'

Australian government considers approach to cybersecurity 'world-leading'

A prime minister that understands the seriousness of cybersecurity combined with cross-government and public-private information sharing initiatives has sent Australia to the fore, according to Minister for Law Enforcement and Cyber Security Angus Taylor.

The Australian government considers itself to be "world-leading" when it comes to cybersecurity, with Minister for Law Enforcement and Cyber Security Angus Taylor telling ZDNet that Australia has the opportunity to extend its global lead to create a thriving local industry.

special feature

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Read More

"You talk to other countries and we have a chance here to lead the world, it's very exciting not just so we can protect ourselves but so we can grow an industry," he said on Wednesday.

"I don't think anyone's where they wanted to be, we're all still facing risks, but I think we're in a great position I think now to deal with these risks at a speed and with a level of collaboration that very few other countries have."

To Taylor, it's important to keep abreast of the threat landscape as it changes, noting also that it helps the country has a leader in Prime Minister Malcolm Turnbull that understands technology.

"I think one of the reasons why we are arguably leading the world is that we have a prime minister who actually understands that, which is I think pretty much unique," he told ZDNet. "For me personally that is a huge help because it means I can have a detailed discussion with him about Intel chips, and he understands."

The newly minted cyber minister drew on his time as the minister overseeing digital transformation to discuss the current approach to cybersecurity the government has, commenting that it's important to ensure departments and agencies aren't further creating silos for dealing with threats.

"There is a risk -- I'm acutely conscious of that, and I'm acutely conscious of that because I hear people say this to me all the time," Taylor said. "We can't let that happen.

"The key in cyber, like most areas, is speed and that means you've got to share information in a collaborative way."

While the government has determined a need to share and created a handful of avenues to do so, it doesn't exactly have a way to measure such information sharing.

"It's very easy to see afterwards," Taylor said in response to a question asking how to ensure cross-department collaboration. "This is something I'm adamant about and we do need to share. It doesn't mean you have to share sources, but you have to share the information people have to act on."

Speaking last week in front of the Senate committee looking into the digital delivery of government services, Australian Signals Directorate (ASD) director-general Mike Burgess put department bosses on notice for not seeking help where it is needed when it comes to cybersecurity.

"There is a possibility that those who aren't taking this seriously don't ask for our help," he said. "That would be a risky strategy for any chief executive because things get found out other ways ... there are many criminals out there who are attempting to break into systems, including government systems, all the time and most of those do become public and are found out."

Australian government organisations have operated in a somewhat devolved manner when it comes to cybersecurity, which is the result of the way business within government has previously run.

Although this model is contrary to that used by the likes of the United Kingdom, while he was Australia's special adviser to the prime minister on cybersecurity, Alastair MacGibbon told ZDNet he was keen to give the country a chance to work out its own defence strategy before mirroring others.

Similarly, former Minister Assisting the Prime Minister on Cyber Security Dan Tehan said in 2016 that a centralised approach by government to cybersecurity is dangerous, and it is preferable for departments to take care of themselves instead.

However, Taylor said the approach must be a mix of centralised and devolved.

"I wouldn't say it's purely devolved, that wouldn't work," he said on Thursday.

"We have a minister for cybersecurity and we have a cybersecurity area inside Home Affairs. It's so we can have a mix of the centralised approach with the decentralised execution.

"To me, it's getting the mix right and the balance right between what we do centrally and what we do at the coalface."

Where this comes together is public-private initiatives such as the Joint Cyber Security Centre program. Under the program, five cybersecurity-focused centres in the country's capital cities are aimed at boosting cybersecurity resilience in the country by bringing industry, government, and law enforcement together to share relevant threat information under one roof.

"Inevitably, execution in cyber has to be distributed, there's no other way of doing it," Taylor said.

"The government can't execute cybersecurity for Telstra [for example], but there are central roles that are really crucial in play, particularly on the intelligence side, on setting standards and protocols -- there is a central element and we do a mix of the two and I think these centres give us a chance to get that balance right."

RELATED COVERAGE