Only the highlights
|
The Australian Government announced the Australian Cyber Security Strategy 2023-2030, which aims to “help realize the Australian Government’s vision of becoming a global leader in cybersecurity.” Overall, the strategy is designed to bring together the public and private sectors to achieve a cohesive vision.
While such ambition is inspiring and desperately needed in a nation that, given its size of population and economy, has been disproportionately affected by cybersecurity breaches, it requires all of Australia to remain aligned with the vision. Companies will need to make investments and adjust their approach to regulation and risk management to meet government requirements. The government, for its part, must provide constant coherence around the vision.
Unfortunately for those involved, the partisan nature of cybersecurity can complicate and ultimately undermine the realization of the vision.
Political changes could lead to changes to Australia’s cybersecurity strategy
In early 2023, when the (then new) Australian government began crafting its cybersecurity vision, it encountered opposition at both ends of the political spectrum. As The Guardian reported, both the right-wing Coalition and the centre-left Green party – the two main alternatives to the Labor government – “expressed reservations” about changes to existing cybersecurity laws that the Labor government was developing.
On the right, the issue is the level of investment the government wants to make and the level of importance it places on cybersecurity as a national concern. The L/NP is known for its austerity and cost-cutting, and its commitment to cybersecurity was A$1.67 billion (US$1.13 billion) spread over 10 years. The previous L/NP government also specifically left cyber security out of their ministerial portfolios, indicating that it was a lower priority for them compared to the Labor Party’s vision.
Meanwhile, Greens on the left side of politics are concerned that the government may be diverting investment and that the current view of the laws may constitute an overreach. As Greens senator David Shoebridge was quoted in The Guardian: “the nation cannot continue to rely on reactive measures and god-like power grabs. “Any powers should be strictly limited in scope and subject to close scrutiny and review, including full transparency in how the powers are used to ensure people’s personal data is secure.”
PREMIUM: Explore tactics, implementation challenges, and cybersecurity strategy effectiveness.
What this means is that both the L/NP and the Greens are likely to unveil significantly different and alternative cybersecurity visions in the run-up to the next election, promising to make fundamental changes to the approach, investment and commitment to the private sector.
Lack of bipartisan agreement means lack of clear cybersecurity strategy
This is an issue for any business or IT professional working in cybersecurity and will therefore need to work to adapt to changing government regulations and approaches to cybersecurity.
There are two federal elections in Australia between now and 2023. There is a high probability that the current Labor government will no longer be in power before the proposed end of the Australian Cyber Security Strategy 2023-2030.
This, in turn, means that while the Australian Cyber Security Strategy 2023-2030 calls on the entire industry to begin taking steps towards a nationwide cybersecurity vision, IT professionals cannot be sure. that the same cybersecurity strategy will be applied. in force even in 2025, let alone in 2028.
This makes it difficult for companies to develop cybersecurity strategies aligned with politics, as they have no way of knowing how those strategies might need to change after future elections.
Example of how political uncertainty can alter cybersecurity strategies
For Australia to deliver on the vision of the Australian Cyber Security Strategy 2023-2030, one area that will need to be a critical focus is skills. Australia has a significant skills shortage, particularly in cybersecurity, and addressing this issue will require government policy.
SEE: The Australian government’s cyber shields strategy may intensify the current skills shortage.
As academics at the University of Queensland noted in response to the article:
“From an immigration perspective, streamlining visa processing and facilitating the immigration of talented cybersecurity professionals to Australia would be two obvious recommendations. To do so, the government must take a longer-term view of who could become, with the support and necessary education or experience, a valid cybersecurity professional, drawing on the diversity of backgrounds necessary to work effectively in this field. .
However, there is strong opposition to the current immigration system in the political debate, particularly from the L/NP.
While there is a chance that the immigration system will not change, the uncertainty makes it difficult for organizations to strategically look as far ahead as the Labor government wants, and given that the Australian Cyber Security Strategy 2023-2030 is a long-term strategy. long-term vision, keeping your promises is a challenge.
Australia needs a cohesive, bipartisan approach to cybersecurity
As noted in The Conversation, the success of Australia’s cybersecurity vision will require strategic decisions and some level of trade-offs and compromises.
“Then there are inevitable trade-offs involving competing values such as privacy, security, innovation and regulation,” The Conversation noted. “For example, a project that firmly maintains consumer privacy may end up sacrificing transparency. Similarly, too much transparency can create security risks.”
Because there are significant changes in the approach to cybersecurity, businesses and IT professionals must prepare for these changes now. Flexibility in the way cybersecurity is handled will be a key issue in the coming years.
But if there is no consensus on what those trade-offs should be and agreements on the long-term goal of Australia’s cybersecurity vision, then it will be difficult to keep businesses on track. The digital ID system, which represents a first step in the vision, is already encountering fierce opposition. Overcoming these obstacles and providing certainty will help industry and IT professionals participate in this national vision.