Key takeaways from an expert’s review of Australia’s 7-year plan to enhance cyber security

The Australian government has unveiled its Cyber Security Strategy for 2023-2030, with the aim of making Australia one of the most cyber-secure nations in the world by 2030. The strategy comes at a time when the country has experienced several major cyber incidents, including data breaches and a nationwide blackout. The plan includes measures to protect critical infrastructure, enhance cyber resilience against ransomware attacks, secure products and services for customers, attract skilled migrants to the cyber security workforce, prioritize threats from sophisticated actors, engage international partners for threat intelligence sharing, and expand cyber awareness programs. The government has allocated $586.9 million to achieve these goals, in addition to $2.3 billion for existing cyber initiatives. The strategy also addresses the issue of ransomware, which costs Australia’s economy up to $3 billion annually. It proposes the creation of a ransomware playbook to help businesses respond to attacks and bounce back, as well as the establishment of a mandatory no-fault ransomware reporting scheme. The strategy discourages making ransom payments and considers a future ban on such payments. However, concerns have been raised about the potential negative impacts of a ban, including permanent data and financial loss for businesses unable to pay ransoms. The strategy also includes initiatives to establish cyber security standards for smart devices and apps, as well as voluntary labeling schemes. Challenges for the strategy include the evolving nature of cyber threats, trade-offs between privacy, security, innovation, and regulation, and the need for voluntary action and cooperation from stakeholders. The lack of detail in some initiatives and the need for inclusivity and consultation are also potential areas of improvement.