Cybersecurity issues continue to grab headlines as industry and government focus on developing strategies to build cybersecurity capability and competitiveness.
Reports last week of security flaws in the wireless chips used in a wide range of Apple and Android mobile devices came hard on the heels of news that network-enabled toys are being used by hackers to access personal data.
At the same time, Gemalto’s latest Breach Level Index revealed that 1.4 billion data records were compromised last year in 1,792 major data breaches, which represented an 86% increase in attacks over 2015.
In light of such revelations, it’s concerning to see that two of Australia’s three largest government agencies recently failed an audit of their cyber resilience capabilities. The Australian National Audit Office last month found that both the ATO and the Department of Immigration and Border Protection (DIBP) failed to implement or maintain key cyber mitigation strategies required of government departments. Only the Department of Human Services (DHS) was fully compliant with the agreed standard.
While both the ATO and DIBP are now taking steps to address their cyber deficiencies, the issue has highlighted the impact of poor processes and a lack of cybersecurity expertise. The audit found that both departments had failed to implement basic protections such as application whitelisting as well as changing other established processes without assessing the security risks of their actions.
In the US, recent reports have suggested a shortfall of 10,000 cybersecurity positions currently exists across the Government, constraining the abilities of departments to secure key infrastructure.
Seasoned US Government CIO, Steve Cooper suggested a collaborative solution when giving testimony to the House Oversighting Government Reform Subcommittee on IT earlier this month. Cooper, who recently retired after serving as CIO for the US Departments of Homeland Security, Aviation and Commerce, suggested the Government develop a central pool of cyber talent that different departments could draw on as needed to respond to attacks and handle security maintenance.
A similar approach might also be helpful for Australian Government agencies which are finding it challenging to source cybersecurity talent. However, any long-term solution must also include strategies to grow the number of people being trained in cybersecurity as well as educating business and consumers about cyber risks.
I have previously written about the ACS Cyber Taskforce being headed by Professor Jill Slay. The Taskforce work has progressed significantly over the last two months and has included reviewing US frameworks for applicability to the Australian market. These frameworks have included the Cybersecurity Competency Model sponsored by the US Department of Labor, the US Department of Defense Information Assurance Workforce Improvement Program and the National Initiative for Cyber Security Education Workforce Framework.
Given differences in the size of the US and Australian population and economies, it is reasonable to expect variances in occupations and skills used within cyber-related disciplines. The ACS Taskforce has been focused on contextualising this review to develop resources fit for use in the Australian landscape.
The taskforce has also progressed our partnership arrangements with cybersecurity certification bodies ISACA and (ISC) 2 to support us in raising professional standards, disseminating best practice and building confidence in cybersecurity skills.
I am pleased to see the Cyber Security Growth Network (CSGN), which is a government-funded, industry-led body tasked with developing a national strategy to build Australia’s cybersecurity industry, is launching its Cyber Security Competitiveness Plan this week.
The CSGN recognises that only a collaborative approach involving industry, government, the profession and academic institutions can deliver a multi-faceted solution capable of equipping Australia to meet this challenge.
The ACS looks forward to playing an active role in supporting key elements of this plan while also driving our own complementary initiatives to facilitate the recognition of a skilled cyber professional workforce as a key driver for national productivity, innovation and well-being.
Anthony Wong is President of the ACS and Chief Executive of AGW Consulting P/L, a multidisciplinary ICT, Intellectual Property Legal and Consulting Practice.