{"id":6967,"date":"2020-12-18T05:52:51","date_gmt":"2020-12-18T05:52:51","guid":{"rendered":"https:\/\/www.innovationaus.com\/?p=15761"},"modified":"2020-12-18T05:52:51","modified_gmt":"2020-12-18T05:52:51","slug":"bridging-the-public-private-divide-cybersecurity","status":"publish","type":"post","link":"https:\/\/radiofree.asia\/2020\/12\/18\/bridging-the-public-private-divide-cybersecurity\/","title":{"rendered":"Bridging the public private divide: Cybersecurity"},"content":{"rendered":"

Cybersecurity threats are<\/strong> having a huge impact on all industries across the public and private sectors \u2013 with wide-ranging effects on company trust, the economy, and creating a host of identity and privacy issues. No organisation is impenetrable, but some are better prepared than others.<\/p>\n

InnovationAus asked a leading local cybersecurity policy expert if these threats could be what unites public and private sectors to help build a more resilient Australia in an ever-increasing digital world.<\/p>\n

\u201cMalicious cyber actors are attacking organisations with impunity and without any regard for what type of sector they represent,\u201d said Australian Cyber Security Cooperative Research Centre (CSCRC) head of strategic policy Stephenie Andal.<\/p>\n

Dr Andal spoke with InnovationAus\u2019 James Riley and privileged access management specialist CyberArk\u2019s Australia and New Zealand regional director Thomas Fikentscher as part of the video series Bridging the Cyber Divide<\/a>.<\/p>\n

\"\"
Bridging the cyber divide: James Riley, Stephenie Andal and Thomas Fikentscher<\/figcaption><\/figure>\n

Private and public bodies are being equally be targeted by cyber attackers, whether they be state-backed actors wanting to harm democracy or gain competitive advantage, or cybercriminals driven by profit or malice. However, nuances in the events \u2013 and the interpretation of them \u2013 can make creating suitable legislation complicated.<\/p>\n

As Australia heads into 2021, the nation is staring down radical legislative changes on all things cyber. There\u2019s the big tech media code targeting Google and Facebook<\/a> and the Federal Government\u2019s just-released draft of the Security Legislation Amendment (Critical Infrastructure) Bill 2020<\/a>.<\/p>\n

The critical infrastructure amendment seeks to encompass retailers, supermarkets, banks, law firms and cloud providers in addition to classical critical infrastructure providers such as ports and energy utilities that were captured by the 2018 Security of Critical Infrastructure Act<\/a> \u2014 Australia\u2019s answer to the US Terrorism Prevention and Critical Infrastructure Protection Act of 2017.<\/p>\n

There is certainly a cost to businesses, especially those now captured by the legislation, that potentially do not have the cyber security maturity that is required to bring it up to speed.<\/p>\n

Beyond broadening cybersecurity obligations in the private sector, the amendment would establish structures for government agencies to assist private sector firms during a hack. On paper, government assistance in these instances looks great but it\u2019s hugely problematic for cloud providers like Amazon Web Services and Microsoft\u2019s Azure division<\/a> if a signal intelligence and security agency like the Australian Signals Directorate (ASD) intervenes in a cyber security hack.<\/p>\n

It can create serious trust problems for global tech companies that supply essential IT services for government agencies, not just in Australia but across the world<\/a>. Should Microsoft let an Australian security agency into its network without expecting questions from customers in other jurisdictions?<\/p>\n

At the same time, the line between state-sponsored cyber-espionage is blurring with rough-and-ready ransomware. The WannaCry and NotPetya ransomware outbreaks in 2017 initially looked like the work of cybercriminals but Western governments blamed them, respectively, on the governments of North Korea and Russia<\/a>.<\/p>\n

On the other hand, Dr Andal points to Verizon\u2019s recently released 2020-2021 Cyber Espionage Report that found the sectors most affected by cyber espionage include financial services, professional services and the public sector.<\/p>\n

\u201cI think what\u2019s really critical to note about these global trends is some of the new sectors that are being encompassed within Australia\u2019s forthcoming legislation,\u201d said Dr Andal.<\/p>\n

\u201cThere\u2019s a recognition from the Australian Government that malicious cyber activity happens across multiple sectors, across all parts of our economy and we really need to be doing more and taking a more holistic approach to mitigating these threats,\u201d she added.<\/p>\n

Evidence of Australia\u2019s public sector response can be seen in the consolidation of government cybersecurity functions across the ASD, the Australian Cybersecurity Center (ACSC), and AustCyber, an independent, non-profit Australian cybersecurity growth network that was set up by the Federal Government in 2017 to support Australia\u2019s sovereign cybersecurity capability, she said.<\/p>\n

