Turnbull's $230M Cyber Security Strategy: Four Industry Experts Respond

Yesterday, Prime Minister Malcolm Turnbull served up a $230 million Cyber Security Defence Strategy to bolster our protection against cybercriminals and nation state hacking attempts. How did the IT security industry feel about the plan? Is $230 million even enough? Read on to find out.

Image Credit: Photo by Brendon Thorne/Getty Images

The Cyber Security Defence Strategy lists out what the Federal Government will be investing on to fend off Cyber security threats, including:

  • Establishing a national cyber security partnership
  • Creating strong cyber defences to detect, deter and respond to threats
  • Taking a global leadership role to champion a free internet and shut safe havens
  • Focusing on growth and innovation
  • Building a cyber-smart nation by building skills and awareness

You can read more about the details in yesterday's article.

While there was a lot of praise for what the cyber security strategy covered, BAE Systems was critical of the Government for delaying the revision of the original security plan which was released in 2009.

According to BAE Systems Applied Intelligence general manager Dr Rajiv Shah:

"As technology and threats change rapidly, so too must government policy and initiatives. Seven years between cyber security strategies is too long; every 12 months is a good starting point. For instance, the current information security standards developed 22 years ago are outdated."

He did laud the Government for bringing in cyber security health check scheme for the public and private sector.

Leon Fouche, who is a cyber security and technology risk specialist for BDO Risk Advisory Partner, believes that industry collaboration is the key to the success of the Cyber Security Defence Strategy:

"While the Federal Government has taken a significant step in releasing its plan to mitigate cyber risks and to work closely with those organisations that operate critical infrastructure, it’s now time for each and every business to step up and play its own role in fighting cybercrime. Cyber safety is not a competition, and the strategy’s focus on collaboration - between government and industry as well as between organisations – is the correct one."

He urged industry players from all types of organisations, regardless of size, to work together and pool their knowledge and resources to fight against cyber criminals. Fouche also encouraged joint cyber security exercises to prepare for a collaborative response to attacks in both the private and public sector.

WatchGuard Technologies technical director for Asia-Pacific Rob Collins was heartened by the Government's transparency of its own security breaches during the announcement of the cyber security strategy:

"The admission that the Bureau of Meteorology was compromised is a welcome change to the usual veil of secrecy around breaches of Government networks, especially when there is an expectation that businesses should be forced to admit their breaches. Acknowledging that cyber security is a problem for Australia won’t come as a surprise for the many businesses that have been struck by ransomware and financial fraud attacks that have really ramped up in the last 18 months.

He noted that often the importance of strong cybersecurity within an organisation falls on deaf ears and he hopes that the Strategy will help CEOs and CIOs understand that they need to budget for robust cybersecurity initiatives.

While the IT security industry seems to welcome the Cyber Security Defence Strategy with open arms, you do need to ask yourself whether $230 million is enough of an investment in an area that not only cost Australians $1 billion in 2015 but can also put our national security in jeopardy.

MailGuard CEO and founder Craig McDonald thinks $230 million is enough to make a start but more money invested in the defence against cybercriminals is always welcome:

"It’s a start is all I’ll say. I think it’s sufficient to get the ball rolling and at this point in time, momentum is key. You can always do more and if there was more money available I’d certainly suggest it should be aligned with this particular strategy. The importance of cyber security to the state of our nation cannot be stressed enough. People underestimate the size of cybercrime as a business. If it was a legitimate business, it would be four times the size of Facebook. It has grown exponentially over the past 12 months and shows no sign of slowing down."

What are your thoughts on the Federal Government's brand spanking new Cyber Security Defence Strategy? Let us know in the comments.


    The Cyber Security Strategy has been launched at a really critical time, you just need to look at the recent attacks on hospitals globally, the Panama Papers leak and the cyber attack on the Bureau of Meteorology.

    The sad truth is that most business lack the tools or the knowledge/ experience to protect themselves from cyber attacks and other hacking threats. This is bad enough when your business is risking it's own data, but it's horrifying when it's risking customer data as well.

    One of the better ways of doing this is making sure your files are encrypted, and that only the people who are supposed to have access to your files can read them.

      Some business just seem to cut corners when it comes to security. Some of the biggest hacks in history have been perpetrated against some of the largest and wealthiest companies in the world (Sony, Target, etc.), surely they have the resources to secure their data but for whatever reason, probably financial, drop the ball.

        I'm not discounting them being cheap but personally, sometimes the companies are just too large and unwieldy for them to handle excellent security top down. It becomes to hard to change policy or implement changes so they fall by the wayside. From personal experience a certain bank in Australia didn't implement a particular IT security fix because there were too many managers and sign-offs required.

        Look at it like bugs within a program. There are always going to be bugs. If a hacker can find a zero day exploit, and they're skilled enough, they can get in. We don't hear about all the failed attempts to hack into companies' networks.

Join the discussion!

Trending Stories Right Now