Budget's cybersecurity allocations highlight government's multi-faceted defence strategy

The government's recent launch of the national Cyber Security Strategy (CSS) left few surprises for this week's 2016-17 Budget, but clarification around where the $230m in funding will come from did highlight the relative priority of cybersecurity to the variously involved arms of the government.

Detailed Budget expense measures showed the Attorney-General's Department will carry the brunt of the expense around implementation of the CSS, with funding of $12.8m in the 2016-17 financial year increasing to $17.4m, $17.7m, and $18.3m in subsequent years.

This expenditure includes $47.3m to establish Joint Cyber Threat Centres and an online threat sharing portal; $21.5m to expand Computer Emergency Response Team (CERT) Australia; $10m for a cyber-security awareness campaign to replace the long-running Stay Smart Online program; $1.6m to develop national good-practice guidance around cybersecurity; $2m to expand the government's exercising program for cyber incidents; and a cost-recovery system for delivering cybersecurity 'health checks' for ASX100-listed companies.

This was well ahead of the contributions by the Australian Crime Commission ($1.7m, $4.8m, $4.4m, and $4.4m) and Australian Federal Police ($3.1m, $5.3m, $5.4m, $5.4m) – which will both use the funding the bolster their ability to fight cybercrime.

The Department of Education and training will contribute $900,000 next year, $800,000 in each of the two following yeasr, and $900,000 in 2019-20 – supporting the establishment of up to six academic centres of cybersecurity excellence. The Department of Industry, Innovation and Science's (DIST's) contribution of $700,000 next year and $600,000 in 2017-18 will surge to $5.4m in 2018-19 and $8.2m in 2019-20. This expenditure will see DIST expanding the Council of Registered Security Testers (CREST) Australia.

DFAT will also spend $2.7m over four years to establish a Cyber Ambassador within its department, while Official Development Assistance will provide $4m for “cyber capacity building projects in the Indo-Pacific Region”. Despite the Budget's relatively conservative design, firm funding commitments for cybersecurity initiatives reflect the Turnbull government's prioritisation of the area and a commitment to genuine action that will, Mailguard CEO Craig McDonald says, see the CSS driving “easier conversations” between cybersecurity-related private and public sector organisations.

“What a fantastic initiative that [Turnbull] is putting forward,” McDonald told CSO Australia. “It's a fantastic opportunity for innovative companies in Australia to take a fully colaborative approach to closing the gap around cybersecurity. It is an absolute giant step from where we were before.”

CSS-related funding also includes $51.1m for the Department of Defence, which will spend $38.8m to relocate the Australian Cyber Security Centre to a “more flexible facility for public-private engagment”; $11.0m on identifying vulnerabilities in government systems; and $1.3m to conduct cyber security assessments for Commonwealth entities.

Other IT-related investments outlined in the budget include $24.8m on building a business case for veteran-centric reform and $23.9m to improve processing systems at the Department of Veterans' Affairs; $12.4m to upgrade tendering and procurement systems around the implmentation of the Trans-Pacific Partnership (TPP) trade agreement; $3.5m to help the Department of the Environment upgrade critical regulatory workflow systems; $39.2m to upgrade ASIC's industry-monitoring systems; The Budget also allocates an unspecified amount of money for “improved data and service supporting supercomputer capability” at the Bureau of Meteorology, which was hit by a serious cybersecurity breach late last year.

Join the CSO newsletter!

Error: Please check your email address.

Tags certcyber threatsCRESTBudget expense measuresDFATCSS Insightcyber security

More about Attorney-GeneralAustralian Crime CommissionAustralian Federal PoliceBureau of MeteorologyComputer Emergency Response TeamCSODepartment of DefenceFederal PoliceMailguardSmartTPP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place