Building national cyber resilience

Building national cyber resilience

Cyber Security Cyber Resilience Taskforce
Tuesday, September 12, 2017

Department of the Prime Minister and Cabinet

Photo of participants taking part in cyber incident communications exercise.

Through our Cyber Resilience Taskforce we have two main goals: first to broadly engage public and private stakeholders to come up with new ideas to build national cyber resilience, and second to turn those ideas into concrete actions for the benefit of all Australians.

Consulting broadly with our partners across government, private sector and academia we identified four main questions to focus our work:

  • How can we respond better if a significant cyber incident occurred today?
  • How do we harness the power of the collective ecosystem?
  • How can we get ahead of the wave?
  • How will we build a cyber skilled nation?

Our lines of effort have seen us attempt to map the cyber security ecosystem – somewhat more challenging than we originally anticipated. Through this it has become clear we need to more keenly articulate the role the government plays, how the government’s cyber security initiatives from Australia’s Cyber Security Strategy come together, and how all the elements of the cyber security ecosystem – government and non-government – integrate to form a more resilient whole.

Specific initiatives have included testing technology for predictive analysis and incident response, and working with State and Territory colleagues for enhanced information sharing.

Follow our progress through our newsletter on the Office of the Cyber Security Special Adviser’s website and @CyberGovAU Twitter updates.

 

Sandra Ragg
Head, Office of the Cyber Security Special Adviser
Lead, Cyber Resilience Taskforce 

Coordinating crisis responses with states & territories

Cyber threats are not bound by geography, and the cyber challenges faced by all levels of government were discussed at a recent meeting of senior executives from commonwealth, state and territory governments, and a representative of local governments.

It was agreed to work closely to integrate cyber incident response strategies to achieve greater interoperability between government partners. Technology based solutions will also be implemented to more swiftly share information and mitigation and communications strategies.

Building a cyber skilled nation

Addressing the demand for skilled cyber security professionals is a priority of the Australian Cyber Security Strategy, and an important factor in ensuring future national cyber resilience. The Taskforce is working with industry groups such as the Australian Information Security Association (AISA), AustCyber (the Australian Cyber Security Growth Network), and other private sector partners to build the understanding of initiatives to attract new recruits and identify career pathways.

A range of existing literature provides a strong foundation – for example the AustCyber Cyber Security Sector Competitiveness Plan, which predicts that Australia will need to increase its number of cyber security workers by 7,500 by 2026. The Taskforce developed a survey in partnership with AISA to map the skills and background of Australia’s current cyber security workforce, including available cyber security education programs and skills accreditation pathways, to understand strengths, gaps and opportunities. If your role includes cyber security responsibilities, have your say.

Graphic from the Cyber Security Sector Competitiveness Plan 2017 illustrating forecast cyber security workforce growth over the next 10 years, predicting a 7,500 shortage by 2026 at current business as usual workforce growth rate.
Source: AustCyber Cyber Security Sector Competitiveness Plan 2017

The Taskforce would also like to hear about programs and initiatives which support and encourage interest in cyber security careers that are accessible by Australians who have had limited or no prior industry experience. The programs do not have to be solely focused on cyber security, but we are looking for ones that help with cyber security skills development.

For any programs or initiatives that you wish to tell us about, please email CyberTaskforce@pmc.gov.au with the following details:

  • Name of program
  • Organisation that runs the program
  • A short description of the program
  • If known, a point of contact for the program

Supporting small to medium businesses and individuals

Graphic from the 2016 ACCC scam report showing annual scam statistics overview.In 2016 online scams accounted for 58% ($48.4 million) of all losses reported in Australia. More can be done to support victims of cybercrime and take steps to further build national cyber resilience for all Australians.

Working with law enforcement and other partners the Taskforce identified existing pain points for victims of cybercrime and scams, when they attempt to report, or access support. In particular, victims are confused where to go for assistance, how to report an incident and felt frustrated with the response received. Identified opportunities for improvements include streamlined cooperation across government agencies, stronger interfaces with the private sector and more helpful information from both government and the private sector to those impacted.

Ensuring clear communications during a cyber incident

In light of recent ransomware attacks, improving our cyber incident response has been a first-priority issue for the Cyber Resilience Taskforce. A key part is effective crisis communication which ensures public confidence in government and contributes to the overall resilience of the cyber ecosystem. Communications arrangements across government and law enforcement agencies have been reviewed, new communications protocols are being developed and implemented and technology is being tested.

The protocols were tested at a crisis simulation exercise which brought together communications and technical specialists from across several government agencies. The exercise identified the need for stronger incident coordination to bridge the gap between technical analysis and communications products that meet the needs of government, private sector, and public audiences. This is the focus of our next sprint.