Governments across Australia have been urged to promote the adoption of simpler cyber security standards within key priority sectors.
The NSW Cyber Security Standards Harmonisation Taskforce — a public/private sector cooperative involving the NSW government, Standards Australia, and AustCyber, established in mid-2020 — has published findings from its review of Australia’s cyber infrastructure.
The report outlines key recommendations aimed at enhancing cyber resilience across seven key sectors — cloud, defence, education, energy, financial services, health, and telecommunications and ICT.
Underpinning the recommendations issued by the Taskforce are three key principles:
- the provision of new “practical guidance material” across all sectors, which may include guidance on how to select standards, relative to entity size and risk appetite, or on how to implement standards, with reference to specific use cases;
- the revision of existing standards where circumstances warrant a greater cyber focus or where cyber hygiene practices evolve; and
- the use of standards in policy and regulatory responses by leveraging recognised international standards, and referencing or providing a weighting relevant to their application, particularly in relation to procurement processes.
“The digital age is bringing more social and economic opportunities for Australian industry, but with this increasing digital reliance also comes greater security sensitivities and risks,” Adrian O’Connell, CEO at Standards Australia, said.
“With the report complete, we can now begin working collectively toward implementing these key recommendations.”
Victor Dominello, NSW Minister for Customer Service, noted the importance of developing a resilient cyber framework in shaping future economic growth, particularly amid the COVID-19 crisis.
“Cyber security is no longer an issue reserved for information security departments. Digital infrastructure is at the heart of driving Australia’s recovery from the COVID-19 pandemic and cyber security functions are an insurance policy for a resilient economy,” he said.
“As consumers, business owners and citizens, we all need assurance that the products and systems we use are secured to the highest industry standards.
“In order to achieve this, we needed to simplify the range of current security standards. By having an ever-growing plethora of different standards, it was difficult for governments and industry to know what they were buying in regards to cyber security.”
Michelle Price, CEO of AustCyber, said standardising cyber security practices would ultimately enhance business confidence.
“[If] used in combination with the latest advances in technology, and embedded across global supply chains, they can assist in guiding base line cyber security requirements,” she said.
“This will help raise the posture of small to medium enterprise (SME), organisations and government agencies to compete in the Australian market and internationally.
“Ultimately, a globally competitive Australian cyber security sector will underpin the future success of every industry in the national economy.”
The Taskforce is now in the process of developing a publicly accessible list of standards relating to cyber security, which span the seven priority sectors identified in the report.
This is expected to include a website that communicates the business benefits around the adoption of standards.
The Taskforce’s standards aim to serve as an essential asset for boards, executives and relevant decision-makers, in a bid to embed the new framework across the whole economy.