Cyber Security Should Be A Mandatory Requirement

Uploaded on 2020-09-17 in GOVERNMENT-National, FREE TO VIEW

The role of Government  in cyber security is growing as the global demand and dependency on the Internet and Internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.  

The process most governments use when creating regulations and laws encourages debate, argument, the careful examination of all sides of an issue, and the development of bartered consensus between groups with differing needs and opinions.  This model has been very successful at promoting economic success, however, it is less effective at regulating highly dynamic issues like cybersecurity.  

Networks, devices, applications, and services are changing at an exponential rate.Users and organisations are wrestling with threats on devices that didn’t even exist 18 months ago and trying to codify cybersecurity regulations is aiming at a moving target. In western democracies, the last 20 years have been characterised by wide-scale deregulation and privatisation, with much national critical infrastructure, in sectors such as energy, transport, finance and medicine, now in the hands of the private sector. 

Adversaries constantly target these critical infrastructure sectors, with security threats potentially causing both cascading and crippling effects regionally, nationally, and even internationally, as a result of the increased interconnectedness and interdependency in our society. 

Cyber security should be a mandatory government procurement requirement to create an industry-wide standard and lift cyber resilience across the economy, according to a significant new report.

The report, commissioned by the Australian Strategic Policy Institute (ASPI), calls for federal and state governments to strategically use their $20 billion annual technology expenditure to create a effective benchmark for improved cyber security and hardened supply chains. 

The Report recommends unification of standards; a sandbox or testing environment to enable small business to test and certify their offerings; the adoption of cyber insurance; and the building of sovereign capability by encouraging Australian providers. "Australian governments are the nation's largest spenders on ICT, Information and Communications Technology, but they're failing to maximise the leverage that market power gives them to drive improved cyber security and more secure supply chains," it concludes.

Wanted: A Strategic Approach

The ASPI report highlights the multiple standards different agencies use and the lack of a national strategic approach to public sector cyber practices. "Current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach," it says. 

The report recommends the current array of supplier standards be simplified to a single set that enables suppliers to provide multiple levels that can be used for different risk levels and allows suppliers to demonstrate progress and enhanced levels of security.

On testing and certification, the report says a quick win would be to set up a centralised library of evaluations conducted by individual departments, so other departments can reuse work already done.Requiring providers to have mandatory cyber insurance would ensure security risks are effectively factored into supplier quotes. This would be similar to the current requirements government have for suppliers to have liability insurance.

Publication of the ASPI report coincides with a significant new investments in national cyber security by the Australian Government following a barrage of state-sponsored attacks on business and other infrastructure, which are widely attributed to China. 

Channel News:   Australian Financial Review:     McKinsey:         FireEye:     Information Commissioner:      Fortinet

You Might Also Read:

Wanted: International Cyber Standards:

 

« Latest Cyber Security Threats & Trends: 2020 In Review
A Hospital Hack Caused A Patient To Die »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.