ICT, defence and consultancy executives have dominated the composition of a new Industry Advisory Committee (IAC), which was announced as the government moves to ramp up the implementation of its 2020 Cyber Security Strategy and bolster its efforts to keep Australians safe online.

Chaired by Telstra CEO Andrew Penn, the new IAC represents the next phase in a process that began late in 2019, when Dutton formulated a 2020 Cyber Security Strategy Industry Advisory Panel – also chaired by Penn – that provided guidance and 60 key recommendations as the government moved to finalise the strategy it ultimately released in August.

The IAC, Dutton said in announcing the committee and its composition, “brings a wealth of experience from both the public and private sector that will build on the success of the Industry Advisory Panel and ensure industry will continue playing a vital formative role in shaping the delivery of actions set out in the Strategy.”

Public-sector and consulting members of the ten-member committee include Cyber Security CRC CEO Rachael Falk; NBN Co chief security officer Darren Kane; AUCloud chair Cathie Reid; PwC Australia trust and risk business leader Corinne Best; and University of WA Public Policy Institute advisory board chair Professor Stephen Smith.

The committee also includes representatives of industries such as defence (Northrop Grumman Australia chief executive Chris Deeble); financial services (NAB group executive technology and enterprise operations Patrick Wright); telecommunications (Penn and Macquarie Telecom Group CEO David Tudehope); and critical infrastructure (FibreSense chairman Bevan Slattery).

“It is hard to imagine a more important piece of work,” Penn wrote in a reflection about his re-appointment.

Given the myriad changes wrought by the COVID-19 pandemic, he said, 2020 “marks a turning point for cybersecurity in Australia”.

“Connected technologies are now right at the heart of the lives of most Australians,” he said, “and increasingly pivotal in shaping our economy, our society and our prospects for the future.”

Efforts to secure enabling technologies and infrastructure had come “not a moment too soon”, Penn continued, noting that fighting “more abundant and better resourced cyber-criminals and cyber-activists, and increasingly sophisticated and emboldened state actors” would require defences that are “increasingly sophisticated and in-depth”.

Fine-tuning the voices

The new IAC preserves half of the IAP’s membership, with Penn, Deeble and Kane all having helped winnow down over 200 written submissions (156 of which are publicly available) to formulate the recommendations in the IAP’s final written report.

That report and subsequent strategy were welcomed by the cybersecurity industry, with the Australian Information Security Association (AISA) calling it “well thought out, considered, and a comprehensive plan for the future” while warning that it was still too early to see whether its $1.67 billion in funding “will deliver the right outcomes” until details are released and executed.

“Offering a carrot will be far more beneficial than wielding a stick when it comes to ensuring industry plays a more proactive part in their own cyber defence,” the AISA board warned while questioning whether scope creep could see new obligations placed on “a wider group of businesses”.

Ensuring equanimity and liaising with other industries will be crucial for Penn as the committee helps raise the tide of Australian industry’s cybersecurity capabilities as it pivots into new COVID-normal operations.

These concerns were recently echoed by NAB CEO Ross McEwan, who recently joined Penn in an AFR webinar to warn that “there’s a major piece of work that needs to be done together to stop these [malicious] activity players coming into the country, and stopping them at the source…. It’s only going to get more ferocious.”

Penn’s involvement echoes Telstra’s increasingly prominent role in doing just that, with efforts such as its Cleaner Pipes initiative and a new SMS scam-filtering pilot helping block malware and malicious activity far upstream from the end user.

Australia needs cyber defences that are “strong, adaptive and built around a strategic framework that is co-ordinated, integrated and capable,” Penn wrote.

“Our ability to fully embrace a digital future is central to our post-COVID-19 recovery and long-term competitiveness.”