The government has expanded its cybersecurity spend to $1.6 billion over ten years with the release of its 2020 Cyber Security Strategy.
The spending boost tops up the promised $1.35 billion announced in late June.
Prime Minister Scott Morrison framed the updated strategy around protecting critical infrastructure, businesses, and organisations that he warned in June were being threatened by international malicious cyber actors.
“We need to protect the essential infrastructure and services that make Australia run,” Morrison told a press conference on Thursday.
“We need to protect our economy, working with all the businesses in our economy who share in that responsibility.
“And we need to protect you and your family from the dark web and the trolls and those who would seek to take advantage of the most vulnerable in our community, the elderly and others.”
The government has proposed reforms to the Security of Critical Infrastructure Act 2018 which will mandate stronger cyber defense from infrastructure owners.
And it is committed to developing Australia’s cyber skills through its Cyber Security National Workforce Growth Program which secures a further $26.5 million investment through the Cyber Skills Partnerships Innovation Fund.
Overall, the government will look to spend $90 million to grow Australia’s skills in the coming decade.
ACS President, Dr Ian Oppermann, welcomed the government’s recognition of IT professionals in keeping Australia secure.
“Promoting greater collaboration to build Australia’s cyber skills pipeline is an important aspect of the strategy, with the 2019 ACS Digital Pulse reporting a shortfall of over 100,000 skilled IT workers by 2024,” Oppermann said.
“The recognition that this responsibility goes beyond governments and includes business, industry and the community is also welcomed, particularly the emphasis on raising community awareness towards online threats and educating small to medium business on mitigating risks to their operations.”
The government's vision for a more secure Australia. Source: 2020 Cyber Security Strategy
Managing director of Macquarie Government, Aidan Tudehope, said the current dire economic outlook further highlights a need to invest in cyber skills training.
“With COVID, we are facing the greatest economic crisis in 100 years and cyber security sector is a key sector to provide the jobs of the future," Tudehope said.
“The various government agencies responsible for implementing the strategy need to use it to help address the mass levels of unemployment being experienced across Australia.
“We can’t afford to wait two-to-three years when it will be too late to innovate our way out of this crisis.”
Catching cyber crooks
Following recommendations from an industry advisory panel, the government also wants to see cyber criminals held to account and has said it will “work with state and territory governments to prioritise our efforts and equip agencies with the capabilities to make a difference”.
Law enforcement will be further boosted with a $90 million investment in the Australian Federal Police’s cyber capacity.
But some have criticised the strategy’s focus on the government’s own capabilities – saying it is not showing enough investment in the broader cybersecurity ecosystem.
"By my calculations more than 90 per cent of the $1.6 billion is going to the [Australian Signals Directorate] and AFP in one way or another,” managing director of CISO Lens, James Turner, told the Australian Financial Review.
“So really, this is much less of a national cyber strategy, and much more of a warning shot to hostile nation states that Australia is delivering a capability uplift to our signals intelligence and law enforcement capability.”
- A $1.35b defence spending but nothing on developing our domestic cyber security industry/capability.
— Tim Watts MP (@TimWattsMP) August 6, 2020
No local content commitments on procurements, no SME involvement requirements, no R&D spending, no strategic industry policy at all really.
Indeed, planned government expenditure outlines in the strategy how over $1 billion will be spent on ASD personnel, “intelligence capabilities and program administration”, and programs to counter cybercrime.
Just $6.1 million over 10 years is earmarked to support the victims of cyber crime.
Shadow Assistant Minister for Communications and Cybersecurity, Tim Watts, was highly critical of the strategy document on social media.
“[There is] nothing on developing our domestic cyber security industry/capability,” Watts said.
“No local content commitments on procurements, no SME involvement requirements, no R&D spending, no strategic industry policy at all really.”
100 more cyber detectives
Rather than focusing on disruptions to business and organisations, Home Affairs Minister, Peter Dutton, was determined to frame cybersecurity as a threat to family safety.
He used Thursdays announcement to promote the addition of 100 “cyber detectives” to hunt down the “criminal syndicates that are targeting our children online”.
“We wouldn't allow our kids to go down to the park knowing that they were talking to a paedophile in that local park. Why would we allow our kids to do that online?” Dutton asked at the press conference on Thursday.
“We know now that the dark web is essentially the sewer of the internet, where paedophiles and other criminal syndicates hang out, exchange images of children.”
Dutton’s intelligence and law enforcement agencies benefit heavily from the 2020 Cyber Strategy – including some $469 million for the ASD which Dutton wants to use to help the AFP investigate crimes within our borders.
The government regularly invokes the horror of child exploitation material and terrorism to expand state surveillance powers – including the controversial data retention laws.
Dutton himself has repeatedly criticised encrypted chat services for not doing enough to stop the sharing of child abuse materials.
But some Australian police agencies have straddled a dangerous line when investigating child exploitation material.
After successfully infiltrating a dark web site that trafficked child exploitation material, police officers from Dutton’s home state of Queensland continued to operate the website for 11 months between 2016 and 2017.
The operation led to hundreds of arrests and saw 85 children rescued.
Yet the police were condemned by international human rights organisations like Amnesty International who said keeping the site active was a “disproportionately large infringements of children’s rights” by Queensland Police.