'Marvel superpower': Home Affairs wants industry to rely on its cyber powers more often

Home Affairs Secretary Mike Pezzullo provides tips on how organisations should approach cybersecurity, including partnering with government and setting up cyber mousetraps for older mainframes.
Written by Campbell Kwan, Contributor

Home Affairs Secretary Mike Pezzullo has called on the private sector to work more closely with the federal government when it comes to cybersecurity as there is certain information that only government agencies are capable of uncovering.

"We've got a superpower over here -- like a Marvel superpower -- that you could really use. We want to gift this to you," said Pezzullo, who appeared before Senate estimates on Thursday night.

"Sometimes we can see things they can't see. They might see the attack coming in across their wire. We might be able to see the attacker."

When explaining how government cybersecurity capabilities differ from those of the private sector, such as those possessed by the Australian Signals Directorate (ASD), Pezzullo said the federal government ideally wants the private sector to receive this assistance on a partnership basis rather than on a "last resort" one.

"It's really about building those relationships, which are not in any way going to denigrate the professional expertise of the private sector teams. It just accepts the reality that we have access to more sensitive information," Pezzullo said.

"Once you get through some of the initial distance and you build the partnership, we want to move from a point where direct regulatory consequences are not only a last resort but almost, to an extent, a failure of the relationship."

During Pezzullo's appearance before Senate Estimates, he also shared department advice regarding how organisations should approach building cybersecurity on older mainframe systems as well as what smaller businesses could do to improve their cybersecurity postures.

"The ASD advice is very particular. It says to patch at least on -- from memory -- a 28-day cycle. If you can't, mitigate it by putting sensors and cyber mousetraps around that older infrastructure," Pezzullo told Senate estimates.

In all instances, the Home Affairs secretary noted that the idea is to always "conform at the highest level" where possible, even if a system does not have virtualised software controls and is unable to patch quickly. Pezzullo added this is the cybersecurity protocol  undertaken by Home Affairs for its older mainframe systems.

For small to medium-sized businesses, Pezzullo said improving cybersecurity starts with the basics of investing in digital tools that integrate cybersecurity. The government has various initiatives for encouraging cybersecurity uplifts, such as allowing small businesses to deduct an additional 20% of the cost for digital business expenses like setting up cybersecurity systems, but only 25% of small businesses will likely take advantage of these initiatives offered by the federal government, according to departmental analysis.  

"As you deploy in a way that suits your company … don't bolt on cyber as an afterthought. It's got to be integrated," the Home Affairs secretary said.

Cyber is expected to be a growing focus for the Australian government, with the Coalition allocating AU$9.9 billion for bolstering cybersecurity and intelligence capabilities in its Budget earlier this week. It also appears support for bolstering the nation's cybersecurity will be bipartisan, as Labor Party leader Anthony Albanese pledged last week to set a goal of 1.2 million tech-related jobs by 2030 if he wins the upcoming federal election.

"Whether there is a change in government, I don't see the cybersecurity strategies changing in the future. Both parties are committed to protecting Australia against future security risks, whether they're physical, cyber, or space-based," RMIT cybersecurity professor Warren said.  

Related Coverage

Editorial standards