Click For Photo: https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2018/12-newguideline.jpg
Debates about cyber security in Australia over the past few weeks have largely centred around the passing of the government's controversial Assistance and Access bill. But while government access to encrypted messages is an important subject, protecting Australia from threat could depend more on the task of developing a solid and robust cyber security response plan.
Australia released its first Cyber Incident Management Arrangements (CIMA) for state, territory and federal governments on December 12. It's a commendable move towards a comprehensive national civil defence strategy for cyber space.
Decade - Need - Government - Step - Path
Coming at least a decade after the need was first foreshadowed by the government, this is just the initial step on a path that demands much more development. Beyond CIMA, the government needs to better explain to the public the unique threats posed by large scale cyber incidents and, on that basis, engage the private sector and a wider community of experts on addressing those unique threats.
The aim of the new cyber incident arrangements is to reduce the scope, impact and severity of a "national cyber incident".
Cyber - Incident - Importance - Crisis - Government
A national cyber incident is defined as being of potential national importance, but less severe than a "crisis" that would trigger the government's Australian Government Crisis Management Framework (AGCMF).
Australia is currently ill-prepared to respond to a major cyber incident, such as the Wannacry or NotPetya attacks in 2017.
Wannacry - UK - National - Health - Service
Wannacry severely disrupted the UK's National Health Service, at a cost of A$160 million. NotPetya shut down the world's largest shipping container company, Maersk, for several weeks, costing it A$500 million.
When costs for random cyber attacks are so high, it's vital that all Australian governments have coordinated response plans to high-threat incidents. The CIMA sets out inter-jurisdictional coordination arrangements, roles and responsibilities, and principles for cooperation.
Cyber - Crisis - AGCMF - Process
A higher-level cyber crisis that would trigger the AGCMF (a process that itself looks somewhat under-prepared)...
Wake Up To Breaking News!