National cyber-security response, skills development crucial to Australia's economic future: Cisco

The government should prepare Australia for the next decade in cybersecurity by implementing a multi-pronged national cyber security strategy that combines multi-sector information sharing, development of state-based cybersecurity training hubs and other initiatives to bolster our national protective capabilities, networking giant Cisco Systems has argued in a formal response to the first-ever Australian Government Cyber Security Review.

That review, which is the first concrete deliverable from the new Australian Cyber Security Centre (ACSC), warned of an “undeniable” and “unrelenting” cyber threat facing Australian organisations and urged the implementation of cybersecurity measures “to make Australia a harder target, increase the confidence of Australians when they are online, and maximise the benefits of the Internet for Australian organisations.”

“Ultimately,” the report concluded, “this will see organisations and their users taking greater responsibility for the security of their networks and information.”

While there is still much work to be done in laying down concrete steps for improving Australia's cyber-security capabilities, the ACSC report has been an important first step that reflects the current government's concrete efforts to address the issue, director of Cisco cybersecurity initiatives Gary Hale told CSO Australia.

“What stood out for me was the pace of digitisation of government agencies,” he explained, referring to the mandate of the new Digital Transformation Office to push government agencies into digital service delivery.

“If you look at these sort of transformations, you know we're getting to a point where we're really pushing the boundaries of IT and quickly. This government has been proactive in setting this up and creating the strongest, and possibly the best, interaction I've seen in the industry. I've seen an absolute commitment from the government to play this out, and soon we'll see the execution plan around it.”

Bolstering Australia's cyber-security capabilities will be a long-term effort, however, with Hale positioning it as a “campaign that's going to run over 10 to 20 years” that requires fundamental cultural shifts in areas such as education of students in cybersecurity issues – including better maths education, to support research in areas such as cryptography.

Cisco's response to the government manifesto has framed the need for cybersecurity intervention in financial terms, warning that “cyber insecurity is taxing Australia's economic growth” and urging partnerships between government, public and private entities in a number of areas.

“The threats to a connected society are outpacing the defences, and GDP growth is being eroded every day,” the Cisco response warns, noting that cyber-security threats are matching or outpacing the technology development cycle “which, in turn, is moving much faster than the currently complex compliance and policy vehicles.”

The rapid pace of change in cyber-security threats was a key theme of Cisco's recently-released Midyear Security Report, which noted strong fluctuations in APAC spam volumes and warned that 'combination attacks' such as Angler, Rombertik, Adware MultiPlug and Dridex were layering attack methods to stay ahead of technology defences.

“Initiatives that address these differences through simplicity and scale are critical if the Internet and IT systems in general, are to deliver maximum benefit”, Cisco's ACSC report response advised.

Foremost among Cisco's recommendations is the creation of a National Cyber Security Strategy, which will position the issue as being of strategic importance “for both national security and national prosperity,” the response says, recommending the creation of a multi-year strategy that builds the capacity, talent, and workforce to support the cyber-security initiatives.

The response envisions making Australia “the safest online place to do business”, measured in terms of metrics such as malware infection rates; strong penalties for cyber-crime activity; accountability and education for board members and CEOs on cyber-security issues; and minimal disruption to essential citizen services due to cyber-security related vulnerabilities.

Read more: A quarter of net traffic will be carried IPv6 by 2019 says Cisco

“Virtualisation” of the ACSC would extend its reach to state-based cyber-security centres on the ground, allowing for more engagement with Australian organisations on the ground and widening access to skilled personnel.

The response also recommends a concerted focus on building cybersecurity skills, with a 25-year outlook developed to promote the funding of relevant cadetships, PhD positions, TAFE-delivered training, promotion of opportunities for women in IT and cyber security, and “a pedagogical view that cyber security should be treated no differently to Maths or English in that it will be a fundamental skill for future generations”.

The ACSC report “was a pretty critical statement in the maturity of where they're going and where they want to be,” Hale said. “As we look across Australia, innovating and driving collaboration through the islands of expertise that we have, has been difficult because we've never created a critical mass. But you need that mass to drive things forward, and the ACSC has been a critical step in doing that.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cyber security reviewskills developmentcybersecurity trainingAustralia's economyciscosecurity strategyIT SecurityAustralian Cyber Security Centre (ACSC)CSO Australiacyber-security

More about APACCiscoCSOTAFE

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place