An advisory panel that will guide the Australian government’s new security strategy “does not reflect the full breadth of challenges facing the country,” according to AustCyber CEO, Michelle Price.
The panel selection has attracted different points of view from across the tech sector with Price saying it has a few gaps. She told CIO Australia that there was an opportunity to cover a diverse cyber sector and that the research community should have been represented.
“There are people from across the economy who has a very different set of experiences that could have been brought to bear. There are some very experienced people involved in the different facets of cyber security that could have brought those different sectoral perspectives as well as contextual perspectives to the table,” she said.
The panel was made public on 25 November after a first meeting of its members and the minister for Home Affairs, Peter Dutton, took place. It consists of Telstra CEO, Andrew Penn; Vocus Group chair, Robert Mansfield; Tesla chair, Robyn Denholm; Northrop Grumman Australia CEO, Chris Deeble; and NBN CSO, Darren Kane. These executives have experience in finance, cyber security, telecommunications and defence.
Price made it clear that she finds the individuals “outstanding people” but the panel is missing a bit of diversity.
She believes the panel can provide good advice around the very big strategic level national types of challenges that are faced by Australia when it comes to just how complex and dynamic the sort of cyber threats and risk landscape is.
However, Price pointed out the bulk of the Australian economy is made of small and micro businesses (97 per cent) and she is unsure of how much advice the panel can provide to also support this side of the economy.
Telecommunications analyst, Paul Budde is positive about this move and he finds it good to see industry becoming involved in such processes and that it is not only a “political motivated policy”, he told CIO Australia.
“It should be beyond politics as it is simply too important for our country. This panel makes a first good step in that direction. We obviously will need to see if the panel will have an effective influence on policies. It should not just be a token or window-dressing,” he said.
Budde said that is also important to know how much resources are available for specialists and others that need to be involved in addressing cyber security issues.
“Furthermore, I believe that there should be far more collaboration in various formats across all three levels of government as well as between government, citizens, industry and academia. They should be equally well resourced in order to provide the valuable input deeded,” Budde added.
When asked about the rationale behind the panel selection, a spokesperson for Home Affairs told CIO Australia panellists “are all eminently qualified, and together, they bring a diverse perspective from careers in the telecommunications, technology, transport, defence and finance sectors”.
“The panel has a depth of practical experience protecting families, businesses and governments from constantly evolving cyber threats and will ensure I am provided high calibre advice on the 2020 Cyber Security Strategy,” Dutton said when the panel was made public.
Gartner managing VP Rob McMillan believes the diversity is actually in the submissions received during the consultation.
“The panel has 213 submissions to consider and these submissions come from a range of different individuals and organisations. Many of those organisations employ highly respected security and risk practitioners,” McMillan said.
“The role of the panel is to synthesise information from the submissions, identify the most significant issues and apply business acumen to develop a realistic roadmap.
“So long as the panel is able to dispassionately assess each submission and draw out the most significant elements – be they emerging risks, operational capabilities and shortcomings, technology sourcing issues, skills and knowledge shortages and requirements, financial constraints, diplomatic concerns, matters relating to international law or indeed anything else that is relevant – it won’t matter what the individual backgrounds of the panel members are,” he added.
Out of the companies represented in the panel, Telstra was the only one to make a submission, which included 33 recommendations, to the strategy consultation. AustCyber also made a submission with 31 recommendations.
In 2016 the Australian Government launched the cyber security strategy, backed by a $230 million investment, which established five themes of action for Australia’s cyber security up to 2020 covering a national cyber partnership, strong cyber defences, global responsibility and influence, growth and innovation and a cyber smart nation.
The strategy stated that “governments, businesses, communities and individuals need to tackle cyber security threats to make the most of online opportunities”.
Only one progress report was published after the first year of the strategy.
With the changes in the cyber landscape the Government decided it needed a new strategy to be able to respond to the evolving cyber threats.
An industry consultation was initiated with 213 submissions received at its closure on 1 November.