Australia's Minister for Law Enforcement and Cybersecurity Angus Taylor kicked off this year's Technology in Government event with a look at how the country is faring when it comes to protecting our digital assets.
Taylor said the criminal and national security threats we face today are increasingly characterised by global networks, sophisticated organisation and adept use of technology. Each day criminals and nation state actors use cyber and cybercrime to attack the Australian Government, Australian business and the Australian public. And while we have the tools the stop many of their attacks, characterised by billions of cyber-events that are recorded at gateway devices, Taylor said "This is not a game of certainties - we are not stopping every attack".
But in outlining the government's aim, the minister fell back on a variation of a tired trope that raised a collective groan from the audience.
"As Australia’s cyber security maturity grows and evolves - we must adopt a posture of moving towards zero. Zero successful attacks, zero mistakes and zero negative impact. Stopping the bots needs to have the same singleminded focus as stopping the boats".
Noting that the government was not able to lead on cybersecurtity without getting its own house in order, Taylor outlined a number of initiatives he had seen over the last eight months, since he was appointed to this ministerial portfolio. These included a focus on every aspect of cybersecurity from mainframes to USB sticks.
As part of ‘getting the government’s cyber house in order’ - there are three main initiatives he intends to pursue. These are the implementation of clear standards, expectations and outcomes for our security agencies, departments and ministers; the development of a layered and world leading infrastructure; and focusing on our procurement.
"We must reach a space quickly where ASD is not the answer to every question," he said.
In accepting that new attacks will continue to arise, Taylor noted that there are some similarities to the escalating cyber-threat environment to the era of nuclear proliferation during the Cold War. Like that era, a focus on detection and attribution remains important. But that model breaks down as access to cyber weapons is far easier than the capability to create nuclear weapons.
Taylor said there has been a debate about the merits of Fortress Australia vs Forward Defence – an isolationist policy versus a more interventionist one. In the cyber domain, he said Australia's national cyber defence must be one of forward defence.
"We must build a system that is active, interventionist and collaborative. Collaborative with our allies, our partners and of course most importantly with our private sector".
Hiding behind firewalls is no longer a valid strategy, explained Taylor.
Taylor plans to deliver a new national cyber agenda that raises the bar across the Australian economy. That defensive capability comprises of a layered defence and an interventionist element. The core elements include threat blocking and targeting, a framework for strong attribution and response to cyber attacks, increased data sharing on threats, an insurance market that recognises investment in security, effective awareness campaigns, and a government that is able to lead by example.
While much of what Taylor said was not rocket science to experienced cybersecurity practitioners there was one thing that stood out. Once you scraped away the veneer of the laughable "stop the bots" slogan, there seems to be an understanding that the national cyber security strategy that was launched by the Prime Minister in 2016 was not an end-point but a beginning. Taylor noted the investment in the national cyber security centres that have opened around the country as a way for the public and private sectors to collaborate and that the strategy will need to evolve.
While government tends to be very slow moving in some areas, the words and actions thus far, shows the government seems to be committed to adjusting the strategy and plan and the environment changes and old assumptions are challenged.