Inside Australia's plans to become the most cyber-secure country by 2030
Claire O’Neil, Australia’s minister of home affairs has announced plans to develop a Cyber Security Strategy that will transform Australia into the most cyber-secure country by 2030.
O’Neil made the announcement through her Twitter account.
The ambitious project is in response to the recent Optus and Medibank data breaches that have rocked the news in recent months. The attacks happened within three weeks of each other and are the biggest data breaches in the country’s history.
The Medibank attack affected 9.7 million people while the Optus breach affected 10 million accounts.
The minister has termed them ‘terrible’ events but believes they are the wake-up call the country needed to re-evaluate their cyber strategy.
As part of the new strategy, the Australian Signals Directorate which is currently responsible for responding to cyber attacks will collaborate will join with the Australian Federal Police to form a 100-person offensive cyber team.
“This will be a 100-person team, permanently focused on hunting down people seeking to hack our systems, and hacking back. It will take some time to get this singing, but when it does, it will change the game for cyber in Australia,” said O’Neil.
Moreover, the minister is hoping to involve the whole country in the fight against cyber threats and also collaborate with international bodies from their Pacific neighbours.
The new strategy also includes measures to strengthen the country’s critical infrastructure and government networks as well as make Australia self-sufficient in defending itself.
The new cybersecurity strategy will be spearheaded by three people, Andy Penn, former Telstra CEO, Rachael Falk, one of Australia’s cyber security and telco experts, and Mel Hupfeld, former chief of the Air Force.
The three experts will additionally be assisted by a global cyber expert panel led by former UK NCSC CEO, Ciaran Martin.
And to ensure that companies are not unnecessarily exposing customer data, a new law is being enacted to change the maximum penalties for businesses from the previous $2.22 million (£1.2 million).
The new maximum will be either $50 million (£27 million), three times the value of any benefit obtained through the misuse of information, or 30% of a company's adjusted turnover in the relevant period. Whichever is highest.
“The truth is, we are unnecessarily vulnerable. We did not do the work nationally over the last decade to help us prepare for this challenge,” O’Neil said while adding that she never understood Prime Minister Morrison’s decision to abolish the Cyber Security Ministry after coming to office.
The minister agrees it’s going to take time but the government is fully committed.