Yesterday, Prime Minister Malcolm Turnbull served up a $230 million Cyber Security Defence Strategy to bolster our protection against cybercriminals and nation state hacking attempts. How did the IT security industry feel about the plan? Is $230 million even enough? Read on to find out.
Image Credit: Photo by Brendon Thorne/Getty Images
The Cyber Security Defence Strategy lists out what the Federal Government will be investing on to fend off Cyber security threats, including:
- Establishing a national cyber security partnership
- Creating strong cyber defences to detect, deter and respond to threats
- Taking a global leadership role to champion a free internet and shut safe havens
- Focusing on growth and innovation
- Building a cyber-smart nation by building skills and awareness
You can read more about the details in yesterday's article.
While there was a lot of praise for what the cyber security strategy covered, BAE Systems was critical of the Government for delaying the revision of the original security plan which was released in 2009.
According to BAE Systems Applied Intelligence general manager Dr Rajiv Shah:
"As technology and threats change rapidly, so too must government policy and initiatives. Seven years between cyber security strategies is too long; every 12 months is a good starting point. For instance, the current information security standards developed 22 years ago are outdated."
He did laud the Government for bringing in cyber security health check scheme for the public and private sector.
Leon Fouche, who is a cyber security and technology risk specialist for BDO Risk Advisory Partner, believes that industry collaboration is the key to the success of the Cyber Security Defence Strategy:
"While the Federal Government has taken a significant step in releasing its plan to mitigate cyber risks and to work closely with those organisations that operate critical infrastructure, it’s now time for each and every business to step up and play its own role in fighting cybercrime. Cyber safety is not a competition, and the strategy’s focus on collaboration - between government and industry as well as between organisations – is the correct one."
He urged industry players from all types of organisations, regardless of size, to work together and pool their knowledge and resources to fight against cyber criminals. Fouche also encouraged joint cyber security exercises to prepare for a collaborative response to attacks in both the private and public sector.
WatchGuard Technologies technical director for Asia-Pacific Rob Collins was heartened by the Government's transparency of its own security breaches during the announcement of the cyber security strategy:
"The admission that the Bureau of Meteorology was compromised is a welcome change to the usual veil of secrecy around breaches of Government networks, especially when there is an expectation that businesses should be forced to admit their breaches. Acknowledging that cyber security is a problem for Australia won’t come as a surprise for the many businesses that have been struck by ransomware and financial fraud attacks that have really ramped up in the last 18 months.
He noted that often the importance of strong cybersecurity within an organisation falls on deaf ears and he hopes that the Strategy will help CEOs and CIOs understand that they need to budget for robust cybersecurity initiatives.
While the IT security industry seems to welcome the Cyber Security Defence Strategy with open arms, you do need to ask yourself whether $230 million is enough of an investment in an area that not only cost Australians $1 billion in 2015 but can also put our national security in jeopardy.
MailGuard CEO and founder Craig McDonald thinks $230 million is enough to make a start but more money invested in the defence against cybercriminals is always welcome:
"It’s a start is all I’ll say. I think it’s sufficient to get the ball rolling and at this point in time, momentum is key. You can always do more and if there was more money available I’d certainly suggest it should be aligned with this particular strategy. The importance of cyber security to the state of our nation cannot be stressed enough. People underestimate the size of cybercrime as a business. If it was a legitimate business, it would be four times the size of Facebook. It has grown exponentially over the past 12 months and shows no sign of slowing down."
What are your thoughts on the Federal Government's brand spanking new Cyber Security Defence Strategy? Let us know in the comments.