What does the new appointment of a Minister for Cyber Security mean for Australia?

In a sign that the new Labor Government in Australia is set to prioritise cyber security, Prime Minister Anthony Albanese has appointed Clare O’Neil as the new Minister for Cyber Security. This marks the first time the Australian Government has had a dedicated minister for cyber.

Charles Spencer, Regional Managing Director for NCC Group’s Asia and Pacific Region provides thoughts on what this means.

While cyber was not front and centre of Labor’s election campaign, Albanese did commit to prioritising “better and smarter” cyber security as a core pillar of his approach to national security. This focus could be transformational for Australia’s cyber security landscape and could indicate the future of cyber security’s place in national political strategy.

What does the new cyber focus mean for Australia’s cyber security landscape?

In addition to the appointment of Clare O’Neil, Australia’s new Assistant Minister for Foreign Affairs, Tim Watts, has pledged a “a step change” in cyber security culture. This “whole-of-nation endeavour” specifically looks to replicate successful initiatives from the UK in Australia, such as the Industry100 exchange programmes (i100) and Cyber Incident Response scheme. These schemes would enhance collaboration between the government and private organisations to improve cyber security.

Tim Watts also expressed support for providing better legal clarity for security researchers and promoting a more open cyber culture.This would mean involving the cyber security community outside of government in the Commonwealth’s cyber security mission. The approach would follow other countries’ lead, such as recent developments in the US where the Department of Justice has issued legal guidance promoting “good faith security research”. As founding members of the of the CyberUp campaign to provide better legal protections for cyber security researchers in the UK, NCC Group would greatly welcome such change in Australia.

What might we see next?

There is no doubt that concentrating on cyber security will bring a welcome change to Australia’s national security landscape.

The renewed focus on implementing planned regulation and control measures for critical infrastructure will help to bring greater economic and social stability. Moreover, the advocacy for cyber security across territory and portfolios will bring greater consistency, awareness, and risk management for organisations and lead to an improved standard of security. If implemented, these foundations will help to create secure digital borders and position Australia as a global leader in cyber security. The adoption of capacity building initiatives similar to the UK’s i100 in particular will help Australia achieve some if its cyber security ambitions, by making the most of the private sector’s expertise in pursuit of policy goals.

We could see the reintroduction of Labor’s Ransomware Payments Bill, requiring businesses and government agencies to notify the Australian Cyber Security Centre (ACSC) before making a ransomware payment. There have been similar moves in other jurisdictions, including in the US, so it is likely that Australia will follow suit.

Finally, the appointment of Clare O’Neil is another step forward in terms of diversifying the cyber security sector and making space for more female leadership in the field. With new perspectives come new ideas, which will in turn help to accelerate value creation and make the nation a safer and more secure place in terms of cyber.