The cross-border nature of data and increasing globalisation demand that Australia has a cyber-engagement strategy that is international in nature and aligns with our key trading partners.
That’s the view put by the peak telecommunications industry group, Communications Alliance, in a submission to the Department of Foreign Affairs and Trade as the federal government considers development of Australia’s inaugural international cyber engagement strategy.
CA says that as owners and operators of the underlying infrastructures, the telecommunications and IT industries have a strong interest in the development of an effective and coherent international cyber engagement strategy for Australia.
“It is the cross-border nature of computer systems and the ease of data transfer globally that necessarily make any viable cyber strategy an international affair, especially for open economies that rely on international trade and relationships for the running of their economies and their national security,” CA says in its submission.
{loadposition peter}“Therefore, it appears that individual elements of a cyber engagement strategy, including those pertaining to cyber security — such as the Telecommunications Security Sector Reform (TSSR), data retention legislation as well as copyright and website blocking legislation — ought to flow out of an international strategy that takes into account and attempts to align with the approaches taken by Australia’s key trading partners where feasible.”
CA has told DFAT that it considers that there are two specific outcomes that an international cyber engagement strategy should seek to deliver:
- Increased cyber literacy especially in our key trading partner countries; and
- Improved international coordination and development of effective enforcement mechanisms at an international level.
According to CA, the Australian cyber security landscape is characterised by a wide diversity of government departments and agencies with “partly overlapping and intersecting interest in or portfolio responsibilities relating to cyber security”.
“These departments/agencies address a multitude of different stakeholders, e.g. telecommunications network operators, businesses across all sectors, the general public.
“It appears that a better understanding of the precise roles and responsibilities of each of those, improved co-ordination of the current spread of agencies and programme — and the creation of a single national point of access to government’s cyber security agencies — would be likely to increase efficiencies and to deliver a clearer message to all stakeholders.”
But, CA warns that it is also likely that the current cyber security landscape may make the pursuit of a unified and effective overall cyber strategy on a national level rather difficult and is likely to “even more impede the development and effective and efficient execution of an international cyber engagement strategy”.
“It is important to ask which other areas of responsibility in the field of cyber engagement (other than cyber security) government, industry, academia and other stakeholders ought to address to fully harness the advantages of the cyber space to Australia’s (and global) advantage,” CA says.
“For example, the international harmonisation of data and privacy laws, the development/fostering of open technological standards and a coherent (and timely) approach to the proliferation of the internet of things (IoT) immediately come to mind in this context.”
Cyber literacy is raised by CA in its submission as a key imperative in developing Australia’s national cyber engagement policies.
“Importantly, any cyber framework ought to centre around the creation of a cyber literate nation," it says.
“Individuals and businesses alike must understand the continuously changing requirements of the cyber world and adopt cyber security measures as part of their daily routine, lifestyle and business practices.
“Equally, industry and academia must ensure that cyber specialist resources are meeting national demand (in quality and quantity).”
CA also says it is essential that individuals, and particularly small businesses, are being educated on the basics of IT functionality and security.
“A concerted coordinated effort is required to achieve high levels of awareness, education and implementation of security measures.
“Industry contends that the diverse array of education and awareness initiatives across federal and state agencies is not conducive to achieving this aim."