GUEST OPINION: The Australian Government's newly unveiled Cyber Security Strategy for 2023-2030 marks a significant milestone in the development of Australia’s cyber defences. This strategy introduces a layered approach through six 'shields' designed to protect against escalating cyber threats by empowering Australian citizens and businesses.
Within Australia's Six Cyber Shields are some really encouraging commitments, particularly within shields five and six, that will be warmly welcomed by many in our nascent security sector:
Shield 5 (Sovereign capabilities) bolsters Australia's in-country cyber skills and encourages technological innovation. It supports upskilling the workforce and provides funding for Australian start-ups and SMEs to address cybersecurity challenges creatively.
Shield 6 (Resilient Region and Global Leadership) underscores the importance of securing government agencies by adopting internationally recognized zero-trust approaches. This shield aligns with global best practices, like the U.S. Government's Zero Trust Executive Order.
Zero Trust at last
The move to officially enforcing Zero Trust architecture; moving from traditional perimeter-based defences to a more dynamic, data-centric approach, is underpinned by Attribute-Based Access Control (ABAC) technology.
ABAC enables Zero Trust by using fine-tuned policies that consider multiple attributes (e.g. user, document, environment, time, etc.) to control access to information in real-time. This model is particularly effective in preventing unauthorised access and data breaches, as it dynamically adapts to the context of each access request. Further, in the event of a breach, it helps with digital forensics: finding out when, where and exactly what data was exposed or stolen.
This will not be a panacea - government agencies adopting Zero Trust architecture does not necessarily mean the rest of the market will automatically adopt the security methodology. There is still a lot of work to be done when it comes to levelling up the understanding of CISOs and other c-suite decision makers, particularly those responsible for businesses that fall under the expanded SOCI (critical infrastructure) act.
However, in an industry where we are often only as strong as our weakest link, building the next generation of cybersecurity technologies from a Zero Trust perspective is an (admittedly overdue) step in the right direction that should be praised.
Building the future of Australia’s cyber capabilities
Perhaps the most encouraging aspect of the Six Shields is the focus on developing sovereign technology. The nature of cybersecurity, particularly regarding government contracts, lends itself to trusted relationships. Over time, this has created quite a significant barrier to entry for newer entrants, even if they come with a fantastic reputation and innovative technologies.
The smaller players often must ‘team up’ with a much bigger defence business (dubbed ‘Primes’ in the industry) to realistically be a contender for a government contract.
It effectively places a cap on how far and how fast Australia’s sovereign cyber companies can grow their own capabilities. That isn’t to say there isn’t value in collaboration; there certainly is. However, the balance has certainly favoured the incumbents for quite some time. Senator David Pocock recently voiced this concern, and the Cyber Security Strategy, specifically calling this out as the strongest signal yet that we may see more Australian businesses able to call the Australian Government as a customer.
The Cyber Security Strategy is a promising sign that we’ll see greater adoption of zero trust technologies like those archTIS offers on home soil. archTIS is a publicly listed Australian company specializing in sovereign information security products built on a zero-trust data-centric methodology. Their services are trusted by the Australian Government and Department of Defence and global enterprises for securing the collaboration and sharing of sensitive data.
Forging the path forward
2023 was another year dominated by cyber incidents. Australia has joined the club of nations that have seen significant data breaches across institutions. The Cyber Security Strategy is a strong signal that effort is being made to address that and rebuild our reputation as a leader in this field. The good news is there is already leading-edge sovereign capability from Australian technology trailblazers like archTIS to help pave the way forward. That’s certainly something to celebrate and a reason to be cheerful as we enter the new year.