Cyber Security Should Be A Mandatory Requirement

The role of Government  in cyber security is growing as the global demand and dependency on the Internet and Internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.  

The process most governments use when creating regulations and laws encourages debate, argument, the careful examination of all sides of an issue, and the development of bartered consensus between groups with differing needs and opinions.  This model has been very successful at promoting economic success, however, it is less effective at regulating highly dynamic issues like cybersecurity.  

Networks, devices, applications, and services are changing at an exponential rate.Users and organisations are wrestling with threats on devices that didn’t even exist 18 months ago and trying to codify cybersecurity regulations is aiming at a moving target. In western democracies, the last 20 years have been characterised by wide-scale deregulation and privatisation, with much national critical infrastructure, in sectors such as energy, transport, finance and medicine, now in the hands of the private sector. 

Adversaries constantly target these critical infrastructure sectors, with security threats potentially causing both cascading and crippling effects regionally, nationally, and even internationally, as a result of the increased interconnectedness and interdependency in our society. 

Cyber security should be a mandatory government procurement requirement to create an industry-wide standard and lift cyber resilience across the economy, according to a significant new report.

The report, commissioned by the Australian Strategic Policy Institute (ASPI), calls for federal and state governments to strategically use their $20 billion annual technology expenditure to create a effective benchmark for improved cyber security and hardened supply chains. 

The Report recommends unification of standards; a sandbox or testing environment to enable small business to test and certify their offerings; the adoption of cyber insurance; and the building of sovereign capability by encouraging Australian providers. "Australian governments are the nation's largest spenders on ICT, Information and Communications Technology, but they're failing to maximise the leverage that market power gives them to drive improved cyber security and more secure supply chains," it concludes.

Wanted: A Strategic Approach

The ASPI report highlights the multiple standards different agencies use and the lack of a national strategic approach to public sector cyber practices. "Current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach," it says. 

The report recommends the current array of supplier standards be simplified to a single set that enables suppliers to provide multiple levels that can be used for different risk levels and allows suppliers to demonstrate progress and enhanced levels of security.

On testing and certification, the report says a quick win would be to set up a centralised library of evaluations conducted by individual departments, so other departments can reuse work already done.Requiring providers to have mandatory cyber insurance would ensure security risks are effectively factored into supplier quotes. This would be similar to the current requirements government have for suppliers to have liability insurance.

Publication of the ASPI report coincides with a significant new investments in national cyber security by the Australian Government following a barrage of state-sponsored attacks on business and other infrastructure, which are widely attributed to China. 

Channel News:   Australian Financial Review:     McKinsey:         FireEye:     Information Commissioner:      Fortinet

You Might Also Read:

Wanted: International Cyber Standards:

 

« Latest Cyber Security Threats & Trends: 2020 In Review
A Hospital Hack Caused A Patient To Die »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.