Dr Andal\u2019s works for the CSCRC, which handles collaboration between industry, government and academia \u2013 somewhat emulating Israel’s approach through the Israel Innovation Authority, which has supported its startup tech scene<\/a> and digital sovereign capabilities since the 1970s.<\/p>\n

Digital sovereign capabilities are a big question for Australia. CyberArk\u2019s Mr Fikentscher believes a lack of understanding about \u2018digital risk\u2019 is hampering homegrown companies from expanding into overseas markets.<\/p>\n

He argues there should be a \u2018digital board\u2019 that helps inform company directors and government agencies as to how to bring cybersecurity into the broader discussion about company risk management.<\/p>\n

\u201cDigital risk [as an outcome from digital transformation] is something that\u2019s quite new, whereas cybersecurity has long been in that space,\u201d said Mr Fikentscher.<\/p>\n

\u201cI believe some organisations, that have always operated internationally and had that exchange to global markets, are a bit more advanced because they have more depth of experience,\u201d he said.<\/p>\n

\u201cWhereas domestic organisations, that are trying to expand internationally, run into problems around digital risk because they just don\u2019t know where to start and how to structure and manage the approach to market properly.\u201d<\/p>\n

The public-private divide on the digital economy spans questions about how government supports Australian security startups, how boards of large companies manage cybersecurity risks, the regularity framework for cybersecurity, and what instruments the government is building for itself and for the private sector.<\/p>\n

The ACSC ensures Australia remains resilient against cyberattacks against government and industry while helping inform citizens and consumers about risks. The ASD got a A$31 million injection as part of the Federal Government\u2019s $1.35 billion Cybersecurity Strategy announced in June<\/a>. The Government stressed that the investment was to boost ASD\u2019s capabilities to fight hackers offshore before they breached local networks.<\/p>\n

But then throw in China and international trade discussions into the equation and new questions arise. There are geopolitical rifts happening between China, Australia, the US and Europe that make the question about public-private partnerships a lot more complicated \u2013 in a world where existing global supply chains are being disrupted.<\/p>\n

\u201cReally, we\u2019re in a very challenging and fast-moving moment \u2013 where, at a global and supranational level, we\u2019re seeing the technological unpicking or decoupling of systems or supply chains as we\u2019ve known it,\u201d said Dr Andal.<\/p>\n

\u201cWe\u2019re in the thick of trying to grapple with what that means for us from a digital transformation perspective, from a cybersecurity perspective and then all the way down to citizens and how we will benefit or perhaps not from that.<\/p>\n

“Many nations are grappling with this, not only Australia.\u201d<\/p>\n

However, Australia could be headed down the right path with organisations like the CSCRC, which have a chance to convince larger Australian Government agencies to support early-stage research that could be commercialised, according to Mr Fikentscher.<\/p>\n

\u201cYou could actually start a research a project at the very early days and bring in one of the big agencies or a private organisation to collaborate as a public-private project,\u201d he said. \u201cThis offers the best of both worlds \u2013 where the public sector provides the guard rails and the private sector is driving this on the innovation side.<\/p>\n

\u201cIt starts with collaboration. If we do that, we can find and develop a lot of good talent within this country, and as a result we would be less reliant on bringing people and skills in from offshore into Australia.\u201d<\/p>\n

The Bridging the Cyber Divide series is produced as a partnership between InnovationAus and CyberArk.<\/p>\n

The post Bridging the public private divide: Cybersecurity<\/a> appeared first on InnovationAus<\/a>.<\/p>\n\n

This post was originally published on InnovationAus<\/a>. <\/p>","protected":false},"excerpt":{"rendered":"

Cybersecurity threats are having a huge impact on all industries across the public and private sectors \u2013 with wide-ranging effects on company trust, the economy, and creating a host of identity and privacy issues. No organisation is impenetrable, but some are better prepared than others. InnovationAus asked a leading local cybersecurity policy expert if these…<\/p>\n

The post Bridging the public private divide: Cybersecurity<\/a> appeared first on InnovationAus<\/a>.<\/p>\n","protected":false},"author":626,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1934,1935,1647,1936,1937,1938,1939],"tags":[],"_links":{"self":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6967"}],"collection":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/users\/626"}],"replies":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/comments?post=6967"}],"version-history":[{"count":1,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6967\/revisions"}],"predecessor-version":[{"id":6968,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6967\/revisions\/6968"}],"wp:attachment":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/media?parent=6967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/categories?post=6967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/tags?post=6967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}