The Federal Government has unveiled its highly anticipated 2023-2030 Australian Cyber Security Strategy

Key points:

  • The 2023-2030 Australian Cyber Security Strategy outlines how the government will better protect government services, the community and businesses from cyber criminals
  • An additional $586 million investment to protect Australians
  • The government has committed to working with industry and international partners to help deter malicious cyber activity
  • Program delivers across three specific horizons and will break the ransomware business model

AISA commends the Federal Government's commitment to enhancing national cyber security and safeguarding businesses and citizen from the increasing complexities of cyber threats.

For the very first time, we have as a nation, a sensible and practical framework to help drive real and meaningful change to strengthen business resilience, educate citizens, address workforce issues, further uplift critical infrastructure operators and providers while also strengthening regional leadership to assist and help our pacific neighbours.

The government has broken the plan into three core time periods. Horizon 1 (2023 to 2025) will focus on improving our foundations to address critical gaps to better protect vulnerable businesses and citizens while strengthening regional partnerships and resilience. Horizon 2 (2026 to 2028) is focused on addressing workforce challenges and further uplifting cyber security maturity across the whole economy. Horizon 3 (2029 to 2030) will be about addressing the risks associated with new technology, seizing new opportunities and advancing the global frontier of cyber security to better position Australia and our innovation exports.

AISA supports the government’s ambitions of breaking the ransomware business model and making Australia a less attractive target for cyber criminals. The introduction of no fault, no liability ransomware reporting scheme will enable government to truly assess the extent of the problem so mechanisms can be developed through a combination of streamlined legislation, education, playbooks or offensive capabilities to help businesses and citizens deal with the challenges. Expect to see some changes relating to cryptocurrency regulation and Anti Money Laundering (AML) practices.

Standards Australia recently adopted and published AS ETSI EN 303 645:2023 Cyber security for consumer Internet of Things which will assist the government as they work with industry to co-design options to legislate mandatory cyber security standards for IoT devices and the voluntary labelling scheme for consumer-grade smart devices. This area will become increasingly important, especially as the average Australian home will have 33 connected devices by 2025 exposing our homes and families to unacceptable cyber security and privacy threats.

Critical Infrastructure providers and operators under the strategy will be assisted by government to uplift maturity and capability. We can expect to see changes to data retention requirements to better protect consumer information, the introductions of expanded digital identifications systems leveraging government platforms removing the need for businesses to collect driver’s licence or passport information and the introduction of the new designation of “Systems of Government Significance” added to the existing classifications of Critical Infrastructure and Systems of National Significance (SoNS). All designed to strengthen national resilience and to limit personal data collected or used by organisations. This is hugely important when you consider the very public data breaches we have all experienced in Australia over the last 18 months, with over 10 million Australians impacted. Every data breach of personal information, data or metadata that relates to a citizen, adds to the accumulated harm that could result for the individual.

It was also refreshing to see in the strategy, cooperation at an international level (e.g. Quad & Pacific), a focus on reducing regulatory burden where practical, co-design with industry and the community and a willingness for international standard harmonization which would reducing complexity and business friction.

AISA welcomes the Federal Government’s cyber security strategy and will actively play a part in building a safer and more resilient country.