Cyber Security Should Be A Mandatory Requirement

Uploaded on 2020-09-17 in GOVERNMENT-National, FREE TO VIEW

The role of Government  in cyber security is growing as the global demand and dependency on the Internet and Internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.  

The process most governments use when creating regulations and laws encourages debate, argument, the careful examination of all sides of an issue, and the development of bartered consensus between groups with differing needs and opinions.  This model has been very successful at promoting economic success, however, it is less effective at regulating highly dynamic issues like cybersecurity.  

Networks, devices, applications, and services are changing at an exponential rate.Users and organisations are wrestling with threats on devices that didn’t even exist 18 months ago and trying to codify cybersecurity regulations is aiming at a moving target. In western democracies, the last 20 years have been characterised by wide-scale deregulation and privatisation, with much national critical infrastructure, in sectors such as energy, transport, finance and medicine, now in the hands of the private sector. 

Adversaries constantly target these critical infrastructure sectors, with security threats potentially causing both cascading and crippling effects regionally, nationally, and even internationally, as a result of the increased interconnectedness and interdependency in our society. 

Cyber security should be a mandatory government procurement requirement to create an industry-wide standard and lift cyber resilience across the economy, according to a significant new report.

The report, commissioned by the Australian Strategic Policy Institute (ASPI), calls for federal and state governments to strategically use their $20 billion annual technology expenditure to create a effective benchmark for improved cyber security and hardened supply chains. 

The Report recommends unification of standards; a sandbox or testing environment to enable small business to test and certify their offerings; the adoption of cyber insurance; and the building of sovereign capability by encouraging Australian providers. "Australian governments are the nation's largest spenders on ICT, Information and Communications Technology, but they're failing to maximise the leverage that market power gives them to drive improved cyber security and more secure supply chains," it concludes.

Wanted: A Strategic Approach

The ASPI report highlights the multiple standards different agencies use and the lack of a national strategic approach to public sector cyber practices. "Current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach," it says. 

The report recommends the current array of supplier standards be simplified to a single set that enables suppliers to provide multiple levels that can be used for different risk levels and allows suppliers to demonstrate progress and enhanced levels of security.

On testing and certification, the report says a quick win would be to set up a centralised library of evaluations conducted by individual departments, so other departments can reuse work already done.Requiring providers to have mandatory cyber insurance would ensure security risks are effectively factored into supplier quotes. This would be similar to the current requirements government have for suppliers to have liability insurance.

Publication of the ASPI report coincides with a significant new investments in national cyber security by the Australian Government following a barrage of state-sponsored attacks on business and other infrastructure, which are widely attributed to China. 

Channel News:   Australian Financial Review:     McKinsey:         FireEye:     Information Commissioner:      Fortinet

You Might Also Read:

Wanted: International Cyber Standards:

 

« Latest Cyber Security Threats & Trends: 2020 In Review
A Hospital Hack Caused A Patient To Die »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Red Snapper Recruitment

Red Snapper Recruitment

Red Snapper Recruitment is a market leading staffing services provider to the law enforcement, cyber security, offender supervision and regulatory services markets.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Nasuni

Nasuni

The Nasuni File Data Platform offers the protection, detection, and recovery of file shares from ransomware attacks or random disasters within minutes.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.