Cybersecurity standards are being developed a year on from the huge Optus data breach, as the federal government puts the onus on companies and developers to keep Australians safe online.

Home Affairs Minister Clare O’Neil said there were three key shifts under way that made the cyber landscape more challenging – the growth of the internet, evolving technology such as artificial intelligence and tense geopolitical circumstances.

“We live in a region of strategic competition and cyber will be integral to how the events of the coming decade play out,” she told a cybersecurity summit in Sydney on Monday.

As the minister lauded the new security strategy, to be released later in the year, she said the cyber domain was the fastest-changing national security threat, but also “a bloody big opportunity”.

“If we play it right, Australia is uniquely placed to be best in the world in a number of cyber capabilities, creating well-paid jobs for Australians and products that we can export all over the world,” she said.

“So when you put it together, it’s really clear – we have an urgent economic and security imperative to make a step change as a country for how we deal with cyber issues.”

The new strategy will create six “shields” around the nation to protect businesses, organisations and everyday Australians.

She said the first shield was to have Australians understand cyber threats so they’re better able to protect themselves and have support in place to help affected businesses bounce back after an attack by 2030.

The second shield was safer digital technology, with the minister pointing to similar laws overseas for apps and programs to have built-in protections rather than leaving it to the consumer.

Other layers include world-class threat sharing and blocking, protecting access to critical infrastructure, ensuring Australia maintains sovereignty over cyber capabilities and better co-ordination of global action.

The plan is set to be implemented in two-year blocks, with strong foundations built up until 2025, before incrementally working towards standing up the six shields by the end of the decade.

About 10 million former and current customers of Optus had their personal details stolen in a major cyber attack in September 2022 which has triggered a major class action against the telecommunications giant.

Ms O’Neil said the government needed to play a more significant role and work with the private sector to ensure vulnerable businesses, that may not have the resources to protect themselves, were shielded.

She said the feedback from Australians and small businesses was that they felt vulnerable and panicked trying to navigate cyber security.

The government’s cybersecurity review chair Andy Penn told the summit corporate boards should be taking steps to ensure their firms’ data is secure.

“It’s about ‘How do I know that I’ve taken reasonable steps to protect the company and particularly to protect our customers against malicious cyber activity?’,” he said.

Steps should include knowing what data is held and having a plan to respond to breaches and repair the hacked systems.

The average cost of a cybersecurity breach in Australia is about $4 million, with the most common attacks being phishing scams and stolen or compromised credentials.

 

Dominic Giannini
(Australian Associated Press)