Prime Minister Malcolm Turnbull launched Australia's cybersecurity strategy in April 2016, and more than one year on, there's work to be done.
Upon launch, the strategy was criticised for its lack of funding and vague goals. Among other targets, it aimed to ensure more information was shared between government agencies and the private sector about cyber threats, and that universities were training "skilled cyber security professionals".
The recent Australian Strategic Policy Institute's (ASPI) publication "Australia's cyber security strategy: execution & evolution" is something of a report card on the government's progress so far. The aim of the strategy was to improve the security of Australian government organisations as well as businesses and individuals, and while ASPI said there had been "significant encouraging progress", it also noted investment in a number of key goals has been insufficient.
We asked a panel of experts to weigh in: how is the government doing 12 months into its cybersecurity strategy?
Ritesh Chugh, Senior Lecturer, School of Engineering & Technology, CQUniversity
As the initial 2016 cybersecurity strategy did not specify quantifiable outcomes for most of its five action plan items - (1) national cyber partnership, (2) strong cyber defences, (3) global responsibility and influence, (4) growth and innovation and (5) cyber smart nation - measuring its progress in the ASPI report is difficult.
An absence of adequate implementation plans as well as poor methodology is evident in the government's strategy, as witnessed in the bungled 2016 Census, as ASPI mentions. It appears the strategy has also not been fully implemented due to lack of government spending on cyber issues, and inadequate human resource allocation. However, there are lessons to learn.
Education and public awareness will continue to play a vital role in ensuring people are better prepared for cyber threats. The Stay Smart Online website is a good initiative and can be enhanced by encouraging more people to sign up to its Alert Service. Communication should continue to be a key focus.
For the strategy to work effectively, it is also important that better public-private partnerships are established. Small to medium enterprises (estimated to be around 95% of all businesses) form a large part of the Australian landscape and are relatively easy targets. Awareness and educational programs more specifically tailored to their needs are warranted, along with easy access to experts in cybersecurity - perhaps a phone support contact centre.
It is necessary for the government to consider their commitment to the strategy.