On 22nd November 2023, Australia launched its cyber security strategy 2023-2030. The aim of this strategy is to bring Australia to the level of becoming ‘a world leader in the domain of cyber security by 2030’.[i] The focus of the strategy is to work on stronger cyber defence to make sure, the safety of citizens and the wellbeing of businesses continue to prosper despite facing cyber-attacks and threats.[ii]
The strategy has been divided into three horizons which are as follows:
- The first horizon starts from 2023-2025 and it caters to security for citizens and businesses and working on improved cyber maturity,
- the second horizon focuses on the time of 2026-2028 which covers the cyber maturity in the economic development zone and focuses on a broader cyber ecosystem, upscaling cyber industry and diversifying cyber workforce for greater investment purposes, and
- the third horizon covers the years of 2029-2030 where it focuses on the advancement of a global frontier of cyber security which would help develop emerging cyber technologies and shaping the risks and opportunities.[iii]
The strategy covers six cyber shields which have been primarily designed to build a cyber resilient Australia.[iv] Keeping in mind, the Australian national interest aims to focus on its citizens first which is a combination of diverse communities to empower them to become cyber resilience by supporting them. The aim of the Australia Government is to support the small and medium enterprises as they are vital for Australia’s growth and development and, the improper functioning of the small and medium businesses hamper the larger businesses as they impact the supply chain as the small and medium businesses take longer to recover from the cyber-attacks.[v] Therefore, to make sure everything runs smoothly, the Australian Government has suggested that they would provide a cyber health-check program which would help assess the cyber security maturity of these small and medium businesses.[vi] Further, this would also be supported by National Cyber exercise program. To have greater cyber resilience and security capability, the Government has a small business cyber security resilience service for post cyber-attack recovery including the wellbeing and the mental health of the professionals.[vii] They would also help in cyber security guidance for businesses within the larger framework of cyber governance. There will be the threat sharing acceleration fund for industry members. The strategy also highlights the national cyber awareness campaign to understand and evaluate the threats coming into the domains of critical cyber security threats and working on online protection which would be managed by private sector and civil society. [viii]The protection would be carried forward for better domestic law enforcement, offensive cyber activities and reforms.[ix]
Earlier, Australia had a cyber security strategy in 2020, and they focused on protecting and defending critical infrastructure, finding newer ways to investigate cybercrime, increase situational awareness, sharing of information on threats, working towards partnerships like the Joint Cyber Security Centre Program, advising on cyber resilience to small and medium enterprises along with creating a 24/7 advice hotline for small and medium enterprises and finally, aiming for improvement of community awareness of threats from cyber.[x]
Many may ask why a change in strategy for Australia? This 2023-2030 Cybersecurity Strategy comes in at a time, when the personal data of many millions of Australians is stolen and released in the open, online. Further, with the advent of global evolution of technology, artificial intelligence and quantum computing is a double-sided sword as it is blessing and a boon for cyber security. Also, emerging technologies need to be able to protect citizens, businesses, critical infrastructure and pave the way for greater cyber research, innovation, development and entrepreneurship.[xi]
The strategy aims to make Australia a global leader in cyber technologies and help them take the lead in the arena of cyber frontier. [xii]To become leaders in the domain of cyber frontier, Australia has a track record of getting many things done like legislative reforms, global standards for public safety, stronger cyber offensive capabilities under the leadership of Australian Signals Directorate and the Australian Federal Police, cyber innovation in world-class research and education and developing deeper trusted partnerships with regional neighbours, members of the Quad and the Five Eyes.[xiii]
Future Cooperations
Given Australia’s strategic position, it can also help the ASEAN countries work and develop cyber security strategies and counter measures which would be in sync with the ASEAN Master Plan on Rural Development 2022 to 2026 where they have mentioned about digitalisation and technological innovation being accessible especially for the economic development of this region. Further, since, ICT has been a key component in ASEAN Economic Community Blueprint 2025 where they have recognised digital innovation as one the key pillars, Australia can help with technological development and train ASEAN to deal with any cyber-attack and threats.
Another domain that Australia can help ASEAN is the area of incident response as cyber-attacks are transboundary so Australia can help coordinate and share information of the new types of cyber threats and train them by conducting a regional cybersecurity exercise which would help create a cyber security network of experts, organisations, government officials and civil society. Also, Australia can develop and create a cyber security skilled labour force in partnership with industries and universities which would help generate employment and, deal with the shortage of skilled work force for the cyber security domain. ASEAN are getting help and training from Japan and Philippines for sharing information on their national laws, policies, strategies and best practices and so, Australia can collaborate with Japan and Philippines. This similar plan can be applied and implemented for the Pacific Island nations.
Australia has the Cyber Rapid Assistance for Pacific Incidents and Disaster, also known as Cyber RAPID where they see the digital disasters, but greater awareness campaigns and programs can be promoted which would be along with training, education, knowledge sharing with small and medium businesses.
[i] Australian Government. “2023–2030 Australian Cyber Security Strategy”, https://www.homeaffairs.gov.au/cyber-security-subsite/files/2023-cyber-security-strategy.pdf (Accessed on 16 November 2024)
[ii] Ibid.
[iii] Commander Subhash Dutta (Retd). 2024. “A Review of the Australian Cyber Security 2023-2030”, 3 September 2024. National Maritime Foundation. https://maritimeindia.org/a-review-of-the-australian-cybersecurity-strategy-2023-2030/ (Accessed on 16 November 2024)
[iv] Australian Government. “2023–2030 Australian Cyber Security Strategy”, https://www.homeaffairs.gov.au/cyber-security-subsite/files/2023-cyber-security-strategy.pdf (Accessed on 16 November 2024)
[v] Ibid.
[vi] Ibid.
[vii] Ibid.
[viii] Ibid.
[ix] KPMG. “2023–2030 Australian Cyber Security Strategy Discussion Paper”. https://assets.kpmg.com/content/dam/kpmg/au/pdf/2023/2023-2030-australian-cyber-security-strategy-discussion-paper-kpmg-submission.pdf (Accessed on 16 November 2024)
[x] Australian Government. 2020. “Australia’s Cyber Security Strategy 2020”.https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf (Accessed on 16 November 2024)
[xi] Australian Government. “2023–2030 Australian Cyber Security Strategy”, https://www.homeaffairs.gov.au/cyber-security-subsite/files/2023-cyber-security-strategy.pdf (Accessed on 16 November 2024)
[xii] Ibid.
[xiii] Ibid.