Australia is set to enhance its cybersecurity framework in response to recent widespread cyberattacks. The government has released its 2023–2030 Cyber Security Strategy, aiming to position Australia among the top cyber-secure nations by 2030. This follows Australia’s recognition as the fifth-most powerful cyber nation in a 2022 Harvard University report.

Here are the key takeaways:

Protection measures: The strategy focuses on protecting Australians, businesses, and organizations, especially in light of recent cyber incidents like the Medibank and Optus data breaches. It emphasizes resilience against ransomware, securing customer data, and engaging international partners for threat intelligence.

A significant budget of $586.9 million is allocated for this strategy, supplementing the $2.3 billion already committed to existing cyber initiatives. Major investments include $290.8 million for business and citizen protection and $143.6 million for critical infrastructure security.

Digital identity and ransomware: The strategy includes expanding the Digital ID program and addressing ransomware, a major threat costing Australia up to $3 billion annually. A ransomware playbook and a no-fault ransomware reporting scheme are planned, alongside discouraging ransom payments.

A potential ban on ransom payments is being considered, though it raises concerns about businesses’ ability to recover data and the possible increase in cyberattacks in anticipation of the ban.

Smart device standards: Mandatory cyber security standards for consumer smart devices and voluntary labeling and coding schemes are proposed. These aim to inform consumers about device security, though their impact may vary given their voluntary nature.

Implementation challenges: The strategy’s success hinges on overcoming challenges like evolving cyber threats, balancing privacy and security, and addressing the lack of detail in some initiatives. Effective implementation will require stakeholder cooperation and an inclusive approach.

The government plans to release a Consultation Paper to collaborate with industry on legislative reforms, focusing on new initiatives to fill current legal gaps and amendments to the Security of Critical Infrastructure Act 2018 to enhance protections for critical infrastructure.