Between the massive Optus and Medibank data breaches resulting from ransomware attacks, it’s been a tough year for Aussie consumers and businesses alike on the cybersecurity front.
But the breaches also seem to have galvanised the new Albanese-led government to double down on national cybersecurity efforts. The previous administration had already committed A$9.9 billion over the next decade to cybersecurity as part of its Resilience, Effects, Defence, Space, Intelligence, Cyber and Enables (REDSPICE) package of initiatives.
Australia’s Labor party will carry that spending plan on but ditch the Coalition’s cyber strategy in favour of a new one with a bold ambition – for Australia to be “the world’s most cyber-secure country by 2030”. That’s according to Home Affairs and Cybersecurity Minister Clare O’Neil. Yes, Australia even has a cybersecurity minister, indicating how important the issue is.
The plan will include yet more funding and the establishment of an international expert panel to advise the Australian government. Australia is already massively outpacing us on cybersecurity investment?
Data localisation laws
Why is that? Well, it has some serious problems on the cyber front. The Optus hack in particular showed the perils of retaining too much customer information and should serve as a warning to every organisation to revisit their own data retention policies. Plus, many of Australia’s government entities haven’t even met their own minimum cybersecurity requirements. The situation is unlikely to be much different here. But Australia is getting serious about the issue, introducing heavy fines for data breaches and beefing up laws enabling the government to go after hackers.
As part of its new cyber security push, Australia is also considering introducing data localisation laws that would require sensitive data to remain within Australia’s borders. That’s a controversial issue, as it is debatable whether it makes data any more secure from hackers and could undermine the public cloud push towards greater centralisation of data on global infrastructure.
Still, there’s so much going on in the cybersecurity space across the Tasman, our own efforts look anaemic. Virtually every business and IT leader I interview talks about cybersecurity as being top of mind, but you don’t hear the same rhetoric from government ministers. They aren’t necessarily asleep at the wheel on the issue – they signed off on some decent cybersecurity budget increases last year, but mainly to revamp ageing infrastructure in the health sector after being burned by the Waikato DHB cyberattack and data breach.
Yes, cyber minister
“We need a dedicated Minister for Cyber Security to protect and regulate a sector that’s at the core of everything we do,” Adam Boileau, cybersecurity expert at cyberCX, said last month.
“While Budget 2022 delivered greater investment into cyber security, we still need more,” he argued.
“The problem in assessing the return on investment in cyber is that it isn’t immediately obvious until something goes up in flames, and people and their data are left exposed.”
I agree entirely with Boileau, the issue needs the same sort of prioritisation in the cabinet that the Australians have given it. We also need to align as closely as possible with what the Australians are doing, leveraging off their massive investment and offering support in the niches we are good at – whatever they are.
Time for a reshuffle
It would have made sense for the cybersecurity brief to be given to the digital economy minister, given how important cybersecurity is to the digital economy. But cabinet minister David Clark, who holds that portfolio won’t be contesting the next election. That’s no surprise.
I think it’s fair to say that Clark’s tenure in the portfolio has been underwhelming, given his lack of influence in the cabinet and seemingly, a lack of real engagement with the issues and the digital sector. Clark has arguably done more meaningful work in his commerce and consumer affairs portfolios while all things digital have languished in comparison.
I hope that a reshuffle will see the portfolio go to someone else in the new year, so we can make much-needed progress in election year on a range of digital-related issues that certainly won’t stand still as politicians fight for survival.