The federal government announced the establishment of a new industry advisory committee to help guide the implementation of its Cyber Security Strategy 2020. The Industry Advisory Committee will provide advice to the government through regular meetings and report directly to the Minister for Home Affairs.
The 2020 Cyber Security Strategy is firmly focused on protecting families and businesses, especially as they spend more time online, both at home and in their workplaces, the Minister for Home Affairs said. The Committee brings a wealth of experience from both the public and private sector that will build on the success of the Industry Advisory Panel and ensure the industry will continue playing a vital formative role in shaping the delivery of actions set out in the Strategy.
The work of the committee will be essential in light of the key role connected technologies are expected to play in Australia’s post-COVID recovery. While daily life is increasingly connected by digital technologies, more abundant and better-resourced cybercriminals and cyber-activists and increasingly sophisticated and emboldened state actors mean Australia is quite literally under constant cyberattack.
Meeting that challenge requires Australia’s cyber defences to be strong, adaptive and built around a strategic framework that is coordinated, integrated and capable — the 2020 Cyber Security Strategy provides that framework.
The committee will be chaired by the CEO of an Australian telecommunications company fresh off his stint as chair of the industry advisory panel that shaped the development of the new strategy. Meanwhile, the Chair of Australia’s sovereign cloud Infrastructure-as-a-Service (IaaS) provider will serve as Deputy Chair.
The new committee also has two other industry advisory panel members and joining these experts on the panel will be Cyber Security CRC CEO, the CEO of an Australian cloud, data centre, government cybersecurity and telecom company, and the Chairman a firm that provides real-time detection and ranging of objects and events.
Boosting cybersecurity government-wide
On a state level, the NSW government aims to streamline and standardise how agencies go about sourcing cybersecurity contractors by establishing a series of government-wide buying arrangements.
The Department of Customer Service this week approached the market to set up cybersecurity purchasing arrangements (CSPAs), as the need to secure the state’s digital services continues to increase. The arrangements will seek to overcome undisclosed “issues associated with the procurement of cybersecurity professional services to date”, and “ultimately facilitate cybersecurity uplift” across government.
Services expected to be covered by what will in effect be a panel include incident response, vulnerability assessment, maturity assessment, digital forensics, penetration testing and generic cybersecurity professional services.
This move comes in preparation for the government’s parliamentary inquiry into its handling of cybersecurity following a series of high-profile breaches, including an email compromise that saw 738Gb of data, or approximately 3.8 million documents, lifted from Service NSW.
The CSPAs will give agencies the confidence that they are procuring services from “capable suppliers” that have met a set criterion that ensures services are “fit for purposes” while minimising complexity.
This will involve “standardising the definition of services such that they are more easily understood by both buyers and suppliers allows for better comparison”, tender documents state.
The arrangements will also build on the government’s IT consultant fee caps introduced earlier this year by ‘locking in’ pricing. Suppliers will be expected to agree on “cost structures at the establishment of the CSPAs” to provide “confidence in the cost of engagements”.
The CSPAs will sit alongside the whole-of-government Cloud Purchasing Arrangements (CPAs), which were introduced by the department earlier this year to simplify public cloud procurement.