Within the last 12 months, the Australian Government has announced significant strategies and initiatives to modernise and progress Australian Society. For the cyber security world, the most important of these was the 2023-2030 Australian Cyber Security Strategy (also referred to as the six shields strategy) announced In November of 2023.
The Budget, whilst providing for investment in cyber, could have done more to bring the six shields strategy to life. There is a missed opportunity here.
This budget should not be looked at as a stand-alone document:
- When combined with the six shields strategy, it becomes an ambitious roadmap charting a course for a globally competitive industry that safeguards the nation’s interests.
- When viewed in conjunction with other Government initiatives, the budget revealed this week is a tangible manifestation of the government’s strategic outlook, challenging the notion of Australia as merely “The Lucky Country” as famously depicted by Donald Horne.
The Australian Cyber Security Strategy
Briefly, the six shields are as follows:
- Strong businesses and citizens – Supporting businesses within Australia and everyday Australians from cyber threats by providing training, and guidance
- Safe technology – Developing technology that Australian’s can trust and feel safe using
- World-class threat sharing and blocking – Create, expand, and grow intelligence and threat monitoring activities and make this information actionable
- Protected critical infrastructure – Ensure critical infrastructure remains operational, drawing parallels to the SOCI Act
- Sovereign capabilities – Develop and maintain a world class cyber security workforce in Australia, ready to protect Australia from threat actors
- Resilient region and global leadership – Continue to promote the international rules-based order regionally, with a renewed focus in the digital realm
protect Not Just Australia, but Australians too
When the budget is viewed in conjunction with the six shields strategy, there is a fantastic opportunity to progress Australia’s cyber capabilities.
A standout example of this forward-looking approach is the allocation of $288.1 million to fortify the ongoing expansion of Australia’s Digital ID System, with the aim of broadening its accessibility to a wider spectrum of Australians. The Digital ID Initiative aims at reducing the need to constantly provide multiple identification documents when engaging with a new government department or a private business. This investment is geared towards empowering individuals to harness the economic, security, and privacy benefits afforded by Digital ID, aligning closely with the objectives of shield one of the six shields strategy, aimed at combating identity theft – a menace that cost Australia $3.1 billion and impacted 20% of its citizens in 2019. It’s important that the Digital ID is created and implemented properly, it must be fit-for-purpose. To ensure this happens, the Government should take this opportunity to engage with industry from the sectors that the Digital ID will be used within, for example the financial and banking sectors.
If the Digital ID system is rolled out, and it’s not fit-for-purpose it will be a waste of not only government money, but a golden opportunity, consigned to history much like the controversial Australia Card. If Australia can get this right, it not only boosts security but also positions Australia at the forefront of digital identity management – a crucial area for technological advancement.
Equally noteworthy is the government’s investment of $466.4 million, in collaboration with PsiQuantum and the Queensland Government, towards developing the world’s first commercial-scale quantum computer. This initiative will increase Australia’s preparedness for the post-quantum world. This is an area Sekuro’s IRAP capability has seen attention from Government departments recently, namely the Australian Signals Directorate (ASD). ASD’s recent inclusion of a control in the March 2024 version of the Information Security Manual (ISM), urging organisations to evaluate the implications of quantum computing in reference to cryptographic controls is an important step progressing Australia’s readiness for the post-quantum world.
Furthermore, Australia’s gradual but steady strides in space capabilities are underscored by a $38.2 million investment in the Landsat Next satellite program. This initiative aims to revolutionise actionable earth observation, opening new vistas in fields ranging from surface water quality monitoring to agricultural applications, all while bolstering national security and fostering economic growth.
In line with previous budgets, government departments receive a substantial boost to fortify their cyber security endeavours. The Australian Taxation Office (ATO) is slated to receive $187.4 million to combat tax and superannuation-related cybercrime, enhancing its Information and Communications Technology (ICT) infrastructure and fraud prevention capabilities. Additionally, $8.4 million has been earmarked for Veterans Claims processing, aimed at shoring up cyber defences and enhancing case management.
Whilst initiatives like building a quantum computer and the Landsat Next satellite program are important in progressing Australia technologically, the budget lacks in looking at how to improve existing systems. In particular, the security of operational technology (OT) infrastructure appears to have been overlooked, something that shouldn’t occur to technology as fundamental to society as the infrastructure we rely upon. More focus could have been given to critical infrastructure, especially given the Optus outage impacting so many, as this not only protects Australia, but Australians too.
In essence, viewed through the lens of cyber security, this budget represents not merely a standalone document but a continuation and amplification of previous initiatives. The budget should have capitalised on the opportunity to have mapped itself to the six shield strategy to provide clearer leadership and a reinforcement of this previously announced initiative, rather than leave it to industry to find the links.
At Sekuro, we believe in enabling business resilience, not only across the Australian Market, but globally. This budget provides financial support for multiple important initiatives, and it’s crucial that they work and are fit-for-purpose. Bringing Industry to the table will help to ensure that these initiatives not only protect Australia, but protect Australians as well.
The views held in this article constitute statements of opinion, not statements of fact.
Noel Allnutt
CEO, Sekuro
Noel is a driven and award-winning IT leader. He specialises in building teams that enable companies to create a secure and sustainable competitive advantage in the digital economy. Noel also hosts the ‘Building Resilience Podcast,’ which explores the world of sport and deconstructs the tools and ethos of world-class athletes that can help create growth and optimise business and life.
Hollie brown
IRAP / GRC Consultant, Sekuro
Hollie is a Consultant within the GRC team at Sekuro, specialising in IRAP assessments. She has a passion for cyber security in the areas of governance, risk management and compliance, with a background in developing cyber security solutions based on frameworks, risk, and gap assessments.
