12 Oct 2018
There is a growing cyber security challenge for business – and indeed everyone.
State-sponsored attacks are increasing, targeting intellectual property as well as geopolitical ends. And cyber criminals are seeking to exploit vulnerable people in these difficult times.
"The Strategy is comprehensive with $A1.67 billion funding over 10 years and a range of sound initiatives.”
So it is extremely timely for the Australian Government to release Australia’s Cyber Security Strategy 2020, building on the 2016 Strategy.
The Government’s vision is to create a more secure online world for Australians, their businesses and the essential services on which we all depend. It notes the scale and sophistication of threats is increasing at a time when the cyber economy is increasingly vital for Australia’s economic future.
However, the strategy depends on complementary actions by government, businesses and the community.
ANZ is certainly supportive of this initiative (and indeed I was a co-author of the 2016 strategy in my former role and it is great to see the progress that has been made). As a bank, we participated in a number of consultation sessions and made a public submission for this Strategy.
The Strategy is comprehensive with $A1.67 billion funding over 10 years and a range of sound initiatives - as well as ones included in ANZ’s submission.
Highlighted achievements of Australia’s Cyber Security Strategy 2020 are to:
All in this together
Critically though, partnerships are vital if this strategy is to be effective. The government will create an environment where everyone knows the “rules of the road” - including through legislation if necessary - to improve cyber resilience so Australia can take advantage of the opportunities of an increasingly digital economy.
It is important we have consistent and sound levels of cyber security across organisations as we are all impacted if one organisation suffers an attack - directly if we interact with that organisation or indirectly through the damage in confidence about conducting business online.
Since releasing the strategy paper, Government has already started consulting on changes to the legislative framework concerning the security of critical infrastructure.
Changes that are being proposed include bringing more entities into the framework and mechanisms for Government to provide greater assistance to entities in times of threat.
Different regulators would also play a role in setting and enforcing sector-specific standards for certain entities that are directed at common outcomes. Banks are already subject to the Australian Prudential Regulation Authority’s (APRA) information security standard CPS234.
Meanwhile, other consultation will include reform options including for privacy, consumer and data protection laws and duties for company directors and other business entities.
New powers
Included in the strategy funding is $A66.5 million to assist Australian’s major critical infrastructure providers assess their networks for vulnerabilities and to enhance their cyber security posture.
There is a further $A62.3 million for a classified national situational awareness capability to better enable government to respond to cyber threats to critical infrastructure.
For the protection of business, the government will work with large organisations such as banks and internet service providers to ensure small and medium enterprises have access to cyber security in the normal course of running their business.
At ANZ, we already work to provide customer security services and education and broader awareness raising for customers and across the community through our platforms and public engagement. Far from being an impost, this work to support customers and the community is clearly aligned with ANZ’s purpose and strategy.
ANZ’s approach and initiatives
A number of the Strategy’s initiatives involve countering cyber-crime and blocking threats. A “cleaner pipes” initiative is designed to block malicious communications (emails, SMS and phone calls) before they reach organisations and individuals.
ANZ has been working with other financial organisations and telecommunication companies over the last year to help develop a clean pipes solution. This initiative should significantly reduce malicious messages for organisations and individuals. For ANZ it will help reduce the more than 7 million emails a month we currently block.
We are also collaborating across a range of existing initiatives including increased cyber threat sharing, joint exercising of response to cyber events, and improving cyber skills.
Both from the perspective of my current role at ANZ and my previous work on the 2016 Strategy, I see this new Strategy as an extremely important development. As a partner of the Joint Cyber Security Centres we play a key role in collaborating and sharing information to improve cyber security nationally.
It’s in all of our interests.
Lynwen Connick is Chief Information Security Officer at ANZ
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
12 Oct 2018
04 Dec 2018