I’m from the government and I’m here to help.
Ronald Reagan said they were the nine scariest words in the English language, but that was the message the minister in charge of cybersecurity basically delivered this week in a bid to ensure government departments were on top of their game when it comes to protecting themselves – and us – against sophisticated data breaches.
And the Australian Public Service was given its orders that it must continually do better in the ever-evolving realm of cybersecurity.
Opening this week’s Australian Cyber Conference in Canberra, Home Affairs Minister Clare O’Neil, who is also the Minister for Cybersecurity, said the public sector needs to be properly equipped to combat cyber threats.
The Federal Government would make sure it was, she said.
Ms O’Neil said recent data breaches across Australia’s private and public sectors have been a wake-up call and the government must now be ahead of the game in protecting against future threats.
“Four months after I took on this role we faced the Optus data breach, and then three weeks later, the Medibank Private incident,” she told the conference.
“The two biggest cybersecurity attacks that have ever occurred in Australian history and they occurred within three weeks of each other.
“These were absolutely terrible events. What the breaches did was wake the country up from a cyber slumber.
“I think it did it politically. But I think it also made a huge difference to how Australians think about these issues.”
The importance of the priority, she noted, was evidenced by Prime Minister Anthony Albanese’s bringing the cybersecurity portfolio into Cabinet.
The government is taking a more coordinated approach than has previously been the case in addressing cybersecurity risks, but it takes every agency to get with the program.
The government has laid out a seven-year cybersecurity strategy and committed $11.4 billion over 10 years to properly tackle the issue.
A reworked Cyber Security Act forcing new compliance obligations on government entities and the business sector has been flagged, as have changes to the Security of Critical Infrastructure Act so customer data is included in the definition of critical infrastructure.
A new national office for cyber security to be headed by a senior official inside the Department of Home Affairs has also been announced.
The overall plan, which is still being worked through with stakeholders, would give the government greater powers to intervene when data breaches occur.
It also opens the discussion about whether companies should be allowed to pay ransoms when hacked.
“I actually really believe that we can be the best in the world,” Ms O’Neil told the conference.
“What we have in Australia that’s really unique is the ability of our government and our parliament to legislate really effectively.”
She said the government and its departments will set the standard for defeating cyber threats and reducing any negative impacts on the community in general.
“Australians face the most complex and difficult set of geostrategic circumstances that we have faced since the 1940s,” she said.
“That is a huge thing for our nation and it, of course, pervades every single conversation that we have about national security as a country.
“So what I’m trying to do is encourage Australians to understand the issues that they face with cybersecurity today.
“But really, to think about in seven years that we are going to be living in a different world for this problem, and I want our country to be ready to confront it.”