US CNAP sets pace as Australian industry continues “holding breath” for overdue cybersecurity policy

Australia's security industry is on tenterhooks waiting for the pending release of the government's revised national cyber security policy, the release of which one expert believes will be crucial in initiating a new wave of security investment and skills development.

“We've been holding our breath for a long time” for the release of the policy, Nuix CEO Eddie Sheehy told CSO Australia. “A lot of work was done on it last year, but having the present PM's grouping of ministers, and his own stamp on it, will be very important to actually getting tangible detailed actions” to improve the country's cybersecurity posture.

Sheehy, who was one of several dozen Australian security experts who travelled to San Francisco this month as part of AusTrade's Digital Technology Australia-United States Business Week, pointed to US President Obama's recent Cybersecurity National Action Plan – which backs rhetoric on cybersecurity with clear action points and funding commitments – as an example of the type of cybersecurity policy that Australia needs to embrace to deliver an effective, meaningful response to increasing threat levels.

“The release of the national security strategy would get people serious about having the right level of meetings to drive up the awareness of individuals for their responsibility in fixing this,” he said. “A lot of Australian CSOs know about threats but the fear factor is there, and I don't think they know what to do. We should all be helping them in that.”

In October, prime minister Malcolm Turnbull rejected a draft report of the Australian cybersecurity review on concerns that it offered too little by way of practical initiatives; a deadline has not been set for the revised document, which Sheehy says he is both meatier and given more teeth as an enforcement tool.

Education around technologies such as 2-factor authentication will help boost overall security, as will a redoubled effort to impress upon the users the importance of “hygiene elements” such as not using simple passwords to protect sensitive corporate resources.

“There should be a ground-up education undertaken,” he explained. “However secure our environments are now, the threats are increasing. We have to increase our level of knowledge, but we also have to stop making the easy mistakes. And we've got to start to make ourselves small targets” by fixing poor password hygiene and other common mistakes.

Support for mandatory breach legislation will play a role in improving the overall awareness around cybersecurity in Australia, Sheehy said, noting that building effective cybersecurity defences here inherently relied on a collaborative 'carrot-and-stick' approach that “will be a much better solution for Australia because we don't have the same depth of cybersecurity expertise as there is in the US.”

Reiteration of strong policy support for the cybersecurity industry – already made to some extent by the $30m Cyber Security Growth Centre announced in December – will “feed the talent pool” and encourage more companies to bring their talented staff to Australia, Sheehy said.

“I'm a huge believer that the pace of change in technology over the last few years is getting faster and faster,” he said, adding that defensive efforts would fall behind “unless we actually apply that change to things like cybersecurity. The best part is that the conversations are being had – and if you can get all of those views out in public, you can start to create policies on them.”

The AusTrade event's climate of sharing was the kind of thought-provoking exercise that would help identify commonalities across the sector and drive future policy innovation based on shared principles. It also highlighted commonalities between the Australian and US delegations to the event, which saw a strong consensus around the importance of privacy and universal backing of Apple in its escalating stoush with the US government over iPhone privacy.

“I was in a room full of 50 people that included some very high-powered American organisations,” Sheehy said, “and not one of them really believed that Apple should break the encryption on that iPhone. There needs to be better ways of doing this, but it's really good to see America talking about privacy. In the end, people have to be true to what they are.”

Join us at the CSO Perspectives Roadshow Read more: Australian execs less involved in security than APAC counterparts as business interruption surges: Telstra in March.

Hear from International keynote speakers:Robert Lentz, and Graham Cluley,

A Security Awareness stream

18 different interactive Security Exchange discussions

Read more: The week in security: Why scammers and extortionists love Australia; Apple cites US Constitution in FBI fight

Join CSO for a day of networking with your peers, engaging and discussing topics relevant to you, hearing from some of the top worldwide IT Security leaders in the market and attending the exhibition floor to win some amazing prizes.

Join the CSO newsletter!

Error: Please check your email address.

Tags NuixEddie SheehyMalcolm Turnbullcybersecurity policyPresident Obamaenterprise securitygovernmentCSO Australiasecurity policyCNAP

More about AppleCSOIT SecurityNuixTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place