Complete cyber security cannot be achieved

Published at Nov 1, 2019, in Ctrl Alt Del

“As a trusted global cyber nation Australia will need to maintain the highest of cyber security standards including the development of a top-class professional cyber security workforce and a comprehensive education program for its citizens.”

That is the opinion of Dr Jacqueline Craig FTSE, a former Chief of the Cyber Electronic Warfare Division of the Defence Science and Technology group.

This comes at a time when complete cyber security is deemed unachievable.

So what can be done?

Focusing on Australia, the Australian Academy of Technology and Engineering to the Department of Home Affairs has released Australia’s 2020 Cyber Security Strategy – A call for views.

The strategy focuses on resilience: Australia must focus on achieving cyber resilience, which is the ability to continue operating in the face of a cyber attack.

That’s part of the advice provided by Craig, who said the increased dependence on connected systems put Australia at higher risk of cyber threats.

“Australia must develop strong cyber security systems and measures by playing a leading role in the development of cyber technology and its application in business, industry, government and society. Cyber security must be positioned as an enabler for our digital future.

“The Academy believes that complete cyber security cannot be achieved, and Australia must focus on achieving cyber resilience, which is the ability to continue operating in the face of a cyber attack.

“That involves understanding critical dependencies and system vulnerabilities that are key to achieving cyber resilience,” Dr Craig said.

The Academy recommends that:

  • The Federal Government seeks to establish national cyber security standards which are developed by knowledgeable bodies and technical experts
  • The Federal Government establish regulations regarding the liability of providers of cyber goods and services for data security and privacy
  • The 2020 Cyber Security Strategy have a more proactive rather than reactive approach, with a view for managing future and emerging vulnerabilities and threats associated with emerging technologies such as the Internet of Things
  • Priority action is taken by Government and education bodies to increase the number of high-quality cyber professionals in Australia and to ensure that cyber security is a common thread through all science and technology courses

Dr Craig said: “Emphasis on cyber security will be on proactive, rather than reactive, approaches, and will include: techniques for predicting likely threats and vulnerabilities; tools and techniques for achieving real-time comprehensive cyber situational awareness; and methods for ensuring business continuity in the face of cyber attack.

“New technologies such as big data and autonomous and cognitive systems based on Artificial Intelligence will play a central part in this.”

Scientia Professor Gernot Heiser FTSE, an Academy Fellow and researcher at UNSW Sydney, said: “The Academy recommends the establishment of a ‘trusted partner’ status for suppliers who adhere to defined standards, and the establishment of regulations ensuring the liability of providers of cyber goods and services for data security and privacy.

“We also think that in order to ensure growth of the cyber insurance market, the Government must establish clear liability of providers of cyber goods and services for data security and privacy.”

The Australian Academy of Technology and Engineering is a Learned Academy operating as an independent, non-political and expert think tank that helps Australians understand and use technology to solve complex problems. atse.org.au

S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.

Conflict of Interest Notice

S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.

Publishers Notice

The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.

Thanks for subscribing!

X