December 9, 2022
The federal government is calling in some of the world’s leading experts to devise a cybersecurity strategy to prevent a repeat of this year’s Optus and Medibank attacks that led to the private data of millions of Australians being stolen and leaked online.
Home Affairs Minister Clare O’Neil said her mega-department – established by the Turnbull government in 2017 with Peter Dutton as its first minister – had been too narrowly focused on issues such as border security and organised crime and needed to be reimagined to pay more attention to emerging threats.
As well as cybersecurity, O’Neil said it would increase its focus on climate change, natural disasters, foreign interference and threats to Australian democracy.
Almost 10 million current and former Medibank customers had their personal data, including sensitive health information, breached and released on the dark web in a ransomware attack in October. That came just weeks after a hack of 9.8 million current and former Optus customers’ data left people scrambling to change their passport and Medicare numbers.
Vowing to make Australia the most cyber-secure nation in the world by the end of the decade, O’Neil said the government was launching a “major program of work” to develop a national cybersecurity strategy.
“This threat is huge, it is relentless and only getting bigger,” she told the National Press Club on Thursday.
“And the truth is in cybersecurity, we are unnecessarily vulnerable.
“We did not do the work nationally over the last decade to help us prepare for this national challenge.”
The cybersecurity strategy will be led by former Telstra chief executive Andy Penn, cybersecurity expert Rachael Falk and former Air Force chief air marshal Mel Hupfeld.
“In addition to this amazing group of Australians, some of the biggest cyber guns from around the world love the scale of our ambition [and] they have agreed to help,” O’Neil said.
Ciaran Martin, the first chief executive of the United Kingdom’s National Cyber Security Centre, will lead the global expert panel advising the government.
Declaring that Australians were beginning to awake from a “cyber slumber”, O’Neil said: “The cybersecurity strategy will help Australia bring the whole nation into the fight to protect our citizens and to protect our economy.”
The government last month announced the Australian Federal Police and Australian Signals Directorate would have a 100-person team focused on hunting down hackers and ransomware groups.
“It will take some time to get this singing, but when it does, it will change the game for cybersecurity for our country,” O’Neil said.
The opposition’s cybersecurity spokesman, James Paterson, said he was concerned that “four months after the minister tore up our cybersecurity strategy, the government is only now getting around to appointing an eminent panel to draft one”.
“In this heightened threat environment, we can’t afford to drift without a cyber strategy,” he said.
O’Neil said the Albanese government would be the first in Australian history to run disaster management as a “centralised, well co-ordinated, enduring function of the Australian government”.
“It is time for us all to stop feigning shock at supposedly once-in-a-generation floods and fires and storm,” she said.
“We need disaster management to be a routine, seamless, well-practised function of Australian government so that when multiple disasters strike, government and the community are not completely consumed by them.”
O’Neil said her department would launch a new program of “direct engagement with possible targets of foreign interference”, such as diaspora communities, to help them understand how foreign interference agents operated.
The department’s national resilience taskforce would also examine ways to strengthen Australian democracy.
“We know that foreign interference, misinformation and disinformation are on the rise, and we need to reduce our susceptibility to those efforts and that will include thinking about a new generation of initiatives in civics and social cohesion,” she said.
“And we need to explore what we can do with tech companies to reduce the spread of polarisation and falsehoods, which have become such an important part of our lives.”
Alastair MacGibbon, chief strategy officer at CyberCX, welcomed the plan to make Australia a more “cyber-resilient nation” while adding the previous government had launched important cybersecurity initiatives.
Adrian Covich, a senior director at cybersecurity company Proofpoint, described the strategy as a “timely and necessary development that we hope will play a critical role in bolstering Australia’s cyber resilience”.