The Australian federal government has released the 2023-2030 Australian Cyber Security Strategy with a focus on protecting the country’s most vulnerable citizens and businesses. At a first look, the strategy covers a lot of ground, and the federal government will need to work hard and fast to ensure some of all the actions proposed are put in place before the next big breach.
As previously reported, the cyber strategy is based on the idea of six cyber shields to provide an additional layer of defence against cyber threats. These shields aim to create strong businesses and citizens, safe technology, world-class threat sharing and blocking, protected critical infrastructure, sovereign capabilities and resilient region and global leadership.
On top of $2.3 billion already being spent on cybersecurity, the government has committed $586.9 million to execute the 7-year strategy. The money will go towards the following:
- $290.8 million to provide support for small and medium business, building public awareness, fighting cybercrime, breaking the ransomware business model, and strengthening the security of Australians’ identities.
- $4.8 million to establish consumer standards for smart devices and software.
- $9.4 million to build a threat sharing platform for the health sector.
- $143.6 million to strengthen critical infrastructure protections and uplift government cyber security.
- Growing our sovereign cyber capabilities by investing $8.6 million to “professionalise” the country’s cyber workforce and accelerate the cyber industry.
- $129.7 million investment in regional cooperation, cyber capacity uplift programs, and leadership in cyber governance forums on the international stage.
The federal government had shared earlier this week an 18.2-million investment to help small and medium businesses to improve cybersecurity resilience and response to cyber-attacks, also part of the strategy.
The delivery of the strategy
The Australian cybersecurity strategy has most, if not all, aspects of cybersecurity covered but there are a lot of things to focus on and the timelines for the delivery of each is not clear.
The 28-page action plan details each action the strategy proposes and the departments that will be involved, but not by when each is expected to be in place. It only states some will commence immediately, and the plan will be reviewed every two years.