The Australian Computer Society (ACS) is pushing for renewed investment in cybersecurity skills as newly announced ICT-strategy commitments by the NSW and Victoria governments put additional pressure on cybersecurity skills that are already lagging demand and are expected to further outpace overall ICT-skills growth in coming years.
The ACS Victorian Cyber Security Paper, launched this week, notes that cybersecurity jobs “are the most difficult of jobs in the technology industry to fill despite being amongst the highest paid”. In attempting to lay down a path to close this gap – and avert future problems caused by “dwindling numbers of STEM students” – the ACS has recommended a range of initiatives including the development of a dedicated program similar to the US National Initiative for Cyber security Education (NICE) public-private partnership program.
The ACS has also recommended establishment of a grants program to support cybersecurity startups and SMEs undertaking R&D; is also exploring the extension of its training accreditations to encompass cybersecurity education; and supports government-funded cybersecurity information campaigns for SMEs and the creation of a Victorian cyber security business advisory service to improve overall cybersecurity posture.
Release of the ACS cybersecurity positioning paper comes just days after the Victorian government launched its IT Strategy for the Victorian Government, 2016 to 2020 – which has been designed to lift the state's woeful IT project-management practices as well as its failure to apply IT-security protections as repeatedly identified in damning Victorian Auditor-General reports in 2013 and again in late 2015. Among its raft of initiatives, the newly announced policy lays down a commitment to develop a formal cyber security strategy (due by December) and a State Emergency Response Plan for cybersecurity – both of which will likely draw on the federal government's recently launched national Cyber Security Strategy for at least some inspiration.
The Victorian government has been working hard to position the state as Australia's epicentre of cybersecurity research and has been heavily spruiking deals such as the establishment of the Oceania Cyber Security Centre (OCSC) – a joint facility linking eight Victorian universities, the Melbourne-based Defence Science Institute and private-sector partners with Data61's national cyber security centre and the first-ever international office of Oxford University's Global Cyber Security Capacity Centre (GCSCC).
“Victoria is leading the country in data and cyber security so we are well-positioned to partner with the Commonwealth Government on their new strategy and lend our state’s expertise to growing this critical industry,” minister for small business, innovation and trade Philip Dalidakis said in a statement at the launch of the federal policy in April. “Not only will it be a safeguard for our digital economy but it will be a significant economic driver for the state.”
In a nod to the growing pressure for governments to set privacy-protection examples, Victoria's policy highlighted the importance of secure account technology, consent models and “new cyber security tactics to mitigate emerging privacy threats”. “A fast-escalating cyber threat landscape means that government must take a strategic approach to managing system security,” the report notes, highlighting persistent cybersecurity issues including minimal common network standards; lack of a consistent available standard Wi-Fi network; lack of network carriage sharing potential; increased security threats from inconsistent security-management practices; and inadequate network design to securely support untrusted BYOD devices and external partners.
Yet even as it lays down its cybersecurity agenda, Victoria's investments will drive a renewed need to bolster cybersecurity skills in government and outside of it.
As the ACS and other bodies have recognised, low numbers of university graduates in cybersecurity-related fields means the growing number of security-related positions will be increasingly difficult to fill. Last year's Australia's Digital Pulse report, jointly authored by the ACS and Deloitte Access Economics, highlighted the extent of the problem as growing demand pushed employers to need 40,000 extra ICT workers – of which cybersecurity expertise was a key specialty.
“While the presence of cyber security research and development capabilities is a sound basis to position Melbourne as a hub of cyber security expertise,” the ACS policy says, “more investment and effort is required to develop a thriving cyber security ecosystem needed to participate in the global market for new and innovative cyber security solutions.... Given the increasing cyber threat to governments, government departments should be active collaborators and sponsors in the development and trial of new products based on identified needs.”