The Australian Government has released its 2023-2030 Cyber Security Strategy. The Strategy sets 6 cyber shields that form an overarching framework to bolster Australian cyber security. The shields are as follows:
- Strong businesses and citizens
- Provide more widespread protection for businesses and citizens through cyber maturity assessment ransomware reporting, and the development of the Digital ID program and the National Strategy for Identity Resilience to reduce the need for people to share sensitive personal information with government and businesses to access services online.
- Safe technology
- Increase the safety of technology through a mandatory cyber security standard for Internet of Things devices, voluntary labelling for consumer-grade smart devices, reviewing data retention requirements to strictly what is necessary, and reviewing the data brokerage industry with a focus on the transfer of data through data markets to malicious actors.
- World-class threat sharing and blocking
- Increase the scale of threat-sharing and blocking through a strategic Executive Cyber Council to share threat intelligence, enhance the Australian Signals Directorate’s existing threat sharing platform through an Acceleration Fund, and develop next-generation threat blocking capabilities through the National Anti-Scam Centre
- Protected critical infrastructure
- Ensure Australia’s critical infrastructure and essential government systems can withstand and recover from cyber-attacks by shifting security regulation of critical infrastructure, implementing scenario-based pressure testing of critical infrastructure sectors to identify vulnerabilities through a National Exercise Program, and developing playbooks to guide incident responses.
- Sovereign capabilities
- Grow and professionalise Australia’s cybersecurity workforce through education and training, improving careers in cyber security, and investing in domestic cyber industry and research capabilities.
- Resilient region and global leadership
- Build regional cyber resilience and uphold international law standards by strengthening collective cyber resilience in the Pacific and Southeast Asia by establishing a regional cyber crisis response team, harnessing private sector innovations to improve regional security, and deploying all arms of statecraft to deter and respond to malicious actors.
For a full reading of the report, see here.