Cisco calls on govt to make Aust the safest place online

Cisco has advised the government to create a national cybersecurity strategy that is aimed at making Australia the safest online place to do business, and that encourages partnerships and information sharing between the public and private sectors.

The company gave the recommendations in its response to the Australian Government Cyber Security Review, announced by Tony Abbott in November.

Cisco was selected to give input into the 2015 review. The company’s prepared response states that there is an urgent need to make cybersecurity one of Australia’s top national priorities.

The top cyber challenge for Australia is the increasing frequency of beaches, crimes and disruptive attacks that are causing harm to the economy and society, the response states. Globally, national losses from cybersecurity breaches are estimated to be as high as 1% of GDP. For Australia, this translates to an impact of up to $17 billion per year.

Australia, like countries worldwide, is also grappling with a shortage of cybersecurity professionals. In Australia, most organisations do not have the people or systems needed to continually monitor networks for cyberthreats and infiltrations.

In this context Cisco has called on the government to develop a national cybersecurity strategy that recognises the link between national security and economic prosperity. The strategy should involve a mutually invested partnership between government, public and private entities, Cisco said.

A strategy should encourage both public and private organisations to invest in improving Australia’s cybersecurity capabilities, and seek to ensure that Australian citizens are as well versed in cybersecurity issues as they are in maths or English.

To meet the goal of ensuring Australia is the safest place to do business online, Cisco recommends targets including having the world’s cleanest (least infected by malware) cyber infrastructure, the strongest penalties for cybercrimes, as well as measures to foster accountability on board members and CEOs.

The national cybersecurity strategy should have a 10-year outlook and a 20-year view for skill building, but should also be reviewed every one or two years, the company said. It must take a bipartisan approach that allows a coherent strategy to be implemented beyond election cycles.

Cisco has suggested formalising the roles for all stakeholders within the new Australian Cyber Security Centre (ACSC), which includes the AFP, CERT Australia and intelligence agencies ASIO, the ASD and the DIO. Work also needs to be done to ensure that the centre has a greater influence on the Australian states, the response says.

The ACSC recently published its first unclassified security threat report, indicating that the threat to Australia’s critical systems is growing.

Cisco also recommends Australia set up a network of interlinked cybersecurity centres of excellence, focusing on economically vital market sectors including resources, agriculture, health and financial services, as well as SMEs, start-ups and incubators.

To ensure greater information sharing between the public and private sectors, Cisco is encouraging a regulatory framework that offers protection from or is compliant with privacy, data protection and corporate supporting requirements. Efforts should also include support for machine-speed information sharing systems.

Cisco is also calling for appropriate incentives for investing in security research and development, including the formation of incubators for security start-ups.

Finally, to address the skills shortage and help improve education and training, Cisco suggests initiatives including a program that maps skills and is accountable for hiring, education and training.

The initiatives must take the view that cybersecurity should be as fundamental to education as maths or English, and should extend beyond traditional IT-related higher education courses into non-traditional streams including law and business.

“Australia has acknowledged the link between national security and economic prosperity by establishing cybersecurity as a top national priority, which requires the necessary attention and support to ensure the nation is ready for the next wave of digital enablement,” Cisco Chief Security and Trust Officer John Stewart said.

“By placing cybersecurity at the forefront of the nation’s agenda, the right policies are able to be developed and implemented to effectively address the challenges and future advances in technology.”

Image courtesy of Got Credit under CC