On 31 May 2022, Prime Minister Anthony Albanese announced his new Cabinet; one change included having cybersecurity as a standalone portfolio. The PM appointed Clare O’Neil as minister of cybersecurity and also as minister of home affairs. Angus Taylor was briefly minister for law enforcement and cybersecurity in 2018, with the function later falling under Karen Andrews when she took on the home affairs responsibilities.
As the country waits to know what changes the new minister may bring, experts shared with CSO Australia what they know and expect to happen.
Clare O’Neil MP
Clare O’Neil, Australia’s minister for cybersecurity and for home affairs appointed in June 2022.
For some, this Cabinet change means that Australia is taking cybersecurity seriously when it comes to policy making, standards development, and resource allocation, says James Nunn-Price, growth markets security lead at Accenture. “The new appointment indicates that we will likely see an increase in the pace for several planned national regulatory and legislative measures that lost momentum before the elections. Internationally, having a minister represent the country’s desire to become a cybersecurity leader sends a clear message,” he says.
Who is Clare O’Neil
According to her official page, O’Neil studied law at Monash University. It was during her studies that she was elected to the City of Greater Dandenong Council and a year later she became mayor of the City of Greater Dandenong. She later study public policy at Harvard University and worked in the New York Stock Exchange.
O’Neil, whose interests are in economics, Indigenous Australia, and the welfare of children, was appointed shadow minister for justice in 2016 and was also appointed shadow minister for financial services in 2018. In July 2019, O’Neil was appointed the shadow minister for innovation, technology, and the future of work, and since February 2021 O’Neil had been the shadow minister for senior Australians and aged care services.
The benefits of a dedicated cybersecurity minister
It has been four years since there was a dedicated cybersecurity minister, following the resignation of Angus Taylor in 2018 which eventually led to the cybersecurity function being rolled into home affairs. Karen Andrews was the former minister most recently in charge of cybersecurity while serving as minister for home affairs.
Despite not having cybersecurity as a standalone portfolio, the Australian federal, state, and territory governments have had a strong focus on cybersecurity. And, although O’Neil has two portfolios, Gartner analyst Richard Addiscott says the move shows the elected government is prepared to place an elevated priority on protecting and enhancing Australia’s cybersecurity posture.
Other benefits of O’Neil’s appointment are to have a critical policy focus, Michelle Price, EY partner for Oceania for cybersecurity, privacy, and trusted technology practice, tells CSO Australia. “It provides leadership at the whole of government level—and that’s not just for federal government, it’s for the states and territories and local governments as well. It also provides a focal point for business and what good looks like for business from a policy point of view as well,” she says.
Another component, says Price, is that it provides a focus for how Australia engages with the rest of the world, especially when it comes to digital borders. She says there are additional pressures on the evolving threat landscape with the economy now recovering from COVID-19 but with geopolitical events adding to the headwinds.
Having a dedicated cybersecurity minister is a very important piece of the Australian government’s architecture, says Price.She also points to the fact that having a woman representing the sector at the government level demonstrates a diversity of leadership that is needed in cybersecurity.
With cybersecurity not being an issue restricted to home affairs only, Gartner’s Addiscott says that the minister’s ability to work across the other portfolios—defence, the attorney-general’s department, foreign affairs and trade, and others—to deliver a joined-up national approach to cybersecurity will be a key determinant of whether the new appointment delivers any value.
He also says that seeking to develop a more harmonised approach to cybersecurity across the state governments would be beneficial. “Most states currently have specific whole-of-government cybersecurity policies and frameworks delivered by teams usually placed within the departments of premier and the cabinets. However, beyond references to the ASD Essential Eight in several state cybersecurity frameworks, there is a mix of differing standards, such as ISO27001 and the NIST CSF, and operating models being adopted,” he says.
What Australian businesses can expect from the cybersecurity minister
By having cybersecurity as a discrete ministry responsibility, there will be teams within the home affairs portfolio supporting the minister in her role as minister for cybersecurity, Price says, which means that there is the opportunity for there to be expertise put into government around what it means to manage cybersecurity risk.
There is also “the opportunity to have a much stronger narrative around what the opportunity is for small business to take cybersecurity seriously not only for their domestic focuses but also how they start to engage in international supply chains,” she says. “With so many areas across the global economy experiencing shortages—across technology people and process as well as, of course, those physical goods and services that we rely on so much—there’s actually so much opportunity for Australia in this space to have that well coordinated across government and for government to be working in partnership with business both at the big end and small end of town.”
But Gartner’s Addiscott warns that it is early to have any clues as to what having a standalone minister for cybersecurity means: “Only time will tell whether the appointment is actually a material expansion on the previous minister’s role that delivers meaningful outcomes, or whether the appointment is in name only and, in reality, it’s business as usual.”