Australian public and private sector organisations and individuals are facing malicious cyber activity that is unprecedented in scale and reach, Malcolm Turnbull warns in the government’s new cyber security strategy, launched on Thursday.
“Australia and Australians are targets for malicious actors – including serious and organised criminal syndicates and foreign adversaries – who are all using cyber space to further their aims and attack our interests,” Turnbull writes in a foreword to the policy. “The rate of compromise is increasing and the methods used by malicious actors are rapidly evolving.”
Turnbull says that as the Snowden disclosures show, often the most damaging risk to government or business online security comes from the ability of a trusted insider to cause massive disruption or use access to obtain and disclose classified material.
Businesses and governments must better educate and empower employees to use sound practices online, he writes.
Tying the strategy to his economic plan, he says Australia is well placed to be a leader in cyber security, thus “helping the transition to a new and more diverse economy which is fuelled by innovation, the opening of new markets and more investment in Australian enterprise”.
The government will invest more than A$230 million over four years to boost Australia’s cyber security capability.
The policy says that while figures vary, cybercrime is estimated to cost Australians more than $1 billion annually.
Initiatives in the policy include the planned appointment of a minister assisting the prime minister on cyber security to lead the government’s work with business leaders, and annual meetings between the prime minister and business figures to set and drive the cyber security agenda.
“Cyber security needs to be driven from the top. Economic and national security imperatives mean that cyber security is a strategic issue for leaders – ministers, senior executives and boards – not just for ICT and security staff,” the policy says.
A cyber ambassador will be appointed to spearhead Australia’s international effort.
One problem the policy identifies is a shortage of cyber security professionals in the workforce. The government says it will tackle this “at all levels of Australia’s education system”, in the quest for “a cyber smart nation”.
“Demand in Australia for cyber security services and related jobs – such as legal services, insurance and risk management – will grow by at least 21% over the next five years,” the policy says.
“However, the public and private sectors cannot fill their cyber security vacancies. The situation appears to be worsening – the take-up of ICT-related university degrees (often a precursor for cyber security professionals) has halved over the last decade and graduation rates have dropped.”
Potential explanations include the type and number of courses currently available and insufficient student awareness of job opportunities, the policy says.