The Australian government will set up a new national office for cybersecurity under the home affairs ministry by April. A senior officer with the title of coordinator for cybersecurity will lead the office, Clare O’Neil, Australia’s minister for home affairs and cybersecurity, said during an interview with ABC’s AM radio program on Monday.
The Australian government on Monday also released a new discussion paper that seeks public opinion on the country’s next national cybersecurity strategy.
“The Australian government is coordinating a huge cyber uplift that’s been occurring now for eight months,” O’Neil said during the radio interview. “We want Australia to be the most cyber secure country in the world by 2030 and the cyber strategy is the main mechanism that will get us there.”
Different parts of the government and the private sector are doing important things in cybersecurity but growing in different directions, O’Neil said.
To address this, the new coordinator will have two important tasks. The first will be to try to provide strategy and structure to the work being done across the government.
“It will mean things like making sure that the billions of dollars that we are investing in cybersecurity each year are being spent in a way that’s strategic and appropriate, that we’ve got different parts of government communicating with each other and working together on helping lift cybersecurity protections across the country,” O’Neil said.
The other part of this person’s job will be to help manage cybersecurity incidents in a proper, seamless, strategic way across the Australian government. “That is something that has been missing due to negligence of the former government in managing this critical area of national security,” O’Neil said, adding that the government is advertising for the particular role and the new role should be implemented by next month.
New cybersecurity strategy
After business, security and tech leaders held a roundtable discussion on Monday, the Australian government released a discussion paper that seeks public opinion on the country’s next national cybersecurity strategy.
The discussion paper is seeking comments from the public on several issues that relate to how Australia can become the most cybersecure country in the world by 2030, and how the government can work with businesses to make sure they are raising cybersecurity standards in partnership with the government.
It also poses questions on how Australia can partner with other countries to enhance cybersecurity resilience. One of the questions in the discussion paper seeks comments on how the government and industry partners can uplift cybersecurity resilience and secure access to the digital economy, especially in Southeast Asia and the Pacific.
The Australian government is seeking comments on the discussion paper by April 15 and aims to build the new cybersecurity strategy by the end of this year.
Blaming the former government
O’Neil criticized the former government for not having a cybersecurity emergency response function and outdated laws.
“We went through Optus and Medibank, two of the biggest cyberattacks that Australia has experienced last year and, in those events, we were meant to have a piece of law that was passed by the former government to guide the companies on the cyberattack,” O’Neil said, adding that the current law was useless and “not worth being printed on the paper when it came to actually using it in a cyber incident.”
Had the new coordinator and national office been in place earlier it would have made a huge difference, O’Neil said. “When Optus hit, much to my shock as cybersecurity minister, there was no cyber emergency response function in the Australian government.”
Cabinet ministers stepped in to manage the incident in a way that it is not sustainable when the country was under relentless cyberattack, O’Neil said. “What we will have now is an individual in the public service who is going to coordinate the response across governments and make sure not only are we deterring and preventing cyberattacks but when they occur, which they will continue to occur, that Australians can get services restored, get their data protected, get their identity numbers changed.”
Australia has been facing an increased number of cyberattacks over the past few years. One cybersecurity incident is reported on average every seven minutes, with over 76,000 cybercrimes reported in 2021-22, according to a Australian Cyber Security Centre threat report. In a three-week period between September and October 2022, the personal data of over 9.8 million Optus customers and 9.7 million Medibank customers was stolen by cybercriminals.