Stern letter to cabinet ministers urging them to take cyber seriously

The PM’s cyber security minister will pen a stern letter to cabinet ministers urging them and their departments to take cyber security more seriously in the wake of a damning report pointing them out as a ‘weak link’ in the nation’s cyber defence.

The ANU’s National Security College surveyed 22 government and agency IT chiefs finding that 58 per cent felt their board lacked a sufficient understanding of cyber security matters, which 37 per cent admitted were rarely discussed at board level. Researchers found similar results for Commonwealth agencies. Nearly a third of respondents said their board never receive reports on cyber threats.

“The data indicates that executive/board knowledge of cyber risks is inadequate,” the report said, leading to a “reduced capacity to adequately understand, and take seriously, the full range of threats”.

Launching the report, the Minister Assisting the Prime Minister on Cyber Security, Dan Tehan, told the ABC: “What I will be doing is writing to all cabinet ministers asking them to point out to their departmental heads and agency heads the need for them to take cyber security very seriously.”

“[I’ll make clear] the need for them to make sure that there is reporting occurring at senior levels of the executive, and that there is someone responsible at the senior level of the executive for cyber security.”

Joint Cyber Security Centres

Speaking earlier in the day at the launch of Optus Business’ $10m Advanced Security Operations Centre (ASOC) in Sydney, Tehan continued to beat the drum for greater collaboration between industry and government to improve cyber security.

“The key thing is that it’s got to be a collaborative effort,” he said. “it’s going to require government, business and individuals all working together if we’re going to continue to stay on top of the cyber security threat that we face.”

The minister said the soon-to-be-launched Joint Cyber Security Centres, the first of which will open in Brisbane this year, would help towards this effort. Government met with industry figures last week to discuss how the centres would operate.

“We had a meeting where we bought industry together and we shared ideas as to what that centre should look like, what business would like to see, how it works, what ideas they had, how we can make sure the collaboration is working. So we’ve gone away from that, we’re going to look at that, reevaluate and make sure how the centre works is going to work for government and as importantly, industry,” Tehan said.

Breach bill and more funds

Tehan added that he hoped the proposed mandatory data breach notification scheme bill – requiring some organisations to notify the Australian Information Commissioner and affected individuals if it experiences a data breach – would pass through parliament “as quickly as possible” and that he was “not expecting any hiccups”.

Asked whether government funding for cyber defence was adequate following the recent announcement of the UK government’s $3 billion national cyber security strategy, Tehan said: “As this [cyber] issue evolves and as we have to deal with issues, obviously there might be a need for further resources. But at the moment the key thing is: we’ve got a strategy in place, we’ve put dollars behind it, the key now is just to roll out and implement the strategy and that’s what the government’s seeking to do.”