The government is accepting submissions to its review of the national cyber security strategy.

Home Affairs Minister, Peter Dutton, said it was important for government to consult with the public on matters of cyber security.

“Strong collaboration and partnerships are vital to ensure this strategy is well positioned to tackle the cyber security challenges we face as a nation,” Dutton said.

“In the coming weeks I will appoint a panel of cyber security experts to guide development and implementation of the strategy.”

Minister for Defence, Linda Reynolds, said the cyber threats should be a concern to all citizens.

“In 2018 alone, around one in three Australian adults were affected by cybercrime,” Reynolds said.

“The Australian Cyber Security Centre sees hundreds of reports on a daily basis from businesses, families and individuals who have fallen victim to scams, ransomware, sophisticated fraud or the theft of their intellectual property.”

Although the opposition welcomed the update to Australia’s cyber strategy, Labor criticised the government’s record on cyber security.

In a joint statement, Shadow Home Affairs Minister, Kristina Keneally, and Shadow Assistant Minister for Cyber Security, Tim Watts, said the Morrison government had abandoned many aspects of its current strategy – to the detriment of our national cyber standings.

“Australia’s commitment to cyber security has fallen in recent years according ot the United Nations International Telecommunications Union global cyber security index,” the statement said.

“In 2014, Australia ranked third before falling to eleventh in 2018.

“Globally, Australia is ranked in the top five for the most number of data breaches by population.”

Keneally and Watts noted how features of the current cyber strategy, implemented in 2016, had been ignored or abandoned.

According to Labor, since 2017 there has been a lack of annual updates, a failure to hold meetings with cyber security leaders, and the absence of an online cyber threat information sharing portal.

National interest

Cyber threats are becoming increasingly problematic for Australian businesses.

And offensive cyber activity has been leveraged on a geopolitical stage, as seen when the US knocked out a critical Iranian database in June.

Kevin Vanhaelen, Asia-Pacific regional director at cyber security firm Vectra, said Australia should be working hard to shore up its cyber defenses.

"State-sponsored attackers, seeking to do economic and political damage to another country, are naturally drawn to critical infrastructure and services,” he said.

“At one time, manufacturing, transportation, utilities, energy and other critical infrastructure were thought to be impervious to cyberattacks because the computers used to operate them did not access the internet and were separate from the corporate network.

“This is no longer true. The risk of nation-state threats, espionage and internal exposure has risen in today's age of connectivity.”

Operation Tsunami

Last week, the Department of Human Services held Operation Tsunami – a cyber war games training activity.

Operation Tsunami was held on a cyber range that acted as the standalone IT system for the fictional city of Shell Cove (replicated with Lego) and saw teams from government and industry work together in a simulated offensive.

Shell City – the Lego target for cyber attacks in Operation Tsunami. Photo: Dept. Human Services

Minister for Government Services, Stuart Robert, said the event was a vital part of improving cyber awareness.

“This exercise is more than just a competition and aims to solidify relationships between cyber experts from government and business that will be essential in the event of a real attack,” Robert said.

“Australians can have confidence that, in the event of a major cyber-attack, the Australian government and private organisations can work together effectively to stop hackers in their tracks and protect our nation’s critical infrastructure.”

After three long days of attacking Shell Cove, teams finally broke through the city’s defensive and successfully assaulted its critical infrastructure.

Forty-six players and 100 spectators took part in the exercise.