The Australian Cyber Security Strategy was unveiled by the Albanese Government in November 2023 as a $586.9M plan to boost cyber resilience, six sheilds, SMB support, and global cyber leadership. The strategy represents the Government’s proposed roadmap for a comprehensive, long-term plan to enhance national cyber resilience and security and to position Australia as a world leader in cyber security by 2030.
The Strategy identifies six ‘shields’ as central elements to enhance cyber security and resilience and achieve the goals above. These shields are:
- Strong Businesses and Citizens: Ensuring businesses and citizens are well-protected from cyber threats and can quickly recover from cyber-attacks.
- Safe Technology: Guaranteeing that digital products and services in Australia are safe, secure, and fit for purpose.
- World-Class Threat Sharing and Blocking: Providing access to real-time threat data and the capability to block threats effectively at scale.
- Protected Critical Infrastructure: Strengthening critical infrastructure and essential government systems to withstand and recover from cyber-attacks.
- Sovereign Capabilities: Developing a robust cyber industry with a diverse and professional cyber workforce, enhancing Australia’s cyber capabilities.
- Resilient Region and Global Leadership: Promoting cyber resilience in the region and leading globally, shaping international cyber norms and standards
Here’s a high-level overview of the key components of The Strategy and how investment in key areas will reinforce the six ‘shields’ to achieve the government’s long-term goals for cyberresilience in Australia.
SUPPORTING SMALL AND MEDIUM BUSINESSES
The Australian Cyber Security Strategy highlights the importance of Small and Medium Businesses (SMBs) to Australia’s economy, contributing significantly to the GDP and employing a substantial portion of the workforce. Particularly how these businesses often struggle with cyber security due to limited resources and expertise. To address this, the government will introduce a cyber health check program offering free assessments of cyber security maturity, along with educational tools to improve cyber resilience. This initiative aims to enable SMBs to better understand and manage
cyber risks, reducing recovery time and costs from cyber incidents.
The new ‘Small Business Cyber Security Resilience Service’ will serve as a one-stop-shop, providing advice on building cyber security capabilities and helping businesses recover from incidents. This service will be staffed by professionals wellversed in cyber security and mental health, offering assistance tailored to the specific needs of small businesses.
COMMUNITY GRANT PROGRAM (COMMUNITY ORGANISATIONS)
The Australian Cyber Security Strategy also announced an upcoming, new grant program for community organisations aimed at fostering the development of customised cyber awareness campaigns for vulnerable populations. This initiative aims to reach out to a wide array of groups, focusing on the specific needs of remote and regional communities, culturally and linguistically diverse populations, First Nations communities, the youth, seniors, individuals with disabilities, and the neurodiverse.
The program will be designed to support projects and organisations working in close collaboration with local community leaders, who will play a crucial role in crafting strategies and creating materials that resonate with their respective communities. This collaborative effort is not just about spreading awareness but also about ensuring the delivery of clear and consistent advice.
DISRUPTING AND DETERRING CYBER THREATS
The Australian Cyber Security Strategy outlines plans to bolster the capabilities of domestic law enforcement and offensive cyber activities, making Australia a harder target for cybercriminals. This includes expanding the Australian Federal Police’s (AFP) role in Operation Aquila (the AFP- and Australian Signals Directorate (ASD)-led joint standing operation aimed at investigating and disrupting criminal syndicates) and continuing ASD’s Project REDSPICE to enhance offensive cyber capabilities. The Strategy also emphasises the importance of international collaboration to combat cybercrime effectively.
ADDRESSING THE RANSOMWARE BUSINESS MODEL
Ransomware is identified within the Australian Cyber Security Strategy as one of the most significant and disruptive cyber threats facing the country today.
The Strategy’s approach includes:
- Enhance the Visibility of the Ransomware Threat
- Develop early warning systems for timely government support against ransomware attacks.
- Co-design legislative options for mandatory, no-fault ransomware reporting by businesses.
- Share anonymized ransomware trend data with industry and community for better resilience.
- Provide Clear Guidance on How to Respond to Ransomware
- Strongly discourage paying ransoms to cybercriminals due to risks and uncertainties.
- Create a ransomware playbook for guidance on preparing for and responding to ransom demands.
- Drive Global Counter-Ransomware Operations
- Lead global efforts against ransomware as Chair of the International Counter Ransomware Taskforce.
- Work with international partners to discourage ransom payments and regulate cryptocurrency use.
- Reform laws related to anti-money laundering and counter-terrorism financing for digital transactions.
CLEAR CYBER GUIDANCE FOR BUSINESSES
The government recognises the need for clearer cyber governance guidance for businesses. The Australian Cyber Security Strategy will publish an overview of corporate obligations for critical infrastructure owners and operators and establishing a Cyber Incident Review Board, drawing on international and domestic models, including the United States’ Cyber Safety Review Board and the Australian Transport Safety Bureau. This board will conduct post-incident reviews to uplift collective cyber security and share best practices with the business community.
SIMPLIFYING POST-INCIDENT SUPPORT
Post-incident support is crucial for rapid recovery. The government will simplify incident reporting through a single reporting portal and promote trusted support after an incident. This includes developing a code of practice for incident response providers to ensure consistent service quality.
SECURING IDENTITIES AND ASSISTING IDENTITY THEFT VICTIMS
The Australian Cyber Security Strategy will expand the Digital ID program to reduce risks of identity theft and fraud. Additional funding will be provided for victim support services, enhancing the assistance available to individuals affected by identity crime.
TO SUM IT UP…
The Australian Cyber Security Strategy is ambitious in its scope and vision but leaves a handful of critical questions unanswered. There is a distinct lack of clarity on specific funding allocations and detailed timelines for the implementation of its key initiatives. This is unlikely to be an oversight though, and we fully expect more clarity at budget time. One would hope that the $589 million, seven-year allocation (around $84 million per year) is an initial announcement and that continued, mature investment strategies surround the implementation of The Strategy in years to come.
Alas, it is hard to be optimistic at this stage given this vagueness with real concerns evident around the practical execution of The Strategy and the measurable impact of its programs. Key risks to success include the potential for underfunding critical areas, the challenge of effectively coordinating efforts across diverse sectors and the risk of not keeping pace with the rapidly evolving nature of cyber threats (particularly given the rapid rise of AI in the consumer market).
Despite these concerns, the strategy marks an encouraging step forward. It thoughtfully addresses the need for strengthening Australian cyber security through the ‘six shields’ approach, particularly in enhancing protection for businesses and critical infrastructure. The emphasis on global cooperation and leadership in combating cybercrime demonstrates a forwardthinking approach. The focus on developing sovereign cyber capabilities and a professional cyber workforce is a powerful strategic move towards building long-term resilience. This strategy lays a foundational framework for a more secure digital future for Australia, though its success will depend on tangible, measurable outcomes as well as details and actions that follow in the coming years.
For more information on Australia’s other funding investments in the coming years, view our Global Funding Analysis and other global publications at: https://grantsoffice.com.au/global-funding-landscape/