How can Australia take a whole of society approach to cybersecurity?

 

In a speech late last year Home Affairs and Cyber Security Minister Clare O’Neil outlined a broad cyber security strategy for Australia that would see the country become the most cybersecure country in the world by 2030, and;

“Bring the whole nation into the fight to
protect our citizens and economy”.

 

While the Minister also announced a panel of three experts to guide the government’s strategy, details are still fairly limited. However, the whole nation or whole of society approach to cyber security has worked elsewhere in the world with remarkable success.

Take Denmark, for example, which has been ranked by security research firm Comparitech as the most cyber-secure nation in the world for the last several years, from 2019-2021. Denmark’s wake-up call, or their Optus moment, was in 2017 when hackers gained access to personal details of members of their security forces. This sparked a renewed concerted effort from the Danish government to take the growing threats of cyber-attacks seriously.

Since then, Demark has unveiled and implemented several measures to boost their nation’s capabilities. Some of these strategies are familiar to many of us, like the widespread use of two-factor verification, but others, like the country’s “My Digital Self-Defense” app, which notifies users in real time about new scams and virus threats, brings personal cyber security into the palm of a user’s hand.

An app or platform created and administered by the Australian Cyber Security Centre in collaboration with other relevant agencies should be high on Federal government’s agenda. Empowering people with advice, alerts and information on cyber threats is crucial and can be done quickly for a very cheap investment.

This is critical as when it comes to new threats; they often gain a foothold before the broader population is made aware of them.  If Australians embraced a cutting-edge cybersecurity-focused free app, like the Danish version, this would not only help to prevent scams and the spread of viruses but also help to educate the broader populace.

One pressing issue that needs to be urgently addressed if we are to reach the Minister’s 2030 ambition is the severe shortage of cybersecurity experts. A recent 2022 study from Pluralsight, identified cyber security as the most significant technical skill shortage globally. It’s predicted that Australia will have a shortfall of 30,000 cyber professionals over the next four years and we’ll be competing globally for qualified talent.

A relatively cost-effective approach they could be implemented quickly would to be provide cyber security tertiary places subsidised by the government like in the UK. The return on investment on these students would be high and quick as they entered high paying (and higher income taxed) jobs. Another high value option would be for accelerated visas for graduating international cyber-security students.

While the longer term skills challenge won’t be fixed quickly or easily, now is the time for government to invest in our future.  The UK, the US and countries like Israel have all heavily invested in cybersecurity, and computer literacy programs, starting at kindergarten level. In the UK the CyberFirst program offers education, free courses and competitions for young people from the age of 7 to 17. It also offers thousands of free places on CyberFirst courses at UK universities and colleges.

Our future as a global cybersecurity player is reliant on the next generation of Australian cybersecurity experts. Introducing children from an early age to some of the fundamental building blocks of staying secure online and then progressing to the basics of coding and more advanced IT concepts as they mature will ensure we have a strong pipeline of high school graduates ready to become our cybersecurity experts of the future. NSW is set to rollout the Australian first cybersecurity course for secondary students in 2023, and it should be a priority for all states and territories to follow NSW’s lead.

The federal government’s plan to become “the world’s most cyber-secure country by 2030” is an ambitious one, and there’s no doubt that 2022 was the year were woken from our cyber slumber. We can’t risk sleepwalking into 2023 and beyond without some bold, swift and transformational actions from business and government.

Disclaimer: The information provided in this article is not intended to amount to legal advice. Professional assistance may be required to determine the most appropriate action to protect your legal rights.

Get in touch