Would you join the Australian Civilian Cyber Corps?

This would be the cybersecurity equivalent of the Rural Fire Service or SES – at least that’s one vision outlined in National Cyber Resilience, a discussion paper released by Labor last week.

In reference to a year that has so far unleashed devasting bushfires and a global pandemic, the paper examines the state of Australia’s current ability to combat and recover from major cyber threats that affect government institutions and businesses.

Shadow Assistant Minister for Cybersecurity, Tim Watts, said Australia needs “a new approach” to cybersecurity on a national level.

“We need policies that bring cyber security to the community and build cyber resilience throughout the country,” Watts said.

“Just as public health experts recognise the collective benefits of improving the overall health of a population, so too should cyber security experts recognise the collective benefits of lifting the baseline cyber security capability throughout a nation.”

One way to lift that cyber baseline in Australia, according to Labor, is through community engagement via a Civilian Cyber Corps.

These would be “professionally led, volunteer driven organisations” akin to volunteer rural fire services aimed at improving “the collective safety of their community”.

Citing Civilian Cyber Corps in Estonia and Michigan, the paper suggests an Australian Civilian Cyber Corps would be responsible for education, strengthening cyber resilience, and responding to cyber crises.

This would presumably leave more room for the Australian Signals Directorate to conduct offensive operations.

Finding qualified cyber professionals to lead these civilian cyber units could be a difficult task, however, as the demand for cyber experts is already far outstripping the local supply of talent.

AustCyber predicts a “severe shortfall” in cybersecurity skills over the coming years and expects that Australia needs another 17,000 cyber workers by 2026.

Labor’s policy thus wants to first enhance local cyber skills by “growing the pipeline of Australians studying cyber security qualifications through our education system” and “creating more mid-career pathways for general IT professionals, developers and systems administrators” to help them transition into cybersecurity roles.