Complete cyber security cannot be achieved
“As a trusted global cyber nation Australia will need to maintain the highest of cyber security standards including the development of a top-class professional cyber security workforce and a comprehensive education program for its citizens.”
That is the opinion of Dr Jacqueline Craig FTSE, a former Chief of the Cyber Electronic Warfare Division of the Defence Science and Technology group.
This comes at a time when complete cyber security is deemed unachievable.
So what can be done?
Focusing on Australia, the Australian Academy of Technology and Engineering to the Department of Home Affairs has released Australia’s 2020 Cyber Security Strategy – A call for views.
The strategy focuses on resilience: Australia must focus on achieving cyber resilience, which is the ability to continue operating in the face of a cyber attack.
That’s part of the advice provided by Craig, who said the increased dependence on connected systems put Australia at higher risk of cyber threats.
“Australia must develop strong cyber security systems and measures by playing a leading role in the development of cyber technology and its application in business, industry, government and society. Cyber security must be positioned as an enabler for our digital future.
“The Academy believes that complete cyber security cannot be achieved, and Australia must focus on achieving cyber resilience, which is the ability to continue operating in the face of a cyber attack.
“That involves understanding critical dependencies and system vulnerabilities that are key to achieving cyber resilience,” Dr Craig said.
The Academy recommends that:
- The Federal Government seeks to establish national cyber security standards which are developed by knowledgeable bodies and technical experts
- The Federal Government establish regulations regarding the liability of providers of cyber goods and services for data security and privacy
- The 2020 Cyber Security Strategy have a more proactive rather than reactive approach, with a view for managing future and emerging vulnerabilities and threats associated with emerging technologies such as the Internet of Things
- Priority action is taken by Government and education bodies to increase the number of high-quality cyber professionals in Australia and to ensure that cyber security is a common thread through all science and technology courses
Dr Craig said: “Emphasis on cyber security will be on proactive, rather than reactive, approaches, and will include: techniques for predicting likely threats and vulnerabilities; tools and techniques for achieving real-time comprehensive cyber situational awareness; and methods for ensuring business continuity in the face of cyber attack.
“New technologies such as big data and autonomous and cognitive systems based on Artificial Intelligence will play a central part in this.”
Scientia Professor Gernot Heiser FTSE, an Academy Fellow and researcher at UNSW Sydney, said: “The Academy recommends the establishment of a ‘trusted partner’ status for suppliers who adhere to defined standards, and the establishment of regulations ensuring the liability of providers of cyber goods and services for data security and privacy.
“We also think that in order to ensure growth of the cyber insurance market, the Government must establish clear liability of providers of cyber goods and services for data security and privacy.”
The Australian Academy of Technology and Engineering is a Learned Academy operating as an independent, non-political and expert think tank that helps Australians understand and use technology to solve complex problems. atse.org.au