Since the Colonial Pipeline ransomware attack in the US in May 2021, and fears about cyber fallout from the Russia-Ukraine conflict, it seems like governments worldwide are permanently on the back foot when it comes to cybersecurity.
But that is perhaps not the case in Australia, where the new government led by Prime Minister Anthony Albanese has appointed a dedicated minister for cybersecurity. It is the first time that cybersecurity has had its own portfolio in the Australian cabinet, with Clare O’Neil appointed Minister for Home Affairs and Minister for Cybersecurity.
To provide some context, in the UK, the minister for the Cabinet Office, Steve Barclay, has oversight of Cabinet Office responsibilities on national security and resilience, including the Civil Contingencies Secretariat and Cyber Security. He recently attended the UK government’s CyberUK 2022 event. But, unlike O’Neil’s, Barclay’s is not a named, dedicated ministerial cybersecurity role.
Why O’Neil’s job is important
According to the Australian Strategic Policy Institute (ASPI), cybersecurity has become a massive, cross-cutting portfolio. Its tentacles stretch from a policy arm in Home Affairs, to operational arms that encompass the Australian Signals Directorate, the Australian Cyber Security Centre, the Australian Federal Police, and the Australian financial intelligence agency, AUSTRAC.
Cybersecurity also typically encompasses the protection of critical national infrastructure (CNI). Cyber threats against CNI are increasing and governments worldwide are having to take steps to recognize them. O’Neil’s cyber remit also covers aspects of election interference, foreign interference, disinformation and hybrid threats, and even critical space assets.
Six cybersecurity challenges for Australia—and everyone else too
In a recent blog post, the ASPI outlined the six cybersecurity challenges facing O’Neil. Arguably, many of the cyber challenges facing her apply to other governments around the world.
One of the first is creating a bigger talent pipeline. The ASPI says that there are only two options: training more people and increasing skilled migration. It suggests migrants should be encouraged to come to Australia and a serious training effort started, including restoring STEM (science, technology, engineering, and mathematics) teaching in schools.
A second priority is measuring impact. The ASPI asks whether mandatory data breach reporting has helped the health sector protect sensitive data; how large the ransomware problem is; and by how much have recent initiatives improved it.
A third focus is the cyber dimensions of AUKUS, the trilateral security pact between Australia, the UK, and the US that was announced in September 2021.
The other three remaining areas include using all instruments of international power to counter malicious cyber actors and cybercriminals as well as putting pressure on financial entities and governments that allow them to operate; building greater cyber and technology capacity in the APAC region; and tackling the challenge of cyber-enabled foreign interference.
Diversity of leadership
The ASPI points out that O’Neil should focus on technology and drive security policy across emerging and critical technologies, arguing that this will consume more of her time every year she is in the job.
It is very early days. O’Neil was only appointed to the cybersecurity role on May 31. But how she succeeds in it will undoubtedly be of interest, not least to other governments. Having a woman representing the cybersecurity sector in government sends a not-so-subtle signal as to the diversity of leadership needed to deliver on a range of cybersecurity concerns, not least the cyber skills problem. Her progress will be worth watching.