Risk environment rapidly changing, government cyber honcho warns

20 March, 2024
Authorities who are accountable for critical infrastructure will be asked to outline what's being done to improve cyber security.

Australia’s threat environment has changed significantly since the launch of the nation’s cyber security strategy just five months ago, a senior bureaucrat has told an industry event.

Hamish Hansford (L) in discussion with Gartner’s Richard Addiscot on March 18, 2024.

Deputy secretary of cyber and infrastructure security in the Department of Home Affairs Hamish Hansford provided a wide-ranging overview of progress on the Australian Cyber Security Strategy at Gartner’s Security and Risk Management Summit on Monday.

The strategy, released on November 22 last year, sets out six targeted areas around cyber security and risk management.

Described as a ‘game changer’ for national security, the strategy is also designed as roadmap to help the government realise its ambitious target of becoming a world leader in cyber security by 2030.

Since the launch of the strategy last November we’ve seen a significant change in our environment.

Hamish Hansford

“The government set the ambitious goal of how do we be a global cyber security leader by 2030,” Mr Hansford said.  

“Now the question is how do you get there in seven years? That’s what the strategy is about.”

Emerging vulnerabilities

The Volt Typhoon cyber operation, targeting critical infrastructure in the US, has been a ‘major step change’ in the post November 2023 threat environment, Mr Hansford said.

The Australian Signals Directorate on February 8 issued an alert on Volt Typhoon, saying US law enforcement and cyber security agencies believed state sponsored actors from People’s Republic of China were trying to infiltrate US IT networks for cyberattacks against critical infrastructure in the event of a major crisis or conflict with the US.

Mr Hansford also said the 2021 ransomeware attack on the Colonial Pipeline in the US, in which an attack on an IT system led to the shutdown of critical operational technology, indicated potential future vulnerabilities in terms of critical infrastructure.

“Our view is that increasingly we might see attacks that get into ICT infrastructure and then latch or move into OT,” he said.

“We need to think about protecting OT because I think that’s the most critical when it comes to catastrophic cyber incidents.”

Protecting critical infrastructure

Despite the ongoing challenges, work on the strategy is progressing, Mr Hansford said, with protection of critical infrastructure – including 168 systems deemed to be of international significance –  front of mind.

“(Cyber security minister) Clare O’Neil is going to write very shortly to all of the accountable authorities to outline how we’re going to improve our cyber security posture,” he said.

“The focus this year and next year will be on the relationship between government and critical infrastructure, that’s the challenge we’re focused on.

The focus this year and next year will be on the relationship between government and critical infrastructure.

Hamish Hansford

“We’ll be identifying the most important systems the government relies on at a Commonwealth level ….  and bringing them together as a group to think about incident response and recovery plans.

“It’s important to treat them as separate entities but supply chains between government and infrastructure suppliers are inextricably intertwined, so that’s going to be a defining feature of the next couple of years.”

Focus areas

Another focus will be on building sovereign capabilities while bringing domestic and international strategy together, including the establishment of an expert team to assist Australia’s regional neighbours with cyber security.

The government is also working on getting baseline standards in place for connected devices, and looking at federated information sharing between sectors and industry, with the health sector a priority.

“The health sector has disaggregated, flat IT structures and we need to starting thinking about how we share information between hospitals, for example,” he said.

“In coming months you’ll see a particular program focused on health care.”

The government is also looking at measures to improve threat blocking by banks and major telcos, and has established an executive cyber council consisting of around 20 industry and government players to co-design a harmonised set of laws, and a single cyber incident reporting portal for business.

Our hypothesis is that every two years the environment will fundamentally change.

Hamish Hansford

Ms O’Neil also recently launched the government’s Act Now Stay Secure campaign, which is designed to lift cyber security awareness in the 25-50 age demographic, as well as the ‘over-confident’ 18-25s.

Mr Hansford said the government is working on the assumption that the threat environment will continue to evolve every two years.

“The strategy is accompanied by a two-year action plan,” he said. “Our hypothesis is every two years… the environment will fundamentally change, and so will the plan.”

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Related stories

TAGS

Leave a comment:

Your email address will not be published. All fields are required