Just over a year since it was abolished, there are multiple calls for the government to reinstate the position of Minister for Cyber Security in submissions on Australia’s 2020 Cyber Security Strategy.
The dedicated role for cyber security lasted less than a year itself, when Prime Minister Scott Morrison shuffled up his ministry after succeeding Malcolm Turnbull in the role in August last 2018, with then-junior minister for law enforcement and cyber security Angus Taylor instead re-assigned to Minister for Energy.
It's a move that several bodies have called to be reversed in their submissions on Australia's 2020 Cyber Security Strategy.
"The 2016 Strategy set an overarching framework which included the establishment and allocation of resources for a number of key government responsibilities," wrote the Australian Industry Group in its submission this month.
"These included the Minister Assisting the Prime Minister for Cyber Security, Special Adviser to the Prime Minister on Cyber Security, Ambassador for Cyber Affairs, AustCyber, and ASD.
"Unfortunately, a minister dedicated to cyber security with the responsibility to develop expertise on cyber security matters and advocate within the Australian government for industry no longer exists. We consider this role is critical.
"Therefore, this type of minister should be reinstated that can take a holistic view, have full responsibility for managing cyber security policy and can operate across relevant departments."
This position was echoed by Peter Coroneos, international vice president of the Cybersecurity and Cybercrime Advisors Network (CyAN).
"We believe consideration should be given to reestablishing a separate Cybersecurity portfolio within government," Coroneos published in his submission.
"This would send a strong signal to business and the public that the issues our members contend with on a daily basis are receiving the focus and attention they deserve."
Currently, the role is loosely filled by Minister of Home Affairs Peter Dutton, as well as Minister for Cyber Safety and Communication and the Arts Paul Fletcher.
The latter, however, is more focused on consumer safety and things like cyber bullying and inappropriate online content.
Microsoft's submission suggested that five critical functions be spread across three different agencies; the Australian Cyber Security Centre (ACSC), DHA and the Department of Foreign Affairs and Trade (DFAT).
These functions are as follows:
- Policy and planning function: lead the nation’s development, co-ordination, alignment, and integration of cyber security policies, strategies and plans.
- Outreach and partnership function: lead and manage relationships and interfaces across the government and with other nations, institutions and the private sector.
- Communications function: co-ordinate regulatory and non-regulatory communication, including messages, documents and publications, and statements, to all stakeholders on behalf of relevant government authorities; manage communication during a crisis or emergency; act as a point of contact for media, organisations and the general public seeking information about programs, policies, procedures, statistics, and services. A greater focus and investment in the communications function is worth considering as a part of the 2020 strategy.
- Operations function: ensure effective co-ordination and deployment of resources in response to cyber threats and incidents.
- Regulatory function: oversee compliance with cyber security regulations, including by developing guidance to help organisations understand the relevant requirements, interacting with regulators who will enforce compliance, establishing an incident reporting framework, and collaborating with other units to update regulatory obligations.
"If the desire is to maintain the current structure, the government should consider whether the existing governance arrangements are ensuring that cyber functions performed by the Australian government are collaborative and co-ordinated," Microsoft added.
"One possible improvement could be to have a single co-ordinating minister and/or a co-ordinating executive with oversight across all cyber functions within the existing machinery of government arrangements."
The 2020 Cyber Security Strategy
The successor to Australia's 2016 Cyber Security Strategy, the 2020 iteration aims to build on the government's $230 million investment three years ago "to position Australia to meet the rapidly evolving cyber threat environment".
The membership of the 2020 Cyber Security Strategy Industry Advisory Panel was announced yesterday, who will provide strategic advice on the development of the strategy.
The panel membership is as follows:
- Andrew Penn (chair), chief executive and managing director, Telstra;
- Robert Mansfield, AO, chair, Vocus Group;
- Robyn Denholm, board chair, Tesla;
- Chris Deeble, AO, CSC, chief executive, Northrop Grumman Australia; and
- Darren Kane, chief security officer, NBN Co.
"Since the release of the 2016 Cyber Security Strategy, the cyber threat landscape has shifted and evolved dramatically," the government said.
"The magnitude of the threats faced by Australian businesses and families has increased. They will become more acute as our society and economy become increasingly connected. As the threat evolves, so too must our response."