good step.
There are a few policy areas that need to be considered carefully.
David Jarvis, Cyber Security National Practice Lead, UXC Saltbush, said, “There is a focus throughout the report on academic centres of cyber security and monitoring centres. These are strategy initiatives for which support must, in our view, be qualified.
“In current practice, risk management is the central tool security practitioners use to gauge where security efforts are most needed. As a tool, risk management has its issues, but the alternative is to focus entirely on good practice guides, and we already have plenty of those.”
Clem Colman said, “Overall, there is one enormously positive thing about the strategy: it offers leadership from the top, which is essential to achieving cultural change. It’s an excellent sign that the government’s new cyber strategy takes into account that cultural change is the end game.”
