News & Analysis

Malcolm Turnbull announces $230 million Cyber Security Strategy

- April 21, 2016 3 MIN READ

Prime Minister Malcolm Turnbull has today launched the Government’s new Cyber Security Strategy, a set of 33 new initiatives backed by $230 million in funding to help anticipate and respond to cyber security threats.

It comes after the government set aside $400 million to improve the Defence’s cyber capabilities over the next decade, while the Australian Securities and Investments Commission (ASIC) was yesterday given $61 million to improve its surveillance and data analytics capabilities.

The strategy incorporates a number of components with a focus on collaboration, including a partnership between government, researchers, and business to “strengthen leadership and tackle emerging issues” and the development of cyber defences to better detect, deter, and respond to threats. Here the government will work with the private sector to co-design an online cyber threat sharing portal where organisations can publish threat information and advice and develop Joint Cyber Threat Centres in ‘key’ capital cities to allow the exchange of sensitive threat information.

The government will also work with international partners to “champion a secure, open and free internet” while building the capacity to crack down on cyber crime and look to create more Australian cyber security professionals through the establishing of Academic Centres of Cyber Security Excellence in universities.

Turnbull said the strategy sets out the government’s philosophy and program for meeting the dual challenges of the digital age: advancing and protecting Australian interests online.

“We do not view our security and online freedoms as mutually exclusive. To the contrary, they reinforce each other. A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online,” he said.

“There is no infrastructure more important to our future prosperity than an open, free and secure Internet. The security threats we face are real and they are growing in severity and frequency. Although we make advances in cyber security so do our adversaries.”

Turnbull said that in order to realise the social and economic benefits of being online, the internet must be governed by those who use it rather than dominated by governments, however “we cannot allow cyberspace to become a lawless domain.”

In his foreword to the strategy, Turnbull wrote that actions of Edward Snowden, a former CIA employee who copied and leaked classified documents from the National Security Agency, demonstrate that “the most damaging risk to government or business online security is not ‘malware’ but ‘warmware'”, that is an insider distributing classified material through legitimate access but unauthorised disclosure.

Here, Turnbull said that technical solutions are important but the most effective way to mitigate this form of cyber attack “must begin with changing culture”, with businesses and governments to “better educate and empower our employees to use sound practices online.” Snowden would argue, however, that governments should first not run global surveillance programs on citizens.

Turnbull also highlighted the impact the strategy will have on the Australian tech landscape by “helping Australian cyber security businesses to grow and prosper, nurturing our home-grown expertise to generate jobs and growth,” helping the transition to an economy fuelled by innovation.

Industry has broadly welcomed the strategy, with CEO of StartupAUS Alex McCauley saying that it’s crucial to get cyber security right in order to help the economy transition.

“The money spent on strengthening cyber security is money towards technology and jobs of the future – this is encouraging particularly in terms of attracting tech talent to our shores,” he said.

The government in December announced the launch of an industry-led Cyber Security Growth Centre as part of the National Innovation and Science Agenda, setting aside $30 million for the initiative through 2019-20.

Data61 also signed a Memorandum of Understanding (MoU) with Cyber London, a cyber security accelerator and business incubator, that will look to accelerate innovation in the cyber security space in both Australia and the UK through the sharing of expertise, resources, and capital. The two organisations will, over the next few months, collaborate on the development of “mutually reinforcing” programs in the UK and Australia.