Government policy targets APAC for sharing, commercialising Australia’s cybersecurity experience

Cybersecurity firms are redoubling their commitment to sharing cybersecurity knowledge as the government’s new “global in perspective in regional and focus” digital engagement strategy positions cybersecurity as key to promoting and commercialising Australian digital expertise across the Asia-Pacific region.

Launched by minister for foreign affairs and trade Julie Bishop, the International Cyber Engagement Strategy (ICES) lays down an agenda for cyber-related issues including digital trade, cyber security, cybercrime, international security cyberspace, and internet governance cooperation as well as related issues including human rights democracy online, technology for development, and comprehensive coordinated cyber affairs.

The agenda – which will be discussed Thursday evening in an Australian Strategic Policy Institute event in Canberra – inextricably links cybersecurity with the government’s digital transformation agenda as well as its entrepreneurship and local industry development efforts, which were bolstered by an additional $10m in funding – on top of $4m announced last year – to the Cyber Cooperation Program (CCP).

CCP – which includes partners such as the Commonwealth Bank, Macquarie and Monash universities, Sense of Security, Telstra and others – will be expanded with “a particular focus on the Indo-Pacific region”, Bishop’s department said. This dovetails with ongoing efforts by DFAT to bolster strategic cybersecurity partnerships with the likes of Japan, the the United Kingdom, and Indonesia

Focusing on the Indo-Pacific region will position Australia’s industry-development efforts in a region that, Australian ambassador for cyber affairs Tobias Feakin noted in a blog upon the agenda’s launch, is leading the world in economic growth – but leaving many of the drivers of that growth exposed to cybersecurity risks due to overall low cyber awareness.

“It is in the Indo-Pacific that Australia can best leverage our cyber capacity building resources to support an open, free and secure Internet that facilitates a prosperous and resilient online environment,” Feakin wrote. “We will shape an enabling environment for digital trade while promoting trade and investment opportunities for Australian digital goods and services…. while securing Australia from the threat of cybercriminals and other malicious actors in cyberspace.”

CCP partner Palo Alto Networks was quick to welcome the launch of the ICES, with vice president and Asia-Pacific regional chief security officer Sean Duca noting in a statement that Australia is a “thought leader in cybersecurity and should take a leadership role in the region”.

“Attackers themselves are already following a collaboration model,” Duca added, “which makes them more efficient and stronger. To get ahead of these cybercriminals, the private and public sectors need to work together to automate threat sharing so everyone has access to the same data to develop new ways to thwart their attacks”.

Supporting the ICES, Palo Alto Networks also announced it would kick off a project to train regional businesses and share cybersecurity best practices with C-suite members across ASEAN countries. The effort would, Bishop said, complement ongoing efforts to translate the Australian Signals Directorate’s “world-leading” ‘Essential Eight’ mitigation strategies.

FireEye’s Asia-Pacific director of threat intelligence, Tim Wellsmore, said in a statement that the new strategy was “key to setting the agenda of Australia’s responsibilities internationally to assist the nations who are not as well positioned as Australia to start to understand and responds to the cyber threats, and issues relating to the global uptake of technology.”

“This is no small task, as Australia is still struggling to understand the size and scope of the threat, as well as having any real ability in reducing the impact of cybercrime and related cyber issues.”

Reducing that impact has become a key focus for Australian businesses, with recent figures suggesting that local companies face a growing threat from domestic distributed denial of service (DDoS) instigators even as developers struggle to improve information-security practices and business leaders struggle to escalate the importance of information security internally.

As well as forging new conceptual links between economic development, business transformation and cybersecurity, the new policy’s governance and cooperation agenda also reinforces the importance of coming legislative mandates such as the Notifiable Data Breaches (NDB) scheme, which will bring a much higher degree of clarity to the real challenges that Australian organisations face around cybersecurity.

The Office of the Australian Information Commissioner (OAIC) recently released a request for comment on a number of draft resources that help businesses prepare for their NDB practices – outlining the types of information they will need to be prepared to collect and report about any detected breaches. Better information will feed efforts to address security shortcomings, ultimately contributing to the outreach efforts facilitated by ICES.

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